SDN controller ddos ​​detection and defense method based on time characteristics

Abstract

The invention discloses a DDoS defection and defence method for an SDN controller based on time features. The method includes the steps of collecting statistic data of flow table items of an SDN interchanger; according to the statistic data of the flow table items, calculating change features of a flow table in a time dimension; using a BP neural network to train time feature samples of the flow table to obtain a feature pattern required in detection of DDoS attack; using the BP neural network to distinguish time features obtained by real-time calculation and detect the DDoS attack; calculating the time feature of a specific flow table item and dynamically recovering damaged interfaces. According to the DDoS detection and defence method, by combining the time features of the flow table of the SDN interchanger with the BP neural network, the purpose of detecting the DDoS attack on the SDN controller is achieved, and compared with existing methods, the method can achieve faster and more comprehensive detection of the DDoS attack on the controller, support dynamic recovery of the damaged interfaces in the later period, and reduce influences caused by incorrect encapsulation on normal services.

Description

technical field [0001] The invention relates to an SDN and DDoS attack detection technology, in particular to a time feature-based DDoS attack detection and defense method for an SDN controller. Background technique [0002] SDN, or software-defined network, as a new type of network architecture, was created to solve the management and configuration problems of increasingly large networks. [0003] The problems faced by the traditional network are: the control and forwarding planes in the traditional network are distributed and coupled. When the scale of the network continues to increase, the management and configuration of the entire network will become very difficult: the distributed control plane makes network decision-making The cooperation of multiple switches is required. The larger the network, the longer it takes to make decisions on network events. When the network reaches a certain scale, the management of the network will become very difficult; the coupling of the...

AI Technical Summary

Problems solved by technology

[0003] The problems faced by the traditional network are: the control and forwarding planes in the traditional network are distributed and coupled. When the scale of the network continues to increase, the management and configuration of the entire network will become very difficult: the distributed control plane makes network decision-making The cooperation of multiple switches is required. The larger the network, the longer it takes to make decisions on network events. When the network reaches a certain scale, the management of the network will become very difficult; the coupling of the control plane and the forwarding plane causes the two planes to restrict each other , greatly slowing down the technological innovation speed of the two planes

Since the control plane in SDN is centralized, all network decisions are handled by the control plane. Once the control plane fails and loses its decision-making ability, the entire network will be paralyzed, and all services will be forcibly interrupted.

DDoS attacks, namely distributed denial of service attacks, as a traditional network attack method, can cause victims to run out of resources and lose processing power. In the SDN environment, compared with traditional DDoS attacks will cause greater harm

Images