SDN环境下DDoS攻击检测和缓解系统

分布式拒绝服务攻击(distributed denial of service, DDoS)是网络安全领域的一大威胁. 作为新型网络架构, 软件定义网络(software defined networking, SDN)的逻辑集中和可编程性为抵御DDoS攻击提供了新的思路. 本文设计并实现了一个轻量级的SDN环境下的DDoS攻击检测和缓解系统. 该系统使用熵值检测方法, 并通过动态阈值进行异常判断. 若异常, 系统将使用更精确的决策树模型进行检测. 最后, 控制器通过计算流的包对称率确定攻击源, 并下发阻塞流表项. 实验结果表明, 该系统能够及时响应DDoS攻击, 具有较高的检测成功率, 并能够有效遏制攻击.

DDoS Attack Detection and Mitigation System in SDN Environment

Distributed denial of service (DDoS) attack is a major threat in the field of network security. As a new type of network architecture, the logic centralization and programmability of software defined networking (SDN) provide new ideas for defending against DDoS attacks. This study designs and implements a lightweight DDoS attack detection and mitigation system in SDN. The system uses the entropy detection method and judges the abnormality through the dynamic threshold. If the dynamic threshold is abnormal, the system will use a more accurate decision tree model for detection. Finally, the controller determines the attack source by calculating the packet symmetry rate of the flow and delivers the blocking flow entry. The experimental results show that the system can respond to DDoS attacks in time. It has a high detection success rate and can effectively contain attacks.