Research On DDoS Attack Detection And Defense Method Based On SDN Architecture In Cloud Environment

With the development of information technology,cloud computing has been applied to more and more fields,especially cloud services based on software-defined network(SDN)architecture,which have been favored by various fields.Distributed denial of service(DDoS)attacks are becoming more and more intense.The SDN network in the cloud environment has become an ideal target for DDoS attackers due to its high integration of resources.If there is no effective detection and defense means,the attack may cause the loss of data-transmission packets,network stalls,or even network breakdown and resource paralysis.On the basis of the characteristics of SDN in the cloud environment,this paper designs a detection and defense plan for the control plane and the data plane in case of DDoS attacks.The research content and the thesis innovation mainly include the following aspects:Firstly,analyze the characteristics and advantages of cloud computing and SDN networks,and analyze the security problems that arise in the case of DDoS attacks.Compare the methods of detecting and defending DDoS attacks under the traditional network conditions at home and abroad with those under the cloud environment based on the SDN network and discuss the shortcomings of these methods.Secondly,to solve the problem that the control plane of SDN network suffers from DDoS attacks in the cloud environment,a method of the detection and defense of DDoS attacks at the SDN control plane is designed.According to the characteristics of the DDoS attack controller,double detection and judgment are made by using the generation of the Packet?in message and the Shannon entropy of the IP source address of the Packet?in message,so that the probability of false detection can be reduced.In order to make the threshold more accurate,a weight-based dynamic threshold acquisition method is adopted to make the detection result more accurate.For the defense of DDoS attacks at the control plane,a load-balancing strategy is designed to make full use of the spare resources of neighboring switches.When an attack is encountered,the attack data is dynamically allocated to each neighboring switch according to the load of each neighboring switch,so the attack is mitigated.The problem of insufficient bandwidth between the switch and the controller will be solved when it occurs.Thirdly,aiming at the problem of encountering DDoS attacks on the SDN network data level in the cloud environment,a method of the detection and defense of DDoS attacks at the SDN data level is designed.To make the detection more accurate,it is necessary to make full use of the characteristics of the SDN network,to analyze the characteristic value,and to use the switch Flow Entry survival time and the introduced statistical deviation rate formula to calculate the deviation value of the packet within ?t and to double judge whether the attack exists.Due to the characteristics of the SDN network,the long-occupied Flow Entry was deleted after a related strategy had been issued,and the attacking In?port was closed at the same time,so the quick completion of defense was realized.Most of the current SDN detection methods do not cover the detection of the target host in the data plane.Innovatively use the characteristics of the attack data packet and the source IP,therefore establishing the standard deviation of the data packet size and the threshold to compare,and the number of IP and data packet.The double size judges whether the attack occurs,and thus the detection purpose is achieved.For the defense of the target host,if a DDoS attack occurs,the problematic port of the victim host will be closed,and the controller will issue a blocking strategy to achieve the purpose of defense.