Research On DDoS Attack Detection And Defense Based On In-band Telemetry In SDN

Software defined network is one of the directions of future network development.The structure of separation of control and forwarding can make the network architecture more flexible and open,which is suitable for data center,command center and other networks.Software defined network also faces the threat of network attacks.It is a key point of future network development to study the detection and defense of DDo S attacks in software defined network.With the development of software defined network,the data plane programmable technology appears.In the programmable data plane,the in band network telemetry technology can be realized,which provides a more fine-grained method for network state parameter measurement.Based on in-band telemetry technology,this paper studies the detection and defense of DDo S attacks in software defined networks.The main research contents of this paper include the following aspects:(1)Research on the process of obtaining network fine-grained parameters by in band telemetry technology.By studying a large number of domestic and foreign documents and open source technical documents,the data plane programmable technology and in-band network telemetry technology are analyzed;the characteristics of DDo S attack and the characteristics of real traffic are analyzed;the background traffic and DDo S attack traffic are simulated through experiments;according to the parameter data obtained by in band telemetry technology,the switch on the attack path will be determined by DDo S attack Performance impact.(2)Research on two-level attack detection algorithm based on super logarithm algorithm and SVM algorithm.By analyzing the characteristics of DDo S attack,the primary detection process based on super logarithm algorithm is designed according to the characteristics of attack forgery source IP,the features are extracted from the fine-grained parameters obtained from inband measurement,and the secondary detection process based on SVM algorithm is designed.The results show that compared with the entropy threshold method and KNN method,the detection method in this paper has higher accuracy and the lowest CPU consumption.(3)Research on DDo S attack defense methods.First,the advantages and disadvantages of the existing defense methods are analyzed.Then,based on the fine-grained data obtained by inband telemetry technology,the path classification attack traceback method based on improved k-means and the path iteration attack traceback method based on the information entropy of source IP are designed respectively from the aspects of the impact of DDo S on the switch performance on the link and the characteristics of DDo S attack forgery source IP,The results show that both methods can effectively trace to the source of attack,but the latter can trace to multiple attack sources at one time and the performance is less affected by network state fluctuation.In this paper,through simulation experiments,we verify the accuracy of the attack detection algorithm and the traceback defense method.In addition,this paper also involves the determination of the key parameters in the algorithm and proposes a self updating white list defense strategy.