DDoS Attack Detection Based On Catastrophe Theory In SDN Environment

Software Defined Network(SDN)is a new type of network that separates the control plane and data plane.It has the advantages of programmability and solves many problems in traditional networks.And it has been widely used in cloud computing platforms,network virtualization,data centers and other fields.However,as an emerging technology,SDN also has many security problems,especially when it is subjected to Distributed Denial of Service(DDo S)attacks.Because SDN relies on the controller for centralized control,and DDo S attacks are likely to cause additional damage to the controller,which makes SDN compared to traditional networks are more susceptible to DDo S attacks.The existing DDo S attack detection methods in the SDN environment have some problems,including insufficient detection rate,high false positive rate,large consumption of resources and time,et al.In addition,these methods are not designed for today's mainstream DDo S hybrid attacks,and not take full of SDN's unique advantages.Therefore,it is difficult to achieve sufficient effects in actual scenarios.Under this background,this paper attempts to introduce catastrophe theory into the field of network security.Firstly,a DDo S attack detection method based on catastrophe model is proposed based on the flow characteristics,and it is verified on the public network data set.Then by analyzing the behavior characteristics of DDo S attacks and the characteristics of SDN flow table,a set of lightweight flow table features suitable for catastrophe models are proposed.Finally,aiming at the shortcomings of the single switch detection algorithm,an optimized solution for multi-switch cooperative detection is proposed based on the global view capability of the SDN controller.This article also simulates DDo S hybrid attacks through simulation experiments,and conducts many comparison experiments after collecting data.After analyzing the experimental results,it is concluded that the above method can effectively detect DDo S attacks,and has a certain degree of advantage over other methods.