Research On DDoS Attack Detection And Defense Method In SDN Architecture

With the rapid expansion of internet resources and services,traditional network architecture has gradually revealed its limitations in meeting high-quality network requirements.This has led to higher requirements for network architecture,which must have greater scalability and customization ability to adapt to increasing data traffic and increasingly complex network topology structure.Therefore,researchers constantly design new network architectures,and SDN has become a more robust and secure solution.The centralized controller in SDN has a global network view,where the separation of control plane and data plane provides stronger management and analysis ability,better control ability,and more flexible dynamic update ability.Although SDN is a more secure network architecture compared to traditional IP-based networks,it is also easily vulnerable to various types of network attacks,among which distributed denial of service(DDoS)attacks are a significant threat to SDN security.Based on this,this paper has carried out the following work:1.This paper briefly explores the SDN network architecture and related network technologies,and focuses on discussing the security issues faced by SDN network architecture.In light of the importance and necessity of detecting and defending against DDoS attacks in SDN networks,this paper summarizes and analyzes the existing research methods for DDoS attack detection and defense.Based on this,it also elaborates on the severe challenges faced in detecting and defending against DDoS attacks in SDN networks,and proposes corresponding ideas and directions,providing reference for selecting appropriate DDoS attack detection and defense methods for this paper.2.By applying deep learning methods to SDN networks,this paper proposes a DDoS attack detection model centered around ACNNBi LSTM.By constructing data flows with spatiotemporal features,the model utilizes CNN neural networks for learning spatial features of traffic data,while Bi LSTM is used for learning temporal features of traffic data.Attention mechanism can help extract key information from the output of Bi LSTM,helping the model better understand the input data.Finally,simulation experiments and comparative experiments validate that the model can better detect abnormal network states compared to similar models.3.This paper considers the issue of DDoS attack defense and proposes a DDoS attack defense system centered around the traceback and mitigation modules.Firstly,the model utilizes the global management advantage of SDN controllers to construct a topology model of the current network.Secondly,considering the relatively easy localization of attacked host IPs and the need to trace multiple attack paths,the model uses a Gaussian mixture algorithm to reverse-locate attack paths from switches and ultimately identify attacked hosts.Then,based on the work of the previous step,a dynamic threshold mitigation scheme based on the ARIMA algorithm is proposed,which has better real-time prediction performance compared to other schemes based on time series prediction.Finally,a SDN simulation environment is set up for experimentation,which demonstrates the effectiveness of the attack defense system.