Research On DDoS Attack Detection And Defense Method In SDN

Software Definite Network(SDN)is a new type of network architecture solution.Its innovation lies in decoupling the traditional closed network system into a control plane,a data plane,and an application plane.It logically implements centralized control and management of the network.It also has the characteristics of openness and programmability.Therefore,SDN is considered to represent the development trend of the network in the future.However,SDN still faces many security challenges.Currently,the number of insecure devices is huge.Distributed Denial of Service(DDoS)attacks are one of the major network security threats.This thesis focuses on the detection and defense of DDoS attacks in SDN.The research are developed as follows:Firstly,this thesis studies an improved DDoS detection method,using Renyi entropy and dynamic threshold to detect DDoS attacks.In the detection process,the algorithm extracts the features of the collected data packets and uses the Renyi extropy calculation window to estimate the entropy value.An exponentially weighted moving average algorithm is proposed to set dynamic threshold.Further,judging the status of DDoS attacks by comparing the entropy value and threshold value in the continuous window.Secondly,the defense algorithm of DDoS attacks is divided into two levels: intra-domain and inter-domain.For the domain,this thesis uses a source IP address reputation-based defense method.The control program counts information such as the source IP address of the data packet and the number of requests,and calculates the reputation value of each source IP.We add IP addresses with reputation values lower than the warning line to the blacklist,and issue Open Flow flow tables to prevent illegal data packets from being transmitted on the network.For interdomain,this thesis uses a blockchain-based collaborative defense method.Each autonomous domain can share the blacklist through the blockchain.The distributed architecture using blockchain technology not only guarantees the security of data,but also breaks the information barriers between autonomous domains.Information sharing can effectively reduce the security threats to each autonomous domain,and blocking the transmission of malicious traffic from the source of the attack can minimize the consumption of malicious traffic on the network caused by cross-domain forwarding.Experimental results show that the DDoS attack detection and defense scheme studied in this thesis can effectively detect and defend against DDoS attacks in time and effectively reduce the consumption of network resources.