基于软件定义网络的DDoS攻击检测方案

分布式拒绝服务(distributed denial-of-service,DDoS)攻击是网络中的常见威胁，攻击者通过向受害服务器发送大量无用请求使正常用户无法访问服务器，DDoS逐渐成为软件定义网络(software-defined networking,SDN)的重大安全隐患。针对SDN中DDoS攻击检测问题，提出了一种粗粒度与细粒度相结合的检测方案，使用队列论及条件熵作为到达流的粗粒度检测模块，使用机器学习作为细粒度检测模块，从合法包中准确检测出恶意流量。实验表明，在使用Mininet模拟SDN网络的环境中，方案可准确检测出DDoS攻击。

DDoS attack detection scheme based on software-defined networking

Distributed denial-of-service (DDoS) attacks are a common threat in many networks. Attackers send a large number of useless requests to the victim server to prevent other users from accessing the server. These attacks rely on a high degree of randomness to establish a large number of connections with victims, which makes it difficult to be detected and blocked by the firewall. With the rapid development of software defined networking (SDN), DDoS attacks have gradually become a major concern in SDN. For the problem of DDoS attack detection in SDN, a combined coarse-grained and fine-grained attack detection scheme is proposed, using queueing theory and conditional entropy as the coarse-grained detection module for arriving flows and machine learning as the fine-grained detection module to accurately detect malicious traffic from legitimate packets. Experiments show that the detection scheme can accurately and efficiently detect DDoS attacks in a simulated SDN network environment using Mininet.