| Software Defined Network is a new and flexible architecture,the innovation is the data plane and control plane separated.The flexibility is to use software programming to manage the network.The SDN controller has the function of centralized control.It guides the behavior throughout the network and plays a crucial role throughout the network.Therefore,SDN controller has also become the primary target of DDoS attacks.When it encounters DDoS,it easily becomes a single failure point,causing the controller and network connection to fail,causing the SDN network to be paralyzed.This dissertation will start with the research of DDoS detection and DDoS mitigation in SDN network and make full use of SDN characteristics to propose a method that can effectively detect and mitigate DDoS attacks.On the one hand,this thesis deeply studies the DDoS detection method in SDN,and it analyzes the advantages and disadvantages of current DDoS detection methods,and proposes a DDoS detection method based on Poisson distribution information entropy.In this method,the DDoS detection is based on the centralized control of SDN controller.First,the traffic distribution of Packet-in packets submitted by the switch to the controller in each time window is analyzed,based on the Poisson distribution probability formula,each time Window traffic probability value,and then use the information entropy formula to calculate the information entropy value of each window,and it ultimately compared with the selected threshold detection to determine whether there is a DDoS attack.The experimental results show that this DDoS detection method based on Poisson distribution information entropy has higher detection rate and lower false alarm rate under three different DDoS.On the other hand,this thesis deeply studies the DDoS mitigation methods in SDN,and it analyzes the shortcomings of current DDoS mitigation methods,and proposes a DDoS mitigation approach based on source IP address reputation.The method collects the data packet request information,and submitted by the border switch in the time window under normal circumstances,including the initial request time and the total number of requests,then records it in the source IP address history storage table.When the requested data volume exceeds the set threshold,the reputation of the source IP address is obtained,according to the source IP address reputation evaluation algorithm,and the source IP address is added to the whitelist list or the blacklist,according to the reputation of the source IP address.The switch submits the request with the highest source IP address in the whitelist list,the controller filters out the black list of abnormal source IP address of the request.The experimental results show,when DDoS attacks in SDN,this method effectively mitigates DDoS and ensures that the SDN network can provide normal services. |
PDF Full Text Request