Research On DDoS Attack Detection And Protection Mechanism In SDN

Software Defined Networking(SDN)is a typical dynamic network architectures^[1].SDN realizes centralized control of network resources by decoupling the forwarding and control logic in traditional network architecture.This new network architecture is widely used in cloud data center.With the development and application of SDN technology,more and more attention has been paid to its security problems.Control-forward separation is one of the main features of SDN network.Attackers can use this feature to launch effective attacks and disable the controller.Distributed Denial of Service(DDoS)attack is one of the factors affecting network stability^[1].The prevalence of botnets further intensifies the concealment and harmfulness of DDoS attacks,so the research on detection technology and protection mechanism of DDoS attacks has always been a very important research topic in the field of network security.The centralized control mechanism of SDN will make the flood amount to any network can affect the normal operation of the whole network.Aiming at the characteristics of SDN architecture and DDoS attack,this paper firstly improves the detection mechanism of abnormal traffic under SDN architecture,and then analyzes and studies the attack traceability and attack mitigation.The specific work is as follows.Different from the traditional abnormal traffic detection method,which only monitors local links and network traffic,this paper analyzes the characteristics of DDoS attack and combines with the global characteristics of SDN,extracts 10features from the flow table items of Open Flow switch to form the feature vectors,so as to distinguish abnormal traffic from normal traffic.In order to improve the classification accuracy,this paper adjusts the weight adjustment strategy of Adaboost algorithm.We conducts training on the NSL-KDD dataset and then fine-tunes it on the SDN dataset.The experimental results show that the method in this paper can take the detection indexes such as accuracy,detection rate,precision rate and false positive rate into account.This paper analyzes the characteristics of attack tracing in traditional networks and applies the improved attack tracing algorithm to SDN.This attack tracing algorithm replaces less-used fields in the IP packet header with custom hash?id,edge,distance,and in?port fields.This algorithm is divided into packet marking process and path reconstruction process.This method will complete the reconstruction of the attack path through the network topology maintained by the SDN controller and the marking information in the packet.Based on the characteristics of SDN network architecture,this paper designs a DDoS attack mitigation method combining black and white list and speed limit mechanism.Finally,in order to verify the feasibility of the proposed DDoS attack detection and defense scheme,the proposed scheme was firstly designed and implemented based on the programmable API of the RYU controller,and then the Open Flow virtual network based on the RYU controller was created by the Mininet simulation platform for experimental verification.