Research On DDoS Attack Detection And Defense Methods In The Environment Of Software Defined Internet Of Things

With the rapid development of IoT technology,its scope of applications are much wider,its security issues also become increasingly prominent,IoT devices with security vulnerabilities are more likely to be compromised by hackers than traditional networks,they organize botnets and launching DDoS attacks.Because of the SDN in network control and security management has successed,SD-IoT came out at the historic moment.SD-IoT can take advantage of its numerical control separation and flow table issuing operation mode to deploy the DDoS attack detection system,which was difficult to deploy and consumes much energy in the traditional Internet of Things,in the controller.The security issues of networking present major opportunities.The DDoS attack detection and defense methods under the existing software-defined IoT architecture were studied in this thesis.The main contents are as follows:(1)This thesis studies addresses the problem that the existing DDoS detection algorithm is not suitable for the SD-IoT environment,and a DDoS attack detection method based on the ELVR-Kmeans algorithm under the SD-IoT architecture was proposed.Firstly,the controller collects packet_in messages and flow table information from the OpenFlow switch,and then extracts and analyzes the DDoS attack traffic characteristics in the SD-IoT environment.Finally,the ELVR-Kmeans algorithm proposed in this paper is used to detect the "flow characteristics" of the network,thereby Determine whether there is a DDoS attack on the network.(2)Aiming at the defense problem of SD-IoT networks suffering from DDoS attacks,a DDoS attack traceability and defense method under SD-IoT architecture is proposed:TSD(Trust model-SOM Defender,Trust model-SOM defense)method.The TSD method consists of a traceability module and a defense module.The mechanism adopted by the traceability module is to use the T-SOM(Trust model-Self Organizing Map)algorithm proposed in this article to classify all nodes in the network according to the "node traffic characteristics".In this way,the hardware addresses of the DDoS attack nodes can be traced.The defense module uses the global topology view capability of the controller and the hardware address of the attacking nodes to find out the switches and number of port connected to the attacking nodes.The defense module performs ports ban and packet_in packets filter on the switches and port connected to the attacking nodes.(3)The effects of the attack detection methods and defense methods proposed in this article are tested through simulation experiments.Simulation results indicate that the DDoS attack detection method based on the ELVR-Kmeans algorithm has high detection rate and accuracy,lower error rate,and can better detect DDoS attacks in the SD-IoT environment;the traceability defense method TSD has high traceability accuracy.The link delay time is short,which can better trace the source of DDoS attack nodes in the SD-IoT environment and perform effective defense.Figure 21 table 13 reference 71...