| As a new network architecture,Software Defined Network(SDN)can manage the network uniformly,and its characteristics such as the separation of data plane and control plane also bring corresponding security problems.Although Distributed Denial of Service(DDoS)attacks have been on the stage of network security issues for a long time,they are still a major problem in today’s era of widespread network devices due to their low attack cost and high attack damage.The traditional Software Defined Network(SDN)architecture based on Open Flow protocol cannot realize the requirement of data plane programmability,so Programming Protocol-Independent Packet Processors(P4)technology is used to solve this problem,P4 technology to solve this problem and make the SDN architecture more flexible.In this thesis,we conduct a specific study on DDoS attack detection and defense problem in SDN environment using P4 programmable data plane technology,and the main work is as follows.(1)The traditional DDoS attack detection method in SDN requires high-frequency communication between the data plane and the control plane,which leads to significant delays and overheads,while the current programmable data plane syntax cannot implement machine-learning detection algorithms.A DDoS attack detection method based on P4 programmable data plane is proposed to address the above problems.Firstly,the P4-based improved information entropy is used for the initial inspection to determine whether the suspected attack traffic occurs;then,the six-tuple features of the suspected traffic are extracted and input to the Data Standardization-Deep Neural Network(DSDNN)by taking advantage of the microsecond-level time required for feature extraction in P4.Finally,the evaluation indexes of the method are tested by simulating the real network environment.The experimental results show that this method can detect DDoS attacks in SDN environment well,with the detection rate reaching 100%,the average accuracy rate and false alarm rate being 99.54% and 0% respectively,and the detection time being reduced to millisecond level.(2)For the problem of DDoS attack defense in SDN environment,a data plane P4-based DDoS attack defense method is proposed.First,after the attack is detected,the programmable switch starts the traceability mode and uses the in-band network telemetry(INT)technology to embed the source MAC address and other information into the data traffic,while the information statistics of the subsequent traffic are conducted and sent to the middleware with machine learning computing capability.Then,the middleware performs feature extraction of the statistical information and uses the Data Normalization Processing-Support Vector Machine(DN-SVM)traceability algorithm to find the MAC address of the attack source and send it to the control plane.Finally,the control plane sends custom filtering match-action rules to the programmable switch to filter the attack traffic.The experimental results show that this method can trace the source of attack traffic quickly and effectively.The F1 scores of four common attacks are all higher than99%,and the average tracing time is milliseconds.Besides,it can filter the attack traffic and ensure the normal communication of legitimate traffic.Figure 23 Table 13 Reference 59... |
PDF Full Text Request