Research On DDoS Attack Detection And Defense Mechanism Based On Deep Learning In SDN Architecture

With the continuous development of Internet technology and the advent of the 5G era,Internet terminal nodes and network traffic have exploded,and the network security risks faced by the Internet have also increased accordingly.Distributed Denial-of-Service(DDoS)attacks are one of the biggest security threats facing the network today.However,the current DDoS attack detection mechanisms generally have problems such as low detection accuracy and poor detection performance,and most mechanisms cannot identify the latest DDoS attacks.Software Defined Network(SDN)is an innovative network architecture design concept.Its fundamental feature is to separate the management and control functions of network element nodes from the forwarding and switching functions,and to converge the management and control functions of network element nodes.On the controller,the underlying switching device is responsible for the forwarding of data traffic according to the control instructions.However,the centralized control and management mode of SDN has become the target of DDoS attacks.As long as the core controller is attacked centrally,the entire network will face the risk of paralysis.In addition,the cost of DDoS attacks has been continuously reduced,the technology used to initiate attacks has been continuously upgraded,and the benefit chain of attacks has become more and more mature.It has become quite easy for attackers to launch DDoS attacks.However,the current defense measures against DDoS attacks are not effective.This paper mainly explores the detection and defense of DDoS attacks in the 5G-oriented SDN architecture,and proposes a DDoS attack detection method based on the deep learning two-level model CNN-LSTM in the SDN network,which can not only greatly improve the attack detection efficiency Accuracy,but also can reduce the network traffic classification detection time.The superiority of the proposed two-stage model CNN-LSTM is verified by experiments comparing its own single-stage CNN model and LSTM model,and the generalization ability of the model is verified through different datasets.After detecting a DDoS attack,in order to block the transmission of DDoS attack traffic in time and ensure the availability of network services,this paper proposes a DDoS attack detection and defense system architecture based on the deep learning two-level model CNNLSTM in SDN network.The composition and operation process of the preprocessing module,attack detection module and defense response module in the system architecture are emphatically explained.The ability of the attack detection and defense system architecture to detect DDoS attacks is verified by comparing the machine learning algorithm model with other deep learning models.The defense performance of the system architecture against DDoS attacks is verified by observing the changes in the number of data packets in the data plane of the victim host and the changes in the CPU utilization of the controller during the launch of different types of DDoS attacks during the entire experimental process of the attack.