Research On DDoS Attack Detection And Defense Method Based On XGBoost In SDN Network

In order to reduce the complexity of network management,Software Defined Net work(SDN)has been widely used in recent years as a new network management archi tecture that separates control and forwarding.In SDN networks,the existing Distribut ed Denial of Service(DDo S)attack detection and defense methods have problems suc h as data collection lag,relatively low detection accuracy,and inability to organize tim ely defense.Therefore,based on the programmable data plane data packet collection a nd analysis function provided by P4(Programming Protocol-Independent Packet Proc essors),this article designs a XGBoost-based DDo S attack detection and defense meth od in SDN networks.This method first builds a programmable SDN data plane in a cu stom way through P4,and directly collects and analyzes data packets in the SDN netw ork in real time from the data plane,and then on this basis:(1)Designed and implemented XGBoost-based DDo S attack detection—RT-XB method.The RT-XB method is based on the data packet information collected in real time.First,it analyzes the characteristics of the traffic changes in the network when the attack occurs,and extracts the characteristic vectors related to the attack to form a multidimensional attack characteristic vector as an indicator of DDo S attack detection;then construct it through XGBoost The classifier of SDN performs classification training and testing,thereby realizing timely detection of DDo S attack data packets in the SDN network.(2)Design and implement BF-based DDo S real-time defense—BF-defense method.The BF-defense method maps the characteristic information of the attacked data packet to the P4-BF constructed on the data plane in the form of a characteristic quintuple according to the detected abnormal data packet and its attack source information,and uses it as the attack judgment The basis for realizing the regeneration defense of the attack source data packet.Compared with the traditional defense method,the BF-defense defense method based on the data plane directly defends from the data plane,which is more real-time.Experimental results show that the method proposed in this thesis has the characteristics of strong real-time attack data collection,high detection efficiency,and controllable false positive rate.