On The Research Of Edge-Cloud Synergy Integrated DDoS Attack Protection Method For Industrial Control System Based On SDN

With the widespread application of information technology in industrial control systems,especially the introduction of new technologies such as cloud computing and big data,industrial control systems are facing more and more complex information security issues.The original IT protection technology cannot meet the security requirements of industrial control systems.The control and forwarding separation and centralized management and control features of software-defined network provide a new solution for industrial control system security issues,but it also makes industrial control systems vulnerable to Distributed Denial of Service(DDoS)attacks.Based on the above analysis,a software-defined network-based industrial control system edge-cloud synergy DDoS attack protection framework is proposed.This framework combines the advantages of cloud computing and edge computing,using the cloud to perform accurate decision-making and the edge to response in real-time.On the basis of the framework,an edge-cloud synergy dynamic DDoS attack protection method composed of intrusion detection and intrusion response is proposed to achieve effective dynamic protection of the system.DDoS attack detection at the edge adopts a cross-plane collaborative detection method,which consists of coarse-grained detection based on information entropy in the softwaredefined network forwarding layer and fine-grained detection based on Back Propagation(BP)neural network in the application layer.In addition,the application layer deploys the switch and controller overload attack detection module to detect overload attacks generated by DDoS attacks,so as to realize the secure and reliable operation of the SDN network.Considering the problem of limited resources at the edge,this thesis put the BP neural network model in the cloud for training which process is optimized by Map Reduce improved by genetic algorithm and send the trained model to the edge.At the same time,the cloud collects global flow table information and uses the trained BP model for global detection.After detecting a DDoS attack,the edge performs port and address hopping to protect the network in time and the cloud performs attack source tracing,attack traffic filtering,and flow limiting measures to generate security policies and deliver them to the edge.Furthermore,considering the detection error at the edge and the delay of cloud policy transmission,there is still a large amount of attack traffic after the port and address hopping is executed in the network,and the edge executes load balancing algorithm to prevent overloading of switches and controllers and guarantee normal network communication,and finally realize the "global decision and real-time response" security protection of cloud and edge collaboration.Finally,based on the experimental platform of the dual-capacity water tank control system,the method proposed in this thesis is experimentally verified.The experimental results are analyzed from the two aspects of DDoS attack detection and response,and compared with the methods in other related documents to illustrate the effectiveness and superiority of this method.