Abstract:
Aiming at the problem that DDoS attack (Distributed Denial of Service) harms its controller in SDN (Software Defined Networking) environment, a DDoS attack detection scheme based on generalized entropy detection and Adam-DNN was proposed in SDN environment. Firstly, a large number of packets from the switch are detected for entropy value, and the data traffic is divided into normal, abnormal and attack according to the threshold value.Then the controller only needs to locate the switch that issues the alarm to collect the flow table information, extract their 8-element traffic characteristics, and detect whether the attack occurs through Adam-DNN. The experimental results show that compared with the traditional machine learning and Shannon entropy detection schemes, the detection success rate of this scheme is improved by 0.91%~3.66%, and the CPU utilization is reduced by 5%.