Research And Implementation Of DDoS Attack Detection Method Based On Software Defined Network

The traditional network equipment configuration is complicated,the server scalability is poor,the network is crowded and so on the problem that it can not keep up with the free management,the efficient operation of the network update concept.Once the concept of Software Defined Network(SDN)was introduced,it caused a great stir in the industry because it broke the increasingly heavy and redundant operation mode of traditional distributed network.It creatively proposed the idea of centralized controller and numerical control decoupling.The centralized control layer enables the network administrator to detect the network status in real time flexibly and conveniently,deploy new network equipment and upgrade old network equipment more efficiently and quickly,and process all kinds of requests sent by users more quickly and centrally.Therefore,multiple network application scenarios such as data center network have joined the deployment and trial operation of SDN,and Internet companies such as Google and operators have begun to deploy SDN,which proves that this architecture significantly enhances network operation performance.Meanwhile,SDN is also one of the most widely discussed technologies in the upcoming 5G network.However,with the advantages of high flexibility of centralized controllers,the threat of single point of failure become a new problem.The failure caused by distributed denial of service(DDo S)destruction of the control plane will face local network downtime or even global network failure,which can be said to affect the whole body.Therefore,the research of DDo S attack detection in SDN controller security field is an necessary link that cannot be ignored in the research of SDN technology.This paper discusses the current research status at home and abroad.For a series of problems such as the use of DDo S to disable the SDN controller to achieve the purpose of threatening network security,Two schemes are proposed:(1)Feature weighted attack detection scheme based on support vector machine(SVM).The detection mechanism of this scheme is to collect the six-dimensional features related to attack traffic characteristics from the switch and give them weights,sort them according to the weights and screen out the redundant features that have no obvious help to classification,so as to get the optimal feature subset.This step is realized by the ID3 algorithm of random forest.Then the support vector machine algorithm trained the data sample set to obtain the optimal classification hyperplane,and predicted the classification label of the test sample.The positive and negative labels of the test samples were determined by the optimal classification hyperplane.Finally,the algorithm is deployed in the SDN scene,and the related experiments of DDo S attack detection are realized based on Flood Light controller.The results show that this scheme realizes the classification detection of abnormal intrusion traffic and normal traffic,and shows efficient,comprehensive and accurate detection effect in the scene of low noise mass data sets.(2)Feature weighted anomaly recognition and mitigation method based on K nearest neighbor(KNN).In view of the information gain tendency of random forest,the scheme selects attributes with more values,which leads to the problem of overfitting,and the noise resistance of random forest is poor in the scene of high noise data set.The information gain rate of C4.5 decision tree algorithm alleviates the overfitting problem of random forest and can achieve high accuracy of weighted algorithm.The K-nearest neighbor algorithm,due to its simplicity,shows good execution efficiency under nonmassive data sets and achieves high efficiency of the detection mechanism.So this chapter with C4.5 decision tree information gain ratio characteristics feature weights given strengths and weaknesses and the characteristics of selection,and then the feature subset of data sets using the K neighbor algorithm for training data and testing data point Euclidean distance,sorted by K before training data belongs to category of determine the type of test data,so as to improve the classification performance.Therefore,this algorithm has strong performance.At the same time,a new defense mechanism is added to the scheme,and the strategy of actively sending traffic items is adopted to filter malicious traffic,which effectively realizes the defense function.The simulation experiment proves that the DDo S attack detection method based on K nearest neighbor improves the detection accuracy,reduces the time complexity and effectively blocks the traffic of DDo S attack compared with the RFSVM method.In addition,the problem of overfitting in the data set with nonuniform distribution of feature values is avoided and the performance is good.