Research On Attack Detection And Defense Based On Software-Defined Industrial Internet Of Things Architecture

With the rapid development of Industrial Internet of Things(IIo T)field in China,emerging technologies are deeply integrated with traditional industrial control systems,which puts forward higher requirements for network security work.Software-defined Industrial Internet of Things is the application of Software-Defined Networking(SDN)architecture to the IIo T,achieving flexible communication between industrial equipment and systems.However,while SDN technology efficiently manages networks,it also introduces some security threats.Due to the lack of sufficient security protection mechanisms,industrial equipment is susceptible to malicious application attacks.This paper conducts research on Distributed Denial-of-Service(DDoS)attacks,which are currently the main network attack activities.Due to the problem of fixed routing rules in the network environment of existing detection algorithms,DDoS attacks in the network may cause communication link congestion or even interruption,and fixed routing rules cannot flexibly schedule network resources and alleviate network conditions.At the same time,for the detection framework is directly deployed in the industrial system as a functional application,which needs to comprehensively consider system overhead and detection performance and fully monitor network traffic within limited system resources and operating time.Under consideration of this current situation,this article designs and implements an attack detection and defense system based on the Software-defined Industrial Internet of Things framework,providing new solutions to the problems such as fixed routing rules and security protection in the current Software-defined Industrial Internet of Things.The main contributions of this paper are as follows:(1)Based on the programmable characteristics of software-defined network,this paper proposes an attack detection system.The proposed detection system has three working states: normal,warning and mitigation.It can automatically switch the working state according to the detection results of the network system,effectively defend against DDoS attacks in the industrial network,and ensure normal industrial production.(2)Aiming at the problem of insufficient flexibility of routing rules under DDoS attacks,this paper designs a dynamic routing algorithm based on multi-attribute decision-making,which considers three attributes of network of switch flow table cache space,link delay,and port bandwidth,using subjective and objective weight analysis methodology combined with network real-time indicators and weight attributes to calculate the optimal forwarding path.(3)In order to balance the detection performance and system overhead,this paper designs a two-level DDoS detection framework based on entropy rate.The primary detection module uses the measurement index entropy rate,which maps different traffic indicators to the same dimension,which is suitable for multiple attack scenarios.At the same time,the dynamic threshold is used to judge the entropy rate and accommodate network traffic fluctuations.In the secondary detection module,the edge switch-based flow sampling is adopted to more clearly show the characteristics of attack traffic and reduce the number of interactions between the controller and the switch.Based on the results of the detection module,it quickly locate the attacking device and provide effective information for attack source tracing.(4)Based on the above-mentioned overall architecture and attack and defense scheme,this paper implements system construction and algorithm performance tests to ensure the detection algorithm’s effectiveness and availability.Functional verification and analysis on the corresponding modules such as dynamic routing,attack detection,and attack traceability are analyzed to show that the system achieves expected result.