The Research Of DDoS Attacks Defense Methods In Software-Defined Networking

DDoS attacks have become the one of the most stubborn problems threatening network security for many years due to their wide spread,high damage,simple implementation,and difficult to detection.However,due to the limitation of dtirbuted network,there are still many problems that are difficult to solve.The emergence and application of SDN,as a new architecture,has a great impact on DDo S attack defense,and provide a new direction.In this paper,based on the neural networks and statistical theories,two defense methods are firstly proposed for the source network and IPv6 network of SDN respectively.And then a dyamic defense method is proposed to cope with changing traffic.The details are as follows:1)Aiming at the problems of low deployment willingness,difficult to detection,and high false alarm rate in source-based defense against DDo S attacks,we proposed a detection method based on s Flow and SOM using the centralized control and global topology of SDN.This method uses s Flow to collect the traffic statistics in the entire network,and the controller analysis the information based on a feature named distribution collaboration degree to detect the occurrence of DDo S attacks,which is called marco-dection.A micro-detection based on SOM for dynamically generating detection model is used to recognize the attack flows.A rule merging algorithm based on the global view provided by SDN is used to execute the optimal response strategy.The proposed method is worked as the northbound application of SDN.It is lightweight and easy to deploy.Compared with traditional edge-based defense,this method can comprehensively perceive attacks in the domain,and the detection algorithm and response strategy can effectively reduce the false alarm rate and the impact on normal users.The experimental results show this method can achieve 95.41% detection rate,which means it is an effective source-based defense method.2)IPv6,as a new generation of IP protocol,is becoming more and more popular,and it will becom the main address in the SDN environment.However,the research of DDo S attack defense method is rare in this area,and the traditional solutinos also have many defects.Aiming at DDo S attacks initiated by ICMPv6 in IPv6 networks,a center verification mechanism based on SDN and a detection method based on ensemble learning(EL)are proposed in the SDN-enabled IPv6 environment.The former aims at NDP-Do S attacks and use the centralized control of SDN to verify the legitimacy of NDP packets in local area network,which is a preventive defense against Do S attacks and other attacks based on forged NDP packets.Compared with existing NDP protection mechanisms in traditional networks,this method does not require additional devices or new dedicated protocols,is easy to deploy and has strong scalability,and is completely transparent to the nodes in data plane.For the more general ICMPv6-DDo S attacks,an EL-based detection method is proposed using the IPv6 functions provide by SDN.It takes ICMPv6 flow as detection object according to the Open Flow,uses multi-dimensional flow features as model input,and use a MMEL algorithm to detect attacks.This algorithm can adaptively adjust the number of hidden layer neurons of every base learner and learn the optimal combination function based on LMS algorithm according to the training data to obtain a detection model with better generalization performance.The experimental results on the simple topology network prove the effectiveness of the SDN-based NDP verification mechanism.The experimental results on the synthetic data show that the MMEL-based detection method could achieve 98.7% accuracy.3)Aiming at the problem that the static detection methods against DDo S attacks are prone to be degraded or even invalid when the traffic becomes complex and variable,a dynamic detection method is porposed based on MLP model using feature selection and feedback in SDN.This method combines equential backward feature selection with MLP to propose a training algorithm that can select the optimal feature subset,and then introduces a feedback mechanism that can perceive the observable errors in detection.When the feedback value exceeds a preset threshold,the detection model is dynamically reconstructed according to the latest data to adapt to the changed traffic patterns.The experimental results based on multiple open data sets show that our method can effectively detect DDo S attacks,and has97.66% accuracy,94.88% detection rate and 0.62% false alrm rate.The experimental results also show that the feedback mechanism can effectively perceive the observable errors in detection,and the detection performance can be restored after reconstructing the detection model.