Research On Detection And Mitigation For LDoS Attacks In SDN Based On Traffic Features And Ensemble Learning

With the blooming development of information technology,the challenge of network security is becoming increasingly critical.Software-defined networking(SDN),an emerging technology,also faces the threat of various attacks,including denial-of-service(Do S)attacks.Low-rate denial-of-service(LDoS)attacks are classified as Do S attacks.This type of attack is often launched with the vulnerabilities of adaptive mechanisms.They often use a small amount of data to degrade the target’s network utilization and quality of service,or even paralyze it.This type of attack is highly destructive while having low average rate and high concealment,which makes it difficult to detect and mitigate.There is a lack of research in SDN for LDoS attacks and the detection and mitigation effectiveness need to be improved.Therefore,an intensive study of LDoS attack detection and mitigation approaches in SDN is of great significance for network security.LDoS attacks are inherently stealthy,but their attack effect is significant.The attack can induce the target network state to switch between congestion and recovery.This can lead to abnormal distribution of aggregated traffic and abnormal switch port traffic.Based on this,this thesis obtains traffic data flowing through bottleneck links in SDN switches and investigates the anomalies presented by their traffic features under LDoS attacks.Combining traffic features and ensemble learning algorithms,this thesis proposes two LDoS attack detection and mitigation schemes.Based on the characteristics of LDoS attacks that cause multifaceted changes in network traffic,this thesis proposes an LDoS attack detection and mitigation scheme based on extremely randomized trees and similarity metrics.The scheme first obtains the aggregated traffic at both ends of the bottleneck link for analysis.Based on the rate,scattering degree and similarity of the traffic in different cases,the features are extracted and input to the extremely randomized trees algorithm for training,and a judgment criterion is established to determine whether there is LDoS attacks.Then the scheme analyzes the features of the attacked port traffic and uses the similarity metric algorithm to locate the attacked port.Finally,flow rules are issued to filter the attacked flows.The results show that the scheme can detect and mitigate LDoS attacks with98.77% detection accuracy and an average mitigation delay of 7.37 seconds.On the basis of the abnormal changes of port traffic and aggregated traffic caused by LDoS attacks in SDN,this thesis proposes a LDoS attack detection and mitigation scheme based on port and traffic state abnormalities.The scheme firstly uses custom port features to characterize the port state and uses dynamic thresholds to determine whether the port is under attack.Secondly the scheme analyzes the traffic state in terms of the attack performance and the attack effect of the traffic,and the attack effect of the port.Nine-dimensional features are selected and the XGBoost algorithm is used to further detect LDoS attacks.Then the scheme combines threshold and blacklist mechanisms to locate malicious users.Finally the scheme installs flow rules to the switch to expel the attack flows.The scheme is evaluated on the Mininet platform which indicates that the scheme can detect and mitigate LDoS attacks well,with a mitigation success rate of 99.38% and a memory usage of about 2.5%.Focusing on LDoS attacks in SDN,this thesis explores and proposes two detection and mitigation schemes,which have theoretical value for the study of LDoS attack countermeasures in SDN and have practical significance for network security.