| With the characteristics of centralized management and open programmable interfaces,SDN improve abilities of scheduling and deploy applications of network.However,attack will affect both target host and controller in SDN environment,which will affect the normal communication seriously.Therefore,it is necessary to deploy security applications in SDN environment.The existing detection scheme has some shortcomings,such as lack of predictability and insufficient targeting of attack information.In response to this problem,this paper proposes a DDoS attack detection scheme in SDN environment.The scheme makes use of the global perspective of SDN controller to predict the state of network access,and then obtains the attack information by the feature of flow table and deep packet analysis respectively.Meanwhile,the specific attack features at different positions base on the attack features are obtained.After that,the attack detection feature is classified by the detection model constructed based on XGBoost and multivariate correlation analysis algorithm.This paper designs and implements the DDoS attack detection scheme,including network access monitoring and detection,DDoS attack detection scheme of the features of flow table,DDoS attack detection scheme of protocol partitioning and deep packet analysis,and DDoS attack detection model of machine learning and statistical analysis.First of all,through the secondary development of the Opendaylight controller,the network access status monitoring and detection scheme is designed and implemented in the controller to perform attack prediction and traffic mirroring,and trigger the next scheme.Secondly,two kinds of attack detection scheme are designed and implemented for flooding attack and protocol specific attack.One is attack detection scheme based on flow table features,which utilizes OpenFlow statistics characteristic to perform attack detection.The other is deep packet inspection based attack detection scheme,which utilizes SDN controller to perform port traffic mirroring,and perform attack detection by way of bypass listening.Finally,to effective attack detection,two attack detection models based on XGBoost and multivariate correlation analysis algorithms are constructed.One is PTXT model,which improves detection by separate training and detection of attacks of different protocol types ability.The other is XTMCA model,which enhance the detection of unknown attacks by combining supervised learning and threshold-based secondary filtering.In order to verify the effectiveness of the proposed scheme,this paper verifies the scheme by Mininet to set up simulation environment and open data set.The verification results show that the proposed DDoS attack detection scheme in SDN environment can accomplish the expected functions.More over,it can effectively detect attacks,and the the model proposed works better than existing methods in terms of detection rate and other indicators. |
PDF Full Text Request