现代电子技术2025,Vol.48Issue(2):85-89,5.DOI:10.16652/j.issn.1004-373x.2025.02.014
SDN中DDoS攻击检测与混合防御技术
DDoS attack detection and hybrid defense technology in SDN
摘要
Abstract
DDoS attack is a major threat in the security field of software-defined network(SDN),which seriously threatens the normal operation of network controllers,switches and other devices.Therefore,a DDoS attack detection and hybrid defense technology in SDN is proposed.In terms of DDoS attack detection,the statistical analysis of the number of data frames in the Packet-IN data stream received by the controller in SDN is conducted by means of chi-square test values.The data streams above the card side threshold of the data stream are judged preliminarily as suspicious streams.The relative Sibson distance between the data stream and the suspicious stream is calculated sequentially to distinguish whether the suspicious stream is a DDoS attack flow or a normal burst flow.The Sibson distance between data flow is calculated to determine whether the attack flow is a DDoS attack flow based on the features of the DDoS attack flows.In terms of DDoS attack defense,the hybrid defense is conducted by mean of shared flow tablespace support and Packet-IN packet filtering.The flow tablespace of the switch attacked by DDoS is overloaded,and the overloaded flow table is drained to other switches to complete the defense at the data layer.The MAC address of DDoS attack is traced,and the Packet_In data flow is filtered to complete the defense of control layer.The experimental results show that the proposed method can effectively detect DDoS attack flows in SDN switches and controllers,and can defend against different DDoS attacks.关键词
软件定义网络/DDoS攻击流/攻击检测/混合防御/卡方检验值/Sibson距离/流表空间共享Key words
software-defined network/DDoS attack flow/attack detection/hybrid defense/chi-square test value/Sibson distance/flow tablespace sharing分类
电子信息工程引用本文复制引用
李小菲,陈义..SDN中DDoS攻击检测与混合防御技术[J].现代电子技术,2025,48(2):85-89,5.基金项目
2022年中国高校产学研创新基金——新一代信息技术创新项目:SDN中混合防御DDoS攻击检测技术研究(2022IT078) (2022IT078)
