Design And Implementation Of Low-rate Denial-of-service Attack Detection System In SDN

SDN(Software Defined Network)is a new type of network architecture.Compared with the traditional network architecture,SDN separates the control plane from the data plane,allowing switches to focus on data forwarding,which brings a series of advantages.However,the security risks of its architecture have also become the target of attackers.The DDoS attack is a common form of attack in SDN,which brings great security risks to SDN.Unlike traditional DDoS attacks,low-rate denial-of-service attacks against the SDN data plane do not send a large number of data packets in a short period of time,take the data plane as its target,and slowly increase the number of flow entries in the switch to make the switch The flow table is saturated.This kind of attack is more stealthy,so its detection and defense are very important.According to the above,this thesis studies the detection of this low-rate attack,proposes a low-rate attack detection method using entropy value,designs and implements a low-rate denial-of-service attack detection system in SDN.The main work is as follows:(1)A new low-rate attack detection method using entropy is proposed.The existing method of using entropy to detect attacks in SDN is to use packet-in messages to calculate,this method is not suitable for low-rate attacks on the data plane,because within a window,the number of packet-in messages generated by the attacker is not a prominent proportion of the whole.The method proposed in this thesis is to use the increment of the number of flow entries of the host to detect the attack,and to count the entropy value of the increment of the flow entry of the host in a sliding window to detect the attack.Experiments show that the method in this thesis has high accuracy and F1 value in detecting low-rate attacks,and compared with the existing entropy calculation methods,the method in this thesis can better distinguish the normal situation from the attack situation.Machine learning-based methods have the advantage of being lightweight.(2)A low-rate denial-of-service attack detection system in SDN is designed.The architecture of the system is divided into interaction layer,service layer,data layer,application layer,control layer,and hardware layer.The interaction layer is used by users,the service layer provides service support,the data layer stores data,and the application layer,control layer,and hardware layer are the application plane,control plane,and data plane of SDN,the application layer realizes the detection and defense functions of low-rate attacks and DDoS attacks,and the control layer and hardware layer construct the network topology and realize the normal communication of the network.(3)According to the above design scheme,a low-rate denial-of-service attack detection system in SDN is implemented.The system is oriented to security personnel in the form of Web pages,helping security personnel to monitor the current network status in real-time and whether there are low-rate attacks and DDoS attacks.If an attack is detected,the system adopts different defense measures to deal with the attacker.In addition,security managers can also view and manage attack information and user information.Finally,the SDN network based on the system is realized by Mininet and Ryu controller.