Research Of DdoS Attack Detection Method Based On Conditional Entropy And Random Forest In SDN

The development of the Internet and communication technology has put forward higher requirements for the Collaboration of network resources,the differentiation of network services,and the refinement of network management.Traditional network architecture has been unable to meet high-quality network requirements,which has become a major bottleneck restricting the development of new network technology.Software-defined network(SDN)architecture is the transformation and improvement of traditional network architecture,which provides a feasible solution for solving complex network requirements.SDN also faces various security threats in traditional networks,but based on different network architectures,SDN has some advantages in solving security threats,such as global network vision and dynamic network policy updates,but there are also some new types of security threats,such as malicious applications and single point failure of controller.Therefore,it is necessary to study the security of SDN networks.As a typical network attack,distributed denial of service(DDo S)is one of the main security threats to SDN networks.Based on the characteristics of SDN architecture,DDo S may implement targeted network attacks from the aspects of occupying flow table entry space,reducing network communication efficiency,and consuming controller resources.The work of this thesis will focus on DDo S attacks of SDN networks,design effective detection methods to accurately perceive DDo S threats,and then adopt corresponding mitigation strategies to ensure the security of SDN.The main innovative contribution of this thesis are as follows:Information entropy in information theory is applied to the DDo S detection in SDN.Based on theoretical analysis,a traffic monitoring strategy based on PACKET-IN message rate and conditional entropy is proposed,which is responsible for judging the current SDN network status and determining suspicious network traffic.Experiment shows the method of setting the threshold in the strategy.At the same time,the validity of the traffic monitoring strategy and the rationality of the threshold are proved.According to the traffic characteristics in SDN,a group of suitable and efficient traffic characteristics are extracted,and the DDo S attack detection in SDN is modeled as a supervised binary classification machine learning problem.At the same time,in order to meet the requirements of collaborative DDo S detection,a distributed random forest algorithm is designed based on a set of parallel optimization strategies.Grid search and cross validation are used to set the hyperparameters in the algorithm,and the distributed detection of DDo S attacks in SDN is achieved by using the random forest algorithm.An SDN simulation environment and a distributed computing platform are built,and DDo S attacks in different scenarios are simulated by using real network traffic data.This thesis is comprehensively compared and analyzed with other research methods in four indicators: F1 Score,False Positive Rate,Time Cost and CPU usage.According to the experimental results,the detection method proposed in the thesis has good DDo S attack detection effect and shows some practical value.