| Software Defined Network(SDN)is a new generation of computer network architecture.By virtue of the separation of data forwarding and logic control,software-defined networks can respond to user requests more quickly than traditional networks.At the same time,the network programmable feature makes it easy to implement complex network functions such as load balancing.However,as the logic control function of the whole network is integrated in the logic control plane,the failure of this plane will affect the performance of the whole network,and in serious cases,the whole network will be paralyzed.Distributed Denial of Service(DDoS)attacks on controller have the characteristics of high frequency and serious impact on network performance.Therefore,it is necessary to study the detection and defense scheme of DDoS attack targeting the controller.At present,many DDoS attack detection schemes in SDN only select the content or time feature of network traffic,but ignore the spatial characteristics of network traffic.These schemes usually detect the accuracy is not high,easy to produce misjudgment.In addition,many schemes only provide the detection of DDoS attack,and do not give specific defense measures after the attack is detected.This paper studies the detection and defense scheme of DDoS attack in SDN with controller as the target.The spatial characteristics are considered when detecting the network traffic,and the defense flow entry is designed based on flow table data to protect against DDoS attack.The following results are obtained.(1)A DDoS attack detection and defense scheme based on spatio-temporal feature is proposed.Firstly,the spatiotemporal features of network traffic are extracted to form training samples,and then the detection model is trained with the training samples to realize the detection of DDoS attacks.The detection model is constructed by Convolutional Neural Networks(CNN)and Long Short-term Memory(LSTM).Finally,the defense module generates the defensive flow entry according to the flow table information of the Open Flow switch to block the attack traffic.Experimental results show that,compared with the contrast scheme,the detection accuracy of DDoS attack in this scheme is improved by 10%.The defense module can block the attack data accurately without affecting other applications.(2)A DDoS attack detection and defense scheme based on feature selection is designed.A feature selection algorithm is constructed to select the optimal feature subset from the original network traffic to distinguish the network traffic,and then GRU algorithm is used to detect the attack of the processed network traffic.Finally,the defense module processes the packets according to the protocol type and effectively filters out various types of DDoS attack packets before the attack traffic reaches the controller,so as to protect the controller resources.Experimental results show that this scheme can detect many types of DDoS attacks more accurately.The defense module can realize the defense against a variety of DDoS attacks. |