Research On The Design Of DDoS Defense System And The Load Balancing Strategy In SDN

The Internet industry has maintained a strong momentum of development.With the expansion of the network scale and the increase of new types of network services,people have put forward higher requirements for the quality of information transmission and security of the network.Due to the various network protocols and more complicated network architecture in traditional network,the network managers are unable to upgrade the existing networks to meet higher requirements.So it is necessary to seek new network architecture to improve the overall performance of the network and solve the bottleneck problem of current network performance.The software defined network(SDN),a new type of network architecture,has gained extensive attention from the academic and industry community.Now the developing SDN faces with the security issues and network congestion problems just like the traditional network.Thus in this paper,we focus on the network security and network congestion under the SDN architecture.The main research contents are as follows:(1)The SDN has the characteristic of separation of network control plane and data forwarding plane.In the SDN architecture,the network is centralized managed by the controller,and the controller makes decisions on the data forwarding.However,the data forwarding will be affected then resulting in the network paralysis when the controller is under attack.In this paper,for the distributed denial of service(DDoS)attacks on the controller,we propose a DDoS detection method based on Chi-square test.Experiments show that our method is easier to detect DDoS attacks and has higher detection sensitivity than the existing information entropy detection method.Basing on the detection method,we further add the detection trigger mechanism and the attack source screening mechanism,and a complete DDoS defense system is designed.This system can accurately detect DDoS attacks and effectively mitigate the impact of DDoS attacks.The research results have great significance for protecting the SDN network environment.(2)Due to the limitation of architecture in traditional network,it is difficult to realize link load balancing.But in the SDN architecture,the link load balancing policies can be deployed easily and flexibly.Thus we propose a link load balancing strategy under the SDN architecture.Based on the Technique for Order Preference by Similarity to an Ideal Solution(TOPSIS)algorithm,we add a link information measurement module and a load balancing module in the Floodlight controller.The link information measurement module is used to obtain the network link status information.The strategy will combine the real-time network status information with the TOPSIS algorithm,the best forwarding path will be chosen by making the multi-index comprehensive evaluation to the former K shortest paths.The experimental results show that the proposed algorithm can make the whole network traffic distribution more uniform,improve the bandwidth utilization,and reduce the end-to-end delay jitter and packet loss rate.So the network congestion will be effectively alleviated ultimately.The load balancing routing strategy based on TOPSIS algorithm not only considers the bandwidth,packet loss rate and delay,but also can set the corresponding weight ratio according to different services,so that the optimal path can be selected based on the service and the real-time status of link.For the first time,the TOPSIS algorithm is used to study the load balancing problem in SDN.This meaningful attempt can provide new ideas for traffic engineering and other issues encountered in the future development of SDN.