Research On Distributed Denial Of Service Attack Detection Methods In SDN

The emergence of Software Defined Networking(SDN)provides a new approach for network architecture research.Decoupling,Abstraction and Programmability are significant characteristics of SDN,it has completely abandoned the traditional network distributed design concept.SDN assigns controller to manage network behavior centrally by separating the control plane from forwarding plane.Controller,the core component in SDN,will paralyze the entire network once it is attacked.Distributed Denial of Service(DDo S)is a currently popular network attack method,and its attack range is wide,and its concealment is strong,and it is one of the biggest threats in SDN.With the rapid development of SDN services in cloud data centers,the security issues exposed by it have become increasingly prominent.This thesis makes a deep investigation on the characteristics of DDo S attacks and SDN,and makes a plan to detect the DDo S attack in the SDN environment,the specific work is as follows:1.The current algorithm for detecting DDo S attacks is quite complicated to calculate,and is not very efficient in identifying such attacks in a timely manner.This can result in the SDN controller’s workload becoming too high and negatively impacting the communication performance of SDN.To address this issue,the proposed method relies on information entropy to detect DDo S attacks in a more coarse-grained manner.By combining the characteristics of DDo S attacks,we manually construct information entropy for three groups of features: destination IP address,source port,and source IP address.Based on a sliding window mechanism,we calculate the information entropy of the three groups of features.Then,by analyzing characteristics of the information entropy of normal traffic and DDo S attack traffic in the dataset,we determine the information entropy threshold for the three groups of features and use it to determine whether a DDo S attack has occurred or not.The experiments show that the multidimensional information entropy detection method has a higher accuracy than single-dimensional information entropy detection,and compared with the existing machine learning detection method,it greatly shortens the detection time of DDo S attacks.2.In order to improve the accuracy of DDo S attacks,this thesis pioneered a multidimensional entropy and deep neural network(Deep Neural Network,referred to as DNN)DDo S stage detection scheme,which is divided into a coarse-grained detection module based on multi-dimensional entropy and a fine-grained detection module based on DNN.The granularity detection module takes into account the advantages of high efficiency based on information entropy detection and high accuracy of the DNN model.First,a large number of normal traffic is excluded according to the coarse-grained detection based on multidimensional entropy,and then the remaining small part of suspicious traffic is input into the DNN model.Perform fine-grained detection,and combine the detection results of the two modules to make a final judgment on DDo S attacks.This detection scheme avoids the problems of high load and high delay of the SDN controller caused by directly inputting a large amount of network traffic into the DNN model for detection,and also improves the accuracy of the detection model using only a single multi-dimensional entropy.3.Build an SDN simulation environment,and simulate the normal network and DDo S attack scenarios,design the flow of network traffic collection in the simulation environment,and then the effectiveness of the DDo S attack detection scheme proposed in this article was verified through simulation experiments.