Research On DDoS Attack Detection And Defense Technology In Software-defined Networks

With the increase of network size and network services,traditional networks are facing more and more problems.For example,the traditional network protocols are complex,the new business is too slow on the line,and the adjustment of traffic paths is difficult.As a new generation of network architecture,SDN(Software Defined Network)opens up a new path for solving the problems faced by traditional networks.DDoS(Distributed Denial of Service)attack has always been an important issue that threatens network security.Multiple hosts distributed in the network simultaneously attack the target host and consume its resources,which makes it difficult for the target host to provide normal services and even crash.This dissertation mainly studys how to solve the problem of DDoS attack detection and defense by using SDN network in this dissertation.Finding malicious hosts,blocking malicious traffic has been the focus of DDoS attack defense research,this dissertation focuses on DDoS defense in the SDN network traceability methods.The specific work of this dissertation is as follows:1)I designed a dynamic monitoring module and classification detection module for detecting DDoS attacks under the SDN network in this dissertation.In this dissertation,I use the Packet-in message in OpenFlow protocol to make early warning of attacks.When the dynamic monitoring stage to find a suspicious host,the controller only by checking statistics in the switch for further judgment.In this dissertation,the use of Packet-in messages to monitor network tralffic,not only guarantees the real-time,but also avoids great impact on controller and network when controller polling switches statistics.In this dissertation,taking into account the characteristics of SDN and DDoS attacks,a flow-based feature set for classification is proposed.I use the random forest algorithm with high accuracy and can avoid over fitting to classify and detect.In this dissertation,the dynamic monitoring module and the classification detection module make full use of the global network topology information mastered by the SDN controller,reducing the scope of monitoring and detection.2)In this dissertation,I make full use of OpenFlow protocol and OpenFlow switch flow table structure,and propose a method of DDoS attack defense in SDN network.This dissertation DDoS attack defense,focusing on how to find a malicious host.In the search for r.lalicious hosts,this dissertation proposes three methods for tracing IP packets in SDN networks:Packet-in message-based source tracing,Flow-removed message-based source tracing and "first_DPID"-based source tracing.The first two methods use OpenFlow message source tocing,the last method by modifying the switch flow table structure tracing.In this dissertation,the advantages and disadvantages of these three methods are compared by theory and experiment.I implements DDoS attack detection and defense algorithm,and proves the validity of DDoS attack detection algorithm and defense algorithm through theory and experiment in this dissertation.