Research On DDoS Attack Detection And Defense Strategy Based On Machine Learning In SDN

With the more and more widespread application of Software Defined Network(SDN),SDN network is faced with the increasing risk of Distributed Denial of Service(DDo S)Attack.The attack brings huge load pressure and affects the normal network services.In severe cases,the entire SDN network may be paralyzed,resulting in property losses.Therefore,this thesis studies the problems of DDo S attack detection and defense in SDN network,so that SDN network has the ability to identify suspicious DDo S traffic,and then automatically defend against DDo S attack,and finally reduce the impact and harm of DDo S attack on SDN network.The main research contents of this thesis are as follows(1)Aiming at the problem of how to detect DDo S attack traffic in SDN network,a DDo S attack detection algorithm based on self-organizing mapping decision tree is proposed.The algorithm firstly constructs a two-dimensional neural network with the help of self-organizing mapping algorithm,and uses the network to train on the training data set to generate a data fitting network;then use the data fitting network to generate a data harmfulness network and a data rarity network respectively;Finally,the preliminary judgment results of the decision tree are modified by the data harmfulness network and the data rarity network to improve the overall performance of the detection algorithm.The performance analysis shows that the comprehensive detection performance of the proposed algorithm is better than the comparison algorithm.(2)Aiming at the problem of fast detection and defense of DDo S traffic attacks in SDN network,a DDo S attack detection and defense system is designed based on the Open Flow protocol,which includes three functions of data collection,attack detection and attack defense.Then in the attack defense section,a dynamic defense strategy is proposed to block DDo S attack traffic.Finally,based on the data plane programmable technology,the feature analysis of the data is moved from the SDN control plane to the data plane to realize the feature analysis and forwarding control of the data plane.The performance analysis shows that the improved system based on the programmable technology of the data plane has less impact on the network delay,and the communication traffic between the data plane and the control plane is also smaller;The strategy also has less impact on the overall connectivity of the network.(3)In order to verify the effect of the proposed DDo S attack detection algorithm and defense strategy,a SDN experimental network was built by using SDN physical switches,the DTSOM algorithm based DDo S detect function and the dynamic defense strategy-based DDo S defense function were implemented on the network.DDo S attack defense function.The experimental results show that when the DDo S attack detection and defense work normally,each terminal device in the network can communicate normally.When a DDo S attack occurs,the detection algorithm can correctly identify the attack traffic,and the defense strategy can locate the attack port and send the block flow table with timeout period which can dynamically block the attack source and successfully block the DDo S attack.