基于SDN的DDoS攻击防御系统

软件定义网络（SDN）是一种新兴网络架构，通过将转发层和控制层分离，实现网络的集中管控。控制器作为SDN网络的核心，容易成为被攻击的目标，分布式拒绝服务（DDoS）攻击是SDN网络面临的最具威胁的攻击之一。针对这一问题，本文提出一种基于机器学习的DDoS攻击检测模型。首先基于信息熵监控交换机端口流量来判断是否存在异常流量，检测到异常后提取流量特征，使用SVM+K-Means的复合算法检测DDoS攻击，最后控制器下发丢弃流表处理攻击流量。实验结果表明，本文算法在误报率、检测率和准确率指标上均优于SVM算法和K-Means算法。

SDN-based DDoS Attack Defense System

Software Defined Network (SDN) is an emerging network architecture. By separating the forwarding layer and the control layer, centralized management and control of the network is achieved. As the core of the SDN network, the controller is easy to be the target of attacks. Distributed Denial of Service (DDoS) attack is one of the most threatening attacks faced by SDN networks. In response to this problem, this paper proposes a DDoS attack detection model based on machine learning. First, the method monitors the switch port traffic based on information entropy to determine whether there is abnormal traffic. After detecting anomalies, it extracts the flow characteristics and uses the SVM + K-Means composite algorithm to detect DDoS attacks. Finally, the controller delivers a drop flow table to deal with attack traffic. Experimental results show that the algorithm proposed in this paper is superior to SVM algorithm and K-Means algorithm in the indicators of false alarm rate, detection rate and accuracy.