Research And Application Of DDoS Attack Detection And Traceability Technology Based On SDN

Compared with the traditional network,the Software Defined Network(SDN)realizes the decoupling of the data layer and the control layer,which makes the network maintenance and policy making more flexible.With the development and application of cloud computing,as well as virtualization and other technologies,SDN is becoming more and more widely used.Distributed Denial of Service(DDoS)attack is one of the most serious attacks in network security,which often causes huge property losses.SDN will also face the threat of DDoS attacks.The controller of SDN can obtain the current network traffic and issue the policy to the switch in SDN.Although this approach enables the controller to manage the network more flexibly,the centralized management also means that the SDN controller is vulnerable to new security problems under DDoS attacks,such as "single point of failure" and so on.Therefore,it is of great significance to detect and trace DDoS attacks in the SDN network.Based on the research and analysis of the SDN architecture and the characteristics of DDoS attacks,this thesis focuses on a set of SDN attack detection and traceability system.The main work is as follows:(1)The detection strategy of DDoS attacks in the SDN network is studied.Based on Exponentially Weighted moving-average(EWMA)control chart,an adaptive traffic anomaly detection method based on a sliding window was designed.When the traffic is judged to be abnormal,the SDN controller will actively obtain the characteristics of the current network traffic and judge whether an attack has occurred through the Support Vector Machine(SVM)algorithm.Experimental results show that this method can save the CPU occupancy of SDN controller under normal traffic condition,and achieve high accuracy.(2)The traceability strategy of DDoS attacks on SDN network is studied.Based on the topology discovery principle of RYU controller and port forwarding statistics reflected by flow table entries in SDN switch,a single attack source traceability scheme is proposed.On the basis of single attack source traceability,K-means algorithm is used to extend the ability of single attack source traceability to multiple attack sources,and a multi-attack source traceability method is proposed.The SDN topology was simulated by Mininet,and RYU was used as the SDN controller to conduct experimental analysis on the traceability scheme mentioned above.The results show that the proposed traceability scheme is effective.