Netinfo Security ›› 2017, Vol. 17 ›› Issue (12): 22-28.doi: 10.3969/j.issn.1671-1122.2017.12.005

• Orginal Article • Previous Articles     Next Articles

Research of DDoS Detection and Multi-layer Defense in SDN

Yang XU1,2(), Yi CHEN2, Rui HE2, Xiaoyao XIE1   

  1. 1.Key Laboratory of Information and Computing Science of Guizhou Province, Guizhou Normal University, Guiyang Guizhou 550001, China
    2.Guizhou Normal University and Guiyang Public Security Bureau Joint Research Centre for Information Security, Guiyang Guizhou 550001, China
  • Received:2017-09-01 Online:2017-12-20 Published:2020-05-12

Abstract:

Software defined network(SDN), has led to disruptive changes in traditional networks. In this paper, we propose a method of DDoS(distributed denial of dervice)detection and defense in SDN. Firstly,a DDoS detection method based on entropy algorithm is proposed. The attack is judged by comparing the entropy with the threshold. Secondly, double defense system is designed.At the forwarding layer, the convection table is processed. At the control level, the new detection method is used to determine the attack. Combining ACL control and traffic management,implement policies using the OpenFlow protocol. Lastly, an experimental simulation platform is constructed using OpenDayLight controller, sFlow monitoring tool and Mininet simulator. The experimental results show that, the proposed detection and defense methods improve the detection rate of DDoS attacks, reduce the false positive rate, and can quickly make defensive response.

Key words: SDN, DDoS, flow table, entropy, detection and defense

CLC Number: