Research And Implementation Of DDoS Attack Defense Mechanism In SDN Environment

Software Defined Networking(SDN)decouples the forwarding and control planes.SDN provides flexible network management.SDN has achieved great success,but it also brings new security threats.Currently,one of the most difficult security issues for SDN is the Distributed Denial of Service(DDoS).Therefore,it is important to deploy DDoS attack defense mechanism in SDN.In this thesis,we propose a DDoS attack defense mechanism,which includes attack detection and attack protection.Attack detection includes attack detection trigger algorithm and attack detection confirmation algorithm.Attack protection includes attack source tracing algorithm and attack mitigation algorithm.The main work of this article is as follows:(1)In this thesis,we propose an attack detection algorithm combining attack detection trigger based on φ-entropy and attack detection confirmation based on XGBoost.The attack detection trigger algorithm starts the attack detection confirmation algorithm after detecting an abnormality in the SDN environment.The attack detection trigger algorithm can more accurately determine whether there is an abnormality in SDN and will not easily trigger the attack detection confirmation algorithm.The attack detection confirmation algorithm based on XGBoost distinguishes Flash Event(FE)and DDoS attacks,which improves the accuracy of DDoS attack detection.(2)In this thesis,we propose a DDoS attack source tracing algorithm in SDN environment based on φ-entropy and logistic regression.In the attack source tracing algorithm,(?)-entropy and logistic regression algorithm are used to determine whether the switch is in the attack path,which makes the attack source tracing result more accurate.After determining the location of the attack source,use packet filtering to mitigate the attack at the source of the attack.Use packet symmetry to distinguish attack traffic from normal traffic.(3)Based on the first two parts of the algorithm,we implement a DDoS attack defense system in the SDN environment.The system can quickly and accurately detect DDoS attacks and take protective measures.It also can distinguish between FE and DDoS attacks,and does not classify FE as a DDoS attack.The SDN part uses Mininet to simulate the SDN environment and Floodlight as the SDN controller.