Research On DDoS Detection And Defense Scheme Based On Machine Learning In Software-Defined Networking

With the vigorous development of the Internet,various new network technologies have emerged in recent years.Such as 5G,Internet of Things,cloud computing,big data,etc.These new technologies also bring more complex and diverse network requirements.Traditional networks cannot meet these requirements well at this time.In order to solve many problems existing in the traditional network system,the concept of Software-Defined Networking(SDN)was proposed.SDN is a novel network architecture in which the data plane and the control plane are separated.SDN can flexibly configure the network.However,the introduction of SDN also brings many security risks,among which Distributed Denial of Service(DDoS)can cause great harm by exploiting the centralized characteristics of SDN control.It is great challenge to detect DDoS attacks which can paralyze the network.Therefore,this dissertation analyzes the SDN architecture and studies how to detect DDoS attacks and defend against these attacks.This dissertation introduces and analyzes DDoS attacks in SDN architecture,and two detection and defense schemes for the problems caused by DDoS attacks are proposed.(1)DDoS attack detection and defense scheme based on entropy.In the network environment of SDN,DDoS attack is a low-cost and high-harm attack method.A detection and defense scheme for DDoS attacks is proposed.This scheme first extracts the traffic characteristics in the network and calculates the corresponding entropy,and then uses the marked traffic to train the classification model to realize the identification of DDoS attacks.The classification model is constructed by a Support Vector Machine(SVM).When an attack DDoS is detected,the defense module will generate a defense flow entry based on the header information of the attack packet to filter the attack traffic.This solution can not only improve the detection accuracy of DDoS attacks,but also reduce the loss of normal traffic caused by DDoS attacks.(2)DDoS attack detection and defense scheme based on deep learning.Among the current detection and defense schemes for DDoS attacks,many schemes can only target specific types of DDoS attacks,and the built-in detection and defense system in the controller brings performance loss.This paper proposes a DDoS attack and defense scheme based on Gated Recurrent Unit(GRU).Through the training of the GRU model,many different classes of DDoS attacks can be identified.This solution deploys the attack detection module in a separate service and communicates with the controller through the northbound interface,which reduces the performance consumption of the controller while maintaining high detection accuracy.