Research On Optimization Of Source Address Dynamic Validation Method In Software Defined Network

Denial of service attacks with forged source address is extremely harmful to the network.This type of attacks can be effectively prevented by the source address validation.Software Defined Network(SDN)has the characteristics of control and forwarding separation as well as programmability,which brings more flexibility to the implementation and deployment of source address validation.The current source address dynamic validation in SDN can dynamically adjust the validation strategy according to the host's security status.However,with the increase of the network scale,the controller is brought large load,and the timeliness of discovering abnormal host is not well guaranteed.The current source address dynamic validation in SDN has several problems,such as the untimely discovery of abnormal host,the heavy load of controller and the inaccuracy of abnormal detection.To overcome these problems,an optimized method of source address dynamic validation is designed and implemented,including polling host,data collection and abnormal detection.For the problem of untimely discovery of abnormal host,an optimized method based on historical behavior to poll and select hosts is designed.The host with frequent abnormality is selected firstly for detection.For the problem of heavy load,an optimization method based on switch port to collect data is designed.Data collection is only performed on the switch port with validation rules.For the problem of inaccuracy of abnormal detection,an abnormal detection method based on five data features with support vector machine is designed.The source address validation is performed on the abnormal host and not performed on the normal host to implement the dynamic deployment of source address validation rules.The SDN data center network is constructed with a common multi-core server.Several experiments are designed to demonstrate the superiority of the optimized method of source address dynamic validation,including the comparative experiment of abnormal detection accuracy,abnormal discovery delay and resource occupation.The experimental results show that the abnormal detection of support vector machine exhibits higher accuracy.The method of polling host based on historical behavior can significantly reduce the delay of discovering abnormal host.The optimized method of data collection based on switch port can reduce the load of controller.However,how to reduce the load of controller remains to be further studied.