In order to solve the problem of distributed denial of service (DDoS) attack detection in software-defined network, we proposed a cooperative DDoS attack detection scheme based on entropy and ensemble learning. This method sets up a coarse-grained preliminary detection module based on entropy in the edge switch to monitor the network status in real time and report to the controller if any abnormality is found. Simultaneously, a fine-grained precise attack detection module is designed in the controller, and a ensemble learning-based algorithm is utilized to further identify abnormal traffic accurately. In this framework, the idle computing capability of edge switches is fully utilized with the design idea of edge computing to offload part of the detection task from the control plane to the data plane innovatively. Simulation results of two common DDoS attack methods, ICMP and SYN, show that the system can effectively detect DDoS attacks and greatly reduce the southbound communication overhead and the burden of the controller as well as the detection delay of the attacks.

为了解决软件定义网络中的分布式拒绝服务攻击检测问题，提出了一种基于熵和集成学习的协作式DDoS攻击检测方案。该方法基于边缘交换机中的熵建立粗粒度的初步检测模块，以实时监控网络状态，如果发现异常，则向控制器报告。同时，在控制器中设计了细粒度的精确攻击检测模块，并利用基于集成学习的算法进一步准确地识别出异常流量。在此框架中，边缘交换机的闲置计算能力被边缘计算的设计思想所充分利用，从而将检测任务的一部分从控制平面转移到数据平面。