Research On Network Attack Detection And Automatic Response Mechanism In Software-Defined Network Architecture

With the continuous expansion of network scale and diversification of network functions,the complex distributed structure of traditional networks has difficult to satisfy the demand of low-latency and high-load in cloud computing and virtualization scenarios.In this context,Software Defined Networking(SDN)is an emerging network architecture with features such as logical centralized control and global view of the network,which provides a better research idea for the deployment of cloud computing and network virtualization applications.SDN has been widely used in many network scenarios,such as the Internet of Things and data centers.At the same time,its architecture also brings many new security threats.For example,attacker can take advantage of controller’s feature to forge a series of illegal request messages to consume controller resources or disrupt the network view,thereby preventing normal communication of the network.Although some studies have analyzed many security problems in the SDN architecture from the aspects of attack detection and defense strategy,and designed the defense systems for specific attacks.However,these systems usually need to be deployed in the controller to effectively defend against all kinds of attacks,which brings great load overhead to the SDN controller and is detrimental to the extended deployment of the defense mechanism.In addition,the existing work mainly uses machine learning methods to achieve Do S / DDo S attack detection,without considering other attack types.For this problem,this paper designs a systematic SDN network attack detection system based on the SDN architecture.The main innovations are as follows:(1)We systematically analyze the essential characteristics of the typical attack methods in the SDN architecture.Based on the basic principle of SDN,this paper measures the changes of relevant indicators from the perspective of switch load,protocol message and control load,analyzes the characteristics of typical attack methods in various levels,and forms an attack description.(2)Feature construction.Based on the attack description,the feature set is constructed and its feasibility is analyzed through experimental results.In view of the lack of SDN message feature field in the existing data set,we designed the data sampling algorithm to construct the original data set.(3)Design of attack detection and automatic response algorithm based on machine learning.From the perspective of detection,we select several machine learning models suitable for classification problems,design attack detection algorithms,build a comprehensive and efficient SDN security threat detection system,and realize the automatic classification of typical attacks in the SDN architecture.From the perspective of defense,the automated response strategy algorithm is designed,which realizes the automated security strategy deployment based on the decision system.Experimental results show that our method can effectively detect and defend against various typical attacks in the SDN architecture.