DDoS Defense Method Based On Programmable Switch

With the development of the Internet and the increasing number of connected devices,DDoS has become one of the primary threats to network security.At present,the popular method of DDoS defenses is to pull the user traffic to the raffic scrubbing center,and realize the detection,identification,classification,and countermeasures of DDoS attacks by virtue of the high computing power of the huge service cluster and the widely deployed DDoS defense policy.Although this method is effective,it still has many disadvantages.The advent of programmable switches provides a new idea for DDoS defense.Firstly,the flexibility of configuration and update brought by programmable switches reduces the cost of development and production,thus reducing the service purchase cost of users.Secondly,by deploying a series of DDoS defense methods on a programmable switch,it avoids the extra cost of traffic traction and does not need to consider whether third-party service providers can be trusted,which not only protects users Qo S and Qo E but also protects users privacy security.In addition,the programmable switch is flexible in development and deployment.In the face of new DDoS attacks,the flexible switch can dynamically deploy new defense policies in a timely manner to avoid all kinds of disadvantages caused by the return to the factory update.This paper proposes a DDoS defense method suitable for programmable switches.This method realizes DDoS defense on a single resource-constrained device from the perspective of software and hardware combination,mainly including the following research contents:(1)Aiming at the problem that existing DDoS detection methods can not meet the real-time requirements of DDoS detection,this paper proposes an FPGA-accelerated quantized DDoS detection method,which is based on convolutional neural networks,flow-dimensional features are converted to a two-dimensional matrix as the input of the model,effectively avoiding the complicated feature engineering of traditional machine learning.In order to make the model more suitable for deployment on resource-constrained programmable switches and occupy fewer resources,at the expense of smaller accuracy,the method uses quantization technology to quantize the parameters of the model from 32 bit full-precision floating-point type to low-bit integer type and deploys it on top of the FPGA with the help of HLS.Experimental results show that the proposed DDoS detection method can identify DDoS traffic at a nanosecond level when the device resource consumption is small.(2)Aiming at the problem that the traditional DDoS classification algorithm only considers the single dimension of traffic,this paper proposes a lightweight DDoS classification method based on convolutional neural network that combines multi-dimensional features and channel-wise attention mechanism.the method uses depthwise separable convolution as the basic building block to reduce the model size,it takes the flow dimensional features and packet dimensional features as the inputs,and strengthens the contribution of different dimensional features to different DDoS attacks through the channel-wise attention mechanism.The experimental results show that only two basic blocks are needed to achieve 92.19% accuracy on 10 classification problems.Besides,aiming at the problem of wasting a lot of computing resources by deploying all DDoS defense strategies at the same time,this paper proposes a dynamic defense method,which deploys defense strategy based on the DDoS classification results.Experimental results show that this method is suitable for deployment on resource-constrained programmable switches.(3)Based on the above method,the prototype system of DDoS defense method suitable for programmable switches is designed and implemented.The overall framework of the prototype system is designed,and the design ideas and implementation ideas of the system are explained from the multi-dimensional feature extraction module,DDoS detection module,DDoS classification module,and defense dynamic deployment module.The experimental results show that the system has fast DDoS detection ability,efficient DDoS classification ability and accurate DDoS defense deployment ability under the condition of occupying system resources as little as possible.The system provides a real-time visual web interface,from a visual perspective,users can intuitively feel the basic information of the current network,DDoS detection and classification results,and deployed DDoS defense modules.