Openflow-Based SDN Network Simulation Platform And DoS Attack Detection

Currently, with the rise of cloud computing, big data, mobile Internet emerging technologies, network data center network architecture for unified management, ease of maintenance, high security and other requirements gradually increased. This phenomenon promoted the software-defined networking (SDN) development framework. The realization of SDN network architecture, Open Networking Foundation proposes OpenFlow protocol, which is currently the only widely recognized protocol standards. The SDN OpenFlow-based networks with respect to the most important feature is the traditional network layer and control layer forwarding phase separation, programmable network behavior, the most important mechanism is the flow table mechanism and messaging. Such features also brought new opportunities for DoS attack detection. However, in the study of the use of OpenFlow protocol DoS attack detection process also met one of the biggest problems is to build a network environment. Therefore, the main issue of this paper, there are two:SDN and OpenFlow network DoS attack detection and prevention program, based on the SDN OpenFlow simulation platform design and implementation. For these two problems are mainly the work and achievements of this paper are as follows:1. In this paper, a new type of DoS attack and put under SDN network DoS attacks against traditional Host OpenFlow detection and prevention programs. Firstly, in the SDN network DoS attacks mainly in two parts:the controller and the Host. DoS attacks controller for the current study is very small, because in the general control of the network environment is transparent to the lower Host invisible, lower Host no way to directly connect to the controller for its attack. Therefore, this.paper presents a lot of useless data by sending a packet switch, inducing massive switch controller sends a request to create a new controller denial of service DoS attacks. For Host attacks mainly traditional DoS attacks. Host DoS attacks against tradition, this paper proposes the use of OpenFlow protocol mechanisms to detect DoS attacks and defensive schemes. Testing program is divided into four steps:data packet capture, protocol analysis, rule matching and active response. Defense program includes three methods: packet filtering method, the traffic restrictions and backtracking law positioning method.2. In this paper, based on the design and implementation of SDN OpenFlow network simulation platform. The simulation platform is divided into four levels, the underlying hardware, virtual platform, the underlying software and simulation software. Where the underlying hardware is the real physical devices, including network cards, servers, and switches. Virtual platform is supported by the Linux kernel native virtualization technology (Linux Kernel-base Virtual Machine, called KVM) to build a virtual node resource pool. Emulab to achieve the underlying software management and control functions. The main switch integrated simulation software simulation software and Open vSwitch Controller simulation software FloodLight. Through this platform paravirtualization technology to solve real simulation Mininet lightweight enough, not strong performance issues. The platform software solutions by integrating the management of Emulab physical simulation. And this platform has a good graphical interface, easy to expand.3. Based on the work of two validated to achieve a simulation platform for the work presented in SDN network DoS attack prevention and detection programs. Worthy of note is due to DoS attacks are a class of attacks, too much involved in specific attacks, but also in Section2.3.3of this article said the detection completeness without key consideration, so the labs selected as a specific Land Attack study. Verification results show that proposed by DoS attacks against the SDN controller can be achieved on the controller resource depletion, to attack effect. OpenFlow is detected by the proposed defense scheme can detect the network for Host Defense of Land attacks, and from the accuracy and timeliness of processing performance three dimensional effect on the detection and prevention for verification. Experiments show that, OpenFlow detect DoS attack prevention programs and high accuracy, processing capability, timely and good.