The present invention is used in the technical field of network security. Provided are a software-defined network DDoS attack simulation and attack detection method, and an apparatus, the method comprising: adding zombie computers in a linearly increasing incremental fashion, and initiating a data plane concealed DDoS attack on a pre-determined target switch in a software-defined network by means of said zombie computers; by means of updating a flow table on all switches in a software-defined network, synchronizing and updating a pre-constructed attack flow monitoring table on a controller of the software-defined network; periodically checking the attack flow monitoring table, so as to determine whether there is in the attack flow monitoring table a monitoring table item having a duration exceeding a pre-determined duration; when there is such an item, determining that a network flow corresponding to the monitoring table item is a concealed attack flow directed at the data plane of the software-defined network, thereby effectively increasing efficiency of modeling a concealed DDoS attack on a software-defined network data plane, and effectively increasing efficiency of detecting concealed DDoS attacks on the software-defined network data plane.
展开▼