| With the development and popularity of computer networks,more and more network applications and network services are running on the Internet.While it is convenient for the public,this also gives cyber attackers an opportunity.The increased dependence of users on the network has led to a large increase in network equipment,making it easier for attackers to control enough bots to launch attacks on the network,so today's network se-curity threats are more troublesome.One of the more difficult attacks is distributed denial of attack(DDoS).This kind of attack has many forms of attacks,is harmful,and is diffi-cult to identify and defend.Due to the continuous development of SDN technology,new DDoS attack protection systems that combine the advantages of SDN centralized control are constantly being proposed.Although these methods have high accuracy in identifying some types of DDoS attacks,these models can identify fewer types of DDoS attacks,are not sensitive to the identification of new DDoS attacks,and consume a lot of resources in data collection.Therefore we propose an intelligent DDoS attack protection system.The system implements subscription notification model between controllers and switches by extending the Open Flow Protocol,and establishes an optimization model to achieve a low-load,low-latency traffic monitoring solution named Fast Monitor.For DDoS attacks,we proposes a attack detection algorithm called SC-VAE based on Variational Encoder(VAE)and Spectral Clustering.In order to alleviate the DDoS attack traffic,the protec-tion system establish an application flow classification model,and use Qo S methods to control flow speed,which can reduce the attack traffic the system will face.In addition,in order to evaluate the model,we build a simulation environment based on Mininet and NS3,and design different metrics system modules to evaluate its actual performance. |
PDF Full Text Request