Research On DoS Attack Detection Technology Based On SDN

Software-Defined Networking (SDN) is a new kind of network architecture put forward by the Clean Slate research group at Stanford university in 2006. In the implementation of SDN, Open Network Foundation proposed the OpenFlow protocol which is widely recognized now. By decoupling the network control and data plane, OpenFlow-based SDN architecture can be more flexible to control network traffic, provideing a good platform for the core network and application innovation.However, its development is faced with many challenges, security is one of them. Based on this background, this thesis studied the DoS attack of SDN, and put forward corresponding detection methods and counter-measures, the main work and achievements are as follows:(1) Existing DoS attack detection methods of SDN are discussed, aming at three kinds of DoS attacks, a new detection method is put forward. The core idea is that, directly extracts and analyzes apparent feature of attacked network, makes relevant simplification, and judges the attack mode according to the characteristics.(2) Based on SDN network, DoS attack detection and defense system is designed and implemented. The overall design scheme is as follows:use the programmable controller, add the simple data flow acquisition module, store the network flow information and analyze the characteristic parameter by detection module, formulate corresponding rules flow table and send it to the switch, achieve the attack resisting. In order not to affect controller performance, the data acquisition directly use OpenFlow protocol mechanism to realize, no extra resources of the controller are occupied.(3) The experiment environment is build and the network management platform is developed. Studied of the proposed scheme, designed a network management platform interface with PHP language, it can directly display the current network state information.One controller and three OpenFlow switches are simulated by installed the corresponding software on four computers, take it as the SDN network environment entity.(4) Verified the DoS attack detection defense system.Utilizing the network management platform and the experiment simulation environment; choose DoS attack on switch to test. The result shows that the simulated attack can achieve the effect that occupies a controller’s resources, it also has obvious effect on network performance. Through the attack detection system designed in this thesis can detect attack in time, and make a defense response. The whole system is simple and easy to extend.