DDoS attack detection and hybrid defense technology in SDN
DDoS attack is a major threat in the security field of software-defined network(SDN),which seriously threatens the normal operation of network controllers,switches and other devices.Therefore,a DDoS attack detection and hybrid defense technology in SDN is proposed.In terms of DDoS attack detection,the statistical analysis of the number of data frames in the Packet-IN data stream received by the controller in SDN is conducted by means of chi-square test values.The data streams above the card side threshold of the data stream are judged preliminarily as suspicious streams.The relative Sibson distance between the data stream and the suspicious stream is calculated sequentially to distinguish whether the suspicious stream is a DDoS attack flow or a normal burst flow.The Sibson distance between data flow is calculated to determine whether the attack flow is a DDoS attack flow based on the features of the DDoS attack flows.In terms of DDoS attack defense,the hybrid defense is conducted by mean of shared flow tablespace support and Packet-IN packet filtering.The flow tablespace of the switch attacked by DDoS is overloaded,and the overloaded flow table is drained to other switches to complete the defense at the data layer.The MAC address of DDoS attack is traced,and the Packet_In data flow is filtered to complete the defense of control layer.The experimental results show that the proposed method can effectively detect DDoS attack flows in SDN switches and controllers,and can defend against different DDoS attacks.
万方数据
维普
