An Improved Method of DDoS Attack Detection for Controller of SDN

摘要

For controllers of Software Defined Network (SDN), Distributed Denial of Service (DDoS) attacks are still the simplest and most effective way to attack. Aiming at this problem, a real-time DDoS detection attack method for SDN controller is proposed. The method first uses the entropy to detect whether the flow is abnormal. After the abnormal warning is issued, the flow entry of the OpenFlow switch is obtained, and the DDoS attack feature in the SDN environment is analyzed to extract important features related to the attack. The BiLSTM-RNN neural network algorithm is used to train the data set, and the BiLSTM model is generated to classify the real-time traffic to realize the DDoS attack detection. Experiments show that, compared with other methods, this method can efficiently implement DDoS attack traffic detection and reduce controller overhead in SDN environment.