Research And System Implementation For DDoS Attack Defense Technology In SDN

Compared with traditional networks,DDoS attacks in SDN network not only consume the computing resources,storage resources and bandwidth resources of the target,but also cause the victim switch to transmit a large number of Packet-in messages to the controller.Due to the limited bandwidth of security channel between switch and controller,DDoS attack can seriously blocks the security channel between victim switch and controller,thus reducing the quality of network service.Aiming at the problem of security channel blockage between the victim switch and the controller caused by DDoS attack in SDN network,this paper studies the main DDoS attack defense technology in SDN,and proposes a DDoS attack defense algorithm based on network traffic adaptive scheduling,and designs and implements a DDoS attack defense system based on control plane,which makes the link time delay between the victim switch and neighbor switch smaller.The main contents of this paper are as follows:1)The main defense technologies of DDoS attacks in SDN networks are studied.The DDoS attack defense strategy based on control plane is adopted.The network traffic in the victim switch is transferred to the neighbor switch by sending scheduling flow rules to the victim switch on the initiative of the controller.The problem of blocking the security channel between the victim switch and the controller is solved.2)A DDS attack defense algorithm based on adaptive network traffic scheduling is proposed.Scheduling the network traffic in victim switches to neighbor switches,and adjusting the network traffic rate of scheduling,makes the Packet-in messages rate uploaded by all neighbor switches tend to be equal,and reduces the risk of blocking the security channel between neighbor switches and controllers.3)A DDoS attack defense system based on control plane is designed and implemented,and the DDoS attack defense experiment is carried out.The experimental results show that the system can effectively defend against DDoS attacks and protect the security channel between the victim switch and the controller.At the same time,the link time delay between the victim switch and the neighbor switch is reduced.