Research On DDoS Detection And Defense Based On DNN In Software-defined Network

Since the conception of Software Defined Networking(SDN)has been proposed,the characteristics of control separation and flexible management which provides a new way to solve various network problems,so it is used in different types of networks.Distributed Denial of Service(DDoS)attacks is another important factor which threatens the security of network and has destructive power.With the application of SDN network architecture in various fields,SDN also faces the risk of being attacked by DDoS.How to defense DDoS attacks in the SDN environment,which has become a research hotspot.To slove the problems which has been proposed,this thesis has mainly done the following two aspects of works:The works of research are carried out on DDoS detection in SDN,and we has proposed a DNN-based DDoS attack detection model by thinking about related issues.First,a non-parametric Cumulative Sum(CUSUM)anomaly detection method is designed through this model.This method used an instantaneous change in the number of Packet-In packets received by the controller to implement anomaly detection.If networks is abnormal,the attack detection will be launch.The DNN model is the core of the DDoS attck detection.After abnormal alarms,the flow table information for attack detection is extracted and the redundant flow table features are eliminated through the feature selection method of a random forest.Then analyzing the changes of data flow during DDoS attacks,some flow table features are constructed and the input of the attack detection model is designed in combination with the optimized flow table features.Finally,an attack detection model based on deep neural network is constructed.The simulation results shows that the detection rate of this model can reach more than 98%,which can effectively detect DDoS attacks in SDN with low overhead.Thoughts on DDoS prevention in SDN and a DDoS defense model based on entropy situation in SDN network is proposed.First,the method of DDoS attack location based on the entropy situation is designed in the model.This method uses the characteristics of SDN centralized management and global view to statistics the packet information of boundary switches in the network,and analyzes the relative changes of the boundary switch entropy situation.If it exists,it is determined by the method of attack detection.Then,based on the previous work,a method of attack path reconstruction was designed based on the characteristics of the data packet forwarding based on the flow tableforwarding in SDN.Next,based on the current method of defensive attack,we designed a DDoS attack defense strategy that matches the SDN network and designed a defensive prototype system at the application layer.Finally,build a network environment in the simulation software for experiment and verification.