| Software Defined Networking(SDN)is a change to the traditional network,which can better face the complex network scenarios and meet the future network development needs.However,SDN faces many network security problems in the process of development,among which distributed denial of service(DDoS)attacks on SDN cause the most serious problem of communication paralysis.Therefore,accurate detection and effective mitigation measures for DDoS attacks in SDNs are essential.However,existing research work still suffers from the poor detection effect of some schemes in intra-domain detection,and most of the detection schemes do not consider inter-domain detection,which makes it difficult to interact with cross-domain detection information thus causing duplication and waste of detection resources.In this paper,we propose the following two innovative studies on how to detect DDoS attacks faced in SDN:(1)For the problem of unstable detection accuracy of the existing K-means algorithm-based detection scheme,an improved K-means algorithm detection scheme based on density selection and mutual information is proposed,which can well improve the stability and accuracy of detection results.The scheme optimizes the initial clustering center selection and uses mutual information as the data clustering scheme based on the density size of the attack data distribution,and also monitors and filters the traffic by s Flow and Packet filter to reduce the computational overhead of the scheme.Through a large number of experimental results show that the detection scheme maintains an average accuracy of more than 96%under different attack types and rates,while the detection scheme also maintains 5~6s from response to completion of mitigation,which well reduces the computational overhead.(2)In response to the shortcomings of the existing detection scheme that the detection accuracy is unstable due to the use of entropy detection alone and the difficulty of intra-domain detection information sharing to form a secondary defense,an inter-domain detection scheme based on hybrid entropy and smart contracts is proposed to improve the stability of detection and effectively prevent secondary attacks from causing losses again.The intra-domain detection scheme is mainly based on the use of mutual information,joint entropy and conditional entropy to form a hybrid entropy detection scheme to identify suspicious traffic,while the inter-domain detection is based on the design of corresponding smart contracts on the Ethernet platform to form a cross-domain attack information sharing mechanism.A large number of experimental results show that the intra-domain detection scheme proposed in this paper can effectively solve the instability of single-entropy detection under low-rate attacks,and can keep the detection accuracy between 70 and 80%,and up to98% under high-rate attacks.By forwarding the detection information between domains,the secondary attack defense can be completed within ten seconds,which reduces the computational overhead. |
PDF Full Text Request