Research On DDoS Attack Detection And Defense Method In SDN Network

Software defined network(SDN)is a new type of network architecture that separates the control and forwarding functions in traditional networks,promotes the advancement of Internet technology,and brings new security issues.Distributed denial of service(DDo S)attacks have always been a major threat to the Internet.In SDN network,it will cause the exhaustion of controller resources and affect the normal operation of the entire network.In order to solve the DDo S attack problem in SDN network,a DDo S attack detection and defense system was designed and implemented based on the northbound interface of the controller.The system is mainly composed of four modules: data collection,feature engineering,attack detection and attack defense.The data collection module collects flows of switch through the northbound interface of the controller.The feature engineering module extracts direct features and mines derived features.The attack detection module is designed with two-level attack detection algorithms.The first-level attack detection algorithm is used to quickly locate the attack port in the early stage of the attack,and the second-level attack detection algorithm is used to specifically classify the attack.The attack defense module filters the attack traffic in real time by installing flow rules,coarse-grained rules are used to quickly respond to attacks,protect the security of the controller,fine-grained rules are used to defend against specific types of attacks to prevent filtering of normal communication traffic.The experimental results show that the attack detection module can quickly locate the attack port and accurately classify the attack traffic,with a classification accuracy of 98%,and the attack defense module can quickly install defense rules to filter the attack traffic within 2 seconds after the attack occurs,effectively protecting the security of the SDN network.Experiments found that when an attacker launches periodic attacks,the system will repeatedly install defense rules.How to dynamically set flow timeout according to the attack situation will be the focus of future work.