DDoS detection and defense mechanism based on cognitive-inspired computing in SDN

Software-defined networking (SDN) provides a promising architecture for future networks, and can provide advantages as central control programmability and global view. However, it faces numerous security challenges. Distributed denial of service (DDoS) is a security threat to SDN. Most existing schemes only perform DDoS attack detection and do not address how to defend and recover after detecting DDoS. In this paper, a DDoS attack detection and defense mechanism based on cognitive-inspired computing with dual address entropy is proposed. The flow table characteristics of the switch are extracted, and a DDoS attack model is built by incorporating the support vector machine classification algorithm. This mechanism can realize real-time detection and defense at the preliminary stage of the DDoS attack and can restore normal communication in time. The experiment shows that our mechanism not only detects attacks quickly but also has a high detection rate and low false positive rate. More importantly, it can take appropriate defense and recovery measures in the time after the attack has been identified. (C) 2019 Elsevier B.V. All rights reserved.