Research On DDoS Attack Detection Method Based On Network Traffic Abnormal In SDN

With the rapid development of information technology,the Internet has become the cornerstone of global informatization,greatly facilitating people’s work and life.However,the disadvantages of traditional networks are becoming increasingly apparent,and network security maintenance has become crucially important.Therefore,Software Defined Network(SDN)has emerged.The SDN network architecture separates the forwarding function and control function of network traffic,reducing the coupling degree between network layers,while improving the flexibility,scalability,and programmability of the network.However,the centralized control of the SDN network also brings the potential threat of single point of failure.Distributed Denial of Service(DDo S)attack is a common type of network attack and one of the main threats to SDN networks.Therefore,detecting DDo S attacks has become an important part of maintaining the security of SDN network architecture.Based on the above background,this article analyzes several flow-abnormal-based DDo S attack detection methods in SDN network architecture at home and abroad.The author selects the improved machine learning classification algorithm as the main flowabnormal detection method and applies it to the SDN network.The specific detection model is presented in this article.The main work and innovation of this article are as follows:(1)To detect the attack flow in the network more accurately and quickly,this article proposes a flow-abnormal detection algorithm called Km-kd KNN.The algorithm combines the optimized K-means algorithm for initial clustering with the KNN algorithm and uses kd-tree optimization to reduce the time to search for k nearest neighbors.Finally,a series of operations such as data pre-processing and feature selection are performed on the public dataset CICDDo S2019 to obtain experimental data.The classification experiment results show that compared with other classification algorithms,this algorithm has lower complexity and higher detection accuracy.(2)Based on the Km-kd KNN algorithm,this article designs an SDN network flowabnormal detection system.The system realizes flow monitoring,flow collection,feature calculation,and flow classification through four modules.By using the Mininet platform and the Ryu controller to build a simulation environment,and due to the programmable feature of the Ryu controller,flow collection and feature calculation were successfully implemented.By conducting classification experiments on the collected real traffic,the superiority of the Km-kd KNN algorithm was verified.Finally,the algorithm is deployed in the flow classification module,realizing real-time flow detection of SDN networks and verifying the efficiency and stability of the detection system.