Research On DDoS Attack With Learning Ability Detection In SDN Environment

The core idea of Software Defined Network(SDN)is to decouple the control plane and the data plane,endow the network with programmable capabilities.Its control forwarding feature realizes and enhances flexible control of network data packets.SDN is a new network architecture,and it is the main trend of future network development.The controller in SDN implements centralized control of the network.Due to the important function of centralized control,network attackers use this feature to launch attacks to the SDN controller,consuming SDN network resources,causing the network to become paralyzed and unable to respond to normal user requests.Distributed Denial of Service(DDoS)is one of the main security threats faced by SDN.The individuals or organizations that initiate the attack control a large number of Zombie hosts,and conduct high intensity and wide range attacks on the attack targets to achieve their objectives.Therefore,the security issue in SDN has become one of the current research topics.In the SDN environment,this paper studies DDoS attack detection and zombie host authentication with learning ability.In recent years,artificial intelligence technology has developed rapidly,and DDoS combined with artificial intelligence technology has evolved towards automation and intelligence.Attackers can use artificial intelligence technology to deepen their learning of network characteristic environments,constantly create new attack mechanisms,by independently evolve strong covert and effective attack methods,and further enhance the effect of distributed collaboration.Their attack methods have many different characteristics compared to traditional methods.Therefore,it is of great significance to analyze and research the detection and defense of intelligent DDoS attacks.This article studies a specific intelligent DDoS attack.First,analyzes its attack mechanism,then uses machine learning algorithms to achieve attack detection,and finally identifies zombie hosts with learning capabilities.The main contents are as follows:(1)Refer to the research and literature related to intelligent DDoS attacks,and elaborate and build a learning capable DDoS attack model in the SDN environment.In this intelligent attack model,attackers in SDN networks capture normal user data packets in the network.By forging attack data highly simulated with normal use data,the concealment of attack data packets is further enhanced.(2)Based on the analysis of learning capable DDoS attack mechanisms in SDN environments,an RF-SVM attack detection algorithm is proposed,which combines two models: Random Forest(RF)and Support Vector Machines(SVM).Firstly,the principle and mechanism of intelligent DDoS attacks are studied.Secondly,based on the current research on flow table feature extraction methods,using the Open Flow switch flow table entries in SDN to extract 5-dimensional feature vectors,which can further distinguish between normal packets and intelligent attack packets in the network.(3)After DDoS attacks occur in SDN networks,it is possible to identify existing bots in the network,laying the foundation for preventing and mitigating attacks in the network.In SDN,a zombie host authentication algorithm based on packet interference is proposed.By sending interference data packets that are somewhat different from normal data packets to the SDN network,the algorithm is used to affect the learning of zombie hosts,making the attack data packets constructed by zombie hosts differ after learning normal user data packets and interference data packets.On the other hand,normal hosts in the network do not have this learning ability,and zombie hosts have this learning ability.Finally,during analysis and detection,it is only necessary to analyze the packet characteristics of the host to be detected to determine whether it is a zombie host.During the experimental verification process,a simulated network environment was built under the SDN environment,and three performance indicators,such as detection accuracy and recall rate,were used to measure various machine learning detection models.The effectiveness of the learning capable DDoS attack detection algorithm and zombie host authentication algorithm based on RF-SVM was verified.From the analysis of experimental results,it can be seen that attack detection algorithms with learning ability can detect DDoS attacks of different intensities in SDN networks with high accuracy,and zombie host identification algorithms can effectively identify zombie hosts in different network scales.