Research On Abnormal Traffic Detection Mechanism Under SDN Architectur

Software Defined Networking(SDN)is a new type of network architecture.Its core idea is the separation of control and forwarding logic,and it has a more flexible management method than traditional networks.However,SDN faces many security problems,and Distributed Denial of Service(DDoS)attacks are a serious threat to SDN.How to deal with DDoS attacks under the SDN architecture is the main research content of this paper.This paper first studies the attack principle of DDoS attacks under SDN architecture.Combined with the current research status,the advantages and disadvantages of current detection methods in detection timeliness,detection cost and detection accuracy are analyzed.A passive detection mechanism based on switch anomaly analysis and an attack defense mechanism based on traceability model are proposed.This paper combines statistical analysis and machine learning methods,and divides the detection into two stages.In the pre-detection phase,the flow table space occupancy rate and flow entry change rate of the switch are recorded.Combining dynamic threshold method and Grubbs test method,analyze the distribution deviation between current data and historical data,and evaluate the abnormal condition of the switch.The pre-detection phase is based on the flow rule issuing mechanism of the Open Flow protocol,which basically does not generate communication overhead,and can judges the abnormal status of the switch in real time.In the flow identification stage,the controller collects the flow information of abnormal switches and constructs 7characteristics representing the attack,which are used as the input of the SVM classification model to further clarify the flow behavior.In the DDoS attack defense mechanism,starting from any abnormal switch,the attack traffic and forwarding port in the abnormal switch are determined based on the maximum probability model.Based on the global network view of SDN,it recursively finds all the switches used by the attack,and reconstructs the complete attack path.In order to verify the effectiveness of the detection mechanism,this paper conducts experiments on the Mininet platform to compare the performance of several commonly used machine learning classification algorithms and verify the effects of each module in the detection mechanism.Subsequently,it was compared with the active periodic detection mechanism in terms of detection timeliness and detection cost,and the effectiveness of the defense mechanism was verified.Experimental results show that the detection mechanism proposed in this paper has lower communication overhead,lower response delay and higher detection accuracy.Experimental results show that the detection mechanism proposed in this paper has lower communication overhead,response delay and higher detection accuracy.Subsequent defense mechanisms can quickly reconstruct attack paths and restore network services.The research in this paper helps to solve the difficult balance problem of traditional anomaly detection mechanism in detection cost,timeliness and accuracy,and can better deal with DDoS attacks in large-scale SDN networks.