SDN-based DDoS Attack Defense System

Abstract

Abstract: Software Defined Network (SDN) is an emerging network architecture. By separating the forwarding layer and the control layer, centralized management and control of the network is achieved. As the core of the SDN network, the controller is easy to be the target of attacks. Distributed Denial of Service (DDoS) attack is one of the most threatening attacks faced by SDN networks. In response to this problem, this paper proposes a DDoS attack detection model based on machine learning. First, the method monitors the switch port traffic based on information entropy to determine whether there is abnormal traffic. After detecting anomalies, it extracts the flow characteristics and uses the SVM + K-Means composite algorithm to detect DDoS attacks. Finally, the controller delivers a drop flow table to deal with attack traffic. Experimental results show that the algorithm proposed in this paper is superior to SVM algorithm and K-Means algorithm in the indicators of false alarm rate, detection rate and accuracy.

Key words: DDoS(Distributed Denial of Service), SDN(Software Defined Network), entropy, SVM, K-Means

WANG Wen-wei, XIAO Jun-bi, CHENG Peng, ZHANG Yue. SDN-based DDoS Attack Defense System[J]. Computer and Modernization, 2021, 0(02): 117-121.

References ［23］

［1］	NUNES B A A, MENDONCA M, NGUYEN X N, et al. A survey of software-defined networking: Past, present, and future of programmable networks［J］. IEEE Communications Surveys and Tutorials, 2014,16(3):1617-1634.
［2］	左青云,陈鸣,赵广松,等. 基于OpenFlow的SDN技术研究［J］. 软件学报, 2013,24(5):1078-1097.
［3］	KIRKPATRICK K. Software-defined networking［J］. Communications of the ACM, 2013,56(9):16-19.
［4］	ZHOU L N, JIANG H, ZHOU X L. A survey of traceback based on probabilistic packet marking under DDoS attacks［J］. Journal of Physics Conference Series, 2019,1213(5):052057.
［5］	LUKASEDER T, HUNT A, STEHLE C, et al. An extensible Host-agnostic framework for SDN-assisted DDoS-mitigation［C］// 2017 IEEE 42nd Conference on Local Computer Networks. 2017,1:619-622.
［6］	BEHAL S, KUMAR K, SACHDEVA M. D-FACE: An anomaly based distributed approach for early detection of DDoS attacks and flash events［J］. Journal of Network & Computer Applications, 2018,111:49-63.
［7］	HOSSEINI S, AZIZI M. The hybrid technique for DDoS detection with supervised learning algorithms［J］. Computer Networks, 2019,158:35-45.
［8］	YE J， CHENG X Y， JIAN Z, et al. A DDoS attack detection method based on SVM in software defined network［J］. Security and Communication Networks, 2018(4):1-8.
［9］	SHANG G, ZHE P, BIN X, et al. FloodDefender: Protecting data and control plane resources under SDN-aimed DoS attacks［C］// IEEE INFOCOM 2017-IEEE Conference on Computer Communications. 2017:1-9.
［10］	GIOTIS K, ARGYROPOULOS C, ANDROULIDAKIS G, et al. Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments［J］. Computer Networks, 2014,62:122-136.
［11］	GUO R, YIN H, WANG D Q, et al. Research on the active DDoS filtering algorithm based on IP flow［J］. International Journal of Communications Network & System Sciences, 2009,2(7):628-632.
［12］	MOUSAVI S M, ST-HILAIRE M. Early detection of DDoS attacks against software defined network controllers［J］. Journal of Network and Systems Management, 2018,26(3):573-591.
［13］	ROBINSON R R, THOMAS C. Ranking of machine learning algorithms based on the performance in classifying DDoS attacks［C］// 2015 IEEE Recent Advances in Intelligent Computational Systems. 2015, DOI:10.1109/RAICS.2015.7488411.
［14］	梅梦喆. SDN中基于多维条件熵的DDoS攻击检测与防护研究［D］. 南昌:南昌航空大学, 2016.
［15］	孙国友. 云环境SDN/OpenFlow网络中安全可靠的网络控制方法研究［D］. 合肥:中国科学技术大学, 2017.
［16］	肖甫,马俊青,黄洵松,等. SDN环境下基于KNN的DDoS攻击检测方法［J］. 南京邮电大学学报(自然科学版), 2015,35(1):84-88.
［17］	LIU J, LAI Y X, ZHANG S X. FL-GUARD: A detection and defense system for DDoS attack in SDN［C］// Proceedings of 2017 International Conference on Cryptography, Security and Privacy. 2017:107-111.
［18］	THAPNGAM T, YU S, ZHOU W L, et al. Discriminating DDoS attack traffic from flash crowd through packet arrival patterns［C］// 2011 IEEE Conference on Computer Communications Workshops. 2011:952-957
［19］	CHEN Z, JIANG F, CHENG Y J, et al. XGBoost classifier for DDoS attack detection and analysis in SDN-based cloud［C］// IEEE International Conference on Big Data & Smart Computing. 2018:251-256.
［20］	李蕊,张路桥,李海峰,等. 基于熵的网络异常流量检测研究综述［J］. 计算机系统应用, 2017,26(6):36-39.
［21］	DONG S J, XU X Y, CHEN R X. Application of fuzzy C-means method and classification model of optimized K-nearest neighbor for fault diagnosis of bearing［J］. Journal of the Brazilian Society of Mechanical Sciences and Engineering, 2016,38:2255-2263.
［22］	MEHR S Y, RAMAMURTHY B. An SVM based DDoS attack detection method for Ryu SDN controller［C］// Proceedings of the 15th International Conference on Emerging Networking Experiments and Technologies. 2019:72-73.
［23］	GU Y H, LI K Y, GUO Z Y, et al. Semi-supervised K-means DDoS detection method using hybrid feature selection algorithm［J］. IEEE Access, 2019,7:351-365.

[1]	YANG Liu-qing, WANG Chong. Personalized Recommendation Method of Web Service Resources Based on Maximum Entropy [J]. Computer and Modernization, 2023, 0(09): 32-37.
[2]	HAN Xue. Multi Path Planning Based on Constrained Clustering and Particle Swarm Optimization [J]. Computer and Modernization, 2023, 0(08): 7-11.
[3]	YANG Sun-zhe, SUN Ai-zhen. Rice Nitrogen Nutrition Diagnosis Based on HSV Color and LBP Texture Features [J]. Computer and Modernization, 2023, 0(07): 86-92.
[4]	WANG Yi-cheng, ZHANG Guo-liang, ZHANG Zi-jie, . Small Object Detection Method Based on Improved YOLOv5 [J]. Computer and Modernization, 2023, 0(05): 100-105.
[5]	SHENG Jiang-an, CHEN Shu-rong. Mask-wearing Face Recognition Method Fused with Dual Attention Mechanism [J]. Computer and Modernization, 2023, 0(02): 72-77.
[6]	ZHANG Zi-xuan, SHA Xiu-yan, XIAO Fei, SU Bao-chan, SUI Yu-lu, MENG Zi-chen. Research and Application of Hesitant Fuzzy Canopy-K-means Clustering Algorithm [J]. Computer and Modernization, 2022, 0(11): 17-21.
[7]	DUAN Xun, YANG Zhi-yong, JIANG Feng. An Outlier Detection Algorithm Based on Neighborhood Granular Entropy [J]. Computer and Modernization, 2022, 0(10): 19-23.
[8]	PENG Lu-lu, ZHU Yuan-yuan, JIN Wen-qian, WANG Xiao-mei. Surface Defect Detection of Automotive Steel Parts Based on Improved YOLOv4 [J]. Computer and Modernization, 2022, 0(09): 32-39.
[9]	SHEN Zhi, XU Li, FU Xiang-yuan. Traffic Sign Detection in Blurred Light Scenes Based on Improved YOLO v4 [J]. Computer and Modernization, 2022, 0(07): 27-32.
[10]	WEI Li-jun, WU Hai-bo, ZHANG Ruo-bing. A Multi-attribute Decision Making Method Based on Information Measure [J]. Computer and Modernization, 2022, 0(06): 27-31.
[11]	. Multi-view Point Cloud Registration Technology Based on K-means++ [J]. Computer and Modernization, 2022, 0(02): 97-101.
[12]	XIAO Hong-yu, ZENG Wen-qu, WANG Shu-ying. Hybrid Recommendation Algorithm for BIM Model Based on Model Feature Matching [J]. Computer and Modernization, 2022, 0(01): 28-32.
[13]	JIN Xin, ZENG Si-ke, LIU Yang, WU Chu-han. Mask Wearing Detection Algorithm Based on Improved YOLOv4 [J]. Computer and Modernization, 2022, 0(01): 85-90.
[14]	FENG Jun-qi, ZHANG Zheng-jun, ZHANG Man, YAN Tao. Improved FCM Algorithm Based on Entropy and Neighborhood Constraint [J]. Computer and Modernization, 2021, 0(11): 89-94.
[15]	ZHUANG Li-li, SHI Hong-yan. Outlier Detection Based on Improved Cuckoo Search k-means Algorithm [J]. Computer and Modernization, 2021, 0(10): 15-22.