| Software Defined Network(SDN)is an innovative network that reduces operation and maintenance costs and improves network resource utilization.However,the decoupling of SDN network control and forwarding has also become the vulnerability of various network attacks,especially Distributed Denial of Service Attack(DDoS).Aiming at the DDoS attack against SDN data plane,we adopt the idea of ‘cross-layer coordination’ and propose a cross-plane DDoS attack defense method based on flow table features,which is mainly composed of two parts: detection method and filtering method.We deploy the lightweight detection method in data plane and deploy the fine-grained defense method in control plane,so that the switch can directly use the flow table information to detect,reducing the detection delay and the communication overhead caused by the frequent polling of controller.Aiming at the problems of long detection delay and high false alarm rate in flash crowd scenes with existing detection methods,we propose a detection method based on the three-dimensional entropy value of the flow table.The three-dimensional entropy value composed of source/destination IP address entropy,source/destination port entropy and packet size entropy detect the flow table of switch in real time.When detecting that the switch is under attack,the controller accesses the flow table information for attack filtering.Aiming at the problem of lack of effective filtering mechanism in existing defense methods,we propose a neural network-based attack filtering method.The controller extracts the four flow characteristics of relative dispersion of match bytes,matching packet number,flow duration and relative dispersion of idle_age,and then uses the back propagation classification model to accurately locate and filter the attack flow rules.The cross-plane defense method combines lightweight detection in the data plane with fine-grained defense in the control plane,which enables the network to defend against DDoS attacks in real time on the basis of lower computational consumption.The cross-plane defense method is verified under the Mininet experimental platform.Experiments show that,compared with other methods,the detection time of the threedimensional entropy detection method is reduced by 0.4s to 2.71 s,and the false alarm rate in the flash crowd scene is reduced by 0.4% to 2.71%.The detection rate of the classification filtering model is 99.4%,which is higher than other classification models.The overall CPU utilization of the cross-plane defense method is reduced by 5 to 15 percent compared to the other approaches,and the host connection rate is higher than other methods. |
