Research On DDoS Attack In Software Defined Network Environment

Software Defined Network（SDN）,because of its unique advantages,has solved many problems existed in traditional network,and hence becomes a new network architecture,which attracted much attention and provided a new path for development of next generation of network technology.Characteristics of much high centralized control in SDN,however,resulted in vulnerable to security threats.Once the controller suffered to attacks,the whole network may be broken down due to the controller core position in SDN and its global view monitoring the whole network.The controller in SDN has hence already been attackers’ preferred target.Distributed Denial of Service（DDoS）attacks in all attacks to software definition network（SDN）have become the most important and destructive ones in SDN.How to defend against DDoS attacks effectively in SDN has become a hotspot in field of research and industry.The thesis focuses on security methods discussion and research in SDN environment.After a brief introduction on SDN architecture and security threats to SDN,for DDoS attacks in SDN architecture,methods investigation were given in the thesis as the following.First,the security model of network has important guiding significance to the design and application of security service framework.Under the overall framework of network security,this thesis compares and analyzes the security models of traditional network and SDN,and analyzes DDoS attacks under these two security models.Second,mechanism introduction was given on DDoS attack traffic based on traffic rules in SDN.The programmability of SDN makes possible to reprogram the flow table of Open Flow switch and modify the forwarding rules of the flow to deliver Do S attack traffic in small-scale networks,thus reducing probability of traffic SDN controller in main.The mechanism has,as the simulation results,high efficiency,low time cost,simple operation and easy deployment.Third,DDoS traffic classification method based on Light GBM algorithm in SDN.Key features in SDN are fast attack detection,high accuracy and low false positive rate,which are most important to solving DDoS attacks.Classification methods existing now of DDoS attack traffic have shortages of low classification accuracy and long cost time.Light GBM algorithm in integrated learning,in the thesis,was used to train DDoS traffic classification model through CSE-CIC-IDS2018,a public intrusion detection data set.The training model has been verified through classifying normal traffic and DDoS attack traffic.Light GBM algorithm performs compared with other algorithms,confirmed by experimental results,are much better in various classification evaluation indexes.