Research on DDoS Attack Detection in Software Defined Network

Software Defined Network(SDN) is a new network construction. But due to its construction, SDN is vulnerable to be attacked by Distributed Denial of Service (DDoS) attack. So it is important to detect DDoS attack in SDN network. This paper presents a DDoS detection scheme based on k-means algorithm in SDN environment. The establishment of this scheme is based on the two hypotheses that the daily network works normally most of the time, and there is a significant difference between the data characteristics of normal situation and abnormal situation. At the same time, these two hypotheses are also true to the daily network condition. After demonstrating the validity of k-means clustering algorithm, the paper proposes 5 flow table features that can be used to detect DDoS attacks. Finally, the DDoS detection scheme was tested by simulation experiment. The test results showed that the method proposed by the author could effectively detect DDoS, with an average success rate of 97.78%.