Intent-driven DDoS Attack Detection Technology For SDN

With the increasing scale of the network and business needs,as well as the development of emerging technologies such as cloud computing and network virtualization,Software Defined Network(SDN),a new network architecture,has revolutionized the traditional network architecture by decoupling the data plane from the control plane to achieve centralized control of the network.With its flexible programmability,network managers can manage the network dynamically and conveniently.Therefore,SDN is considered to be the trend of future networks.Distributed Denial of Service Attack(DDoS Attack),a major means of disrupting Internet services,also poses a potential security threat to centrally controlled SDN architectures,preventing legitimate users from accessing services normally in the long term.Existing SDN-oriented attack detection techniques can only guarantee detection accuracy or fast response,but not both and targeted detection.Therefore,this paper introduces two new network architectures,Intent-Driven Network(IDN)and Autonomous Driving Network(ADN),to study the coarse and fine granular attack detection techniques for SDN-oriented DDoS to solve the above problems.Firstly,based on the concept of IDN and ADN,this paper proposes an intention-driven autonomous driving network architecture and clarifies the composition and implementation process of the architecture.The architecture can manage the network in real time and realize self-optimization of the network according to the service demand,and its closed-loop feedback structure also ensures a high degree of network autonomy and self-healing.This architecture makes the management and optimization of SDN architecture more secure and reliable.Secondly,for the problem of DDoS attacks in SDN,this paper proposes a DDoS detection architecture based on the proposed novel intent-driven autopilot network architecture.Under the premise of analyzing and identifying the attacker’s intention,the architecture uses a DDoS attack detection algorithm combining coarse and fine granularity to identify DDoS attacks in the network.The coarse-grained pre-detection module quickly detects abnormal network traffic based on the Renyi entropy calculation method by parsing the information features in Packet-In packets,and issues alert messages in a timely manner.After receiving the alert message,the fine-grained fine detection module achieves high-precision detection based on Back Propagation(BP)neural network by collecting switch flow table entries,traffic information and packet information.The proposed detection architecture achieves fast response,efficient processing and accurate identification of detection.Finally,this paper builds an SDN-oriented DDoS attack detection simulation platform based on Ryu and Mininet,and uses Mininet to design the network topology.An attack detection Application(APP)combining coarse and fine granularity is developed in the application layer of the Ryu controller to efficiently and accurately detect DDoS attacks based on the recognition of attack intent.The proposed scheme is also tested for functionality and performance.Simulation results show that the developed attack detection APP can quickly identify normal traffic and abnormal traffic,and efficiently and accurately identify the attack type and victim based on the identification of the attack intent.