伴随着虚拟化技术、云计算和5G技术等的发展与使用，网络中的业务规模和复杂度也随之提升，SDN得到了快速的推广与应用，而DDoS攻击一直是网络安全领域最大的威胁之一。近年来，物联网技术快速发展，IP地址数量的需求呈海量增加，IPv6技术的使用成为未来的必然趋势。因此，研究IPv6环境中基于SDN架构下的DDoS攻击检测与防御，对SDN架构的安全保障有重要的意义。

本文针对SDN架构下的DDoS攻击检测，基于二分类思想，构建了基于BP神经网络的DDoS攻击检测模型。分析了DDoS攻击特点，结合SDN架构自身特性，利用SDN架构中OpenFlow交换机流表项信息，构建了6个特征向量作为检测模型的输入，利用在SDN仿真环境中收集到的数据集实现对DDoS攻击检测模型的训练。通过实验结果表明，基于BP神经网络的DDoS攻击检测模型在准确率方面可达99.5%，并且与基于SVM的攻击检测模型相比，基于BP神经网络模型的性能更优。其次，针对SDN架构下的DDoS攻击防御，分析了传统网络环境下DDoS攻击溯源方法存在的缺陷，利用SDN架构的特性，研究了一种基于Packet_in阈值的溯源算法。该算法基于DDoS攻击检测的结果，结合SDN架构中控制器掌握全网拓扑实例信息，实现对DDoS攻击的溯源。并将该溯源算法与传统网络架构下的经典溯源算法相比，该溯源算法对网络中的设备没有特殊要求，并且易于调试及维护。最后，基于溯源的结果，介绍了一种通过流表项控制实现对DDoS攻击报文从源头过滤的防御方法。

为了验证研究的DDoS攻击检测和防御方法的有效性，利用Mininet仿真平台、Open vSwitch交换机和Floodlight控制器搭建了SDN仿真环境，模拟了正常的背景流量和攻击流量对DDoS攻击检测和防御方法进行测试。通过模拟仿真结果表明，研究的DDoS攻击与防御方法可以有效的实现对网络中DDoS攻击的检测、溯源及防御。

With the development and use of virtualization technology, cloud computing and 5G technology, the scale and complexity of services in the network have also increased. SDN has been rapidly promoted and applied, and DDoS attack is one of the biggest threats in the field of network security.In recent years, The Internet of Things technology is developing rapidly, The demand for the number of IP addresses is increasing, IPv6 technology will become an inevitable trend in the future.Therefore, studying DDoS attack detection and defense based on the SDN architecture in the IPv6 environment, It is great of significance to the security of SDN architecture.

This theies aims at DDoS attack detection under the SDN architecture, based on the idea of binary classification, DDoS attack detection model based on BP neural network is constructed. Analyzed the characteristics of DDoS attacks, combined with the characteristics of the SDN architecture, using the flow entry information of the OpenFlow switch in the SDN architecture, six feature vectors is constructed as input to the detection model. The data is collected in the SDN simulation environment realize to train of the DDoS attack detection model. The experimental results show that the DDoS attack detection model based on BP neural network can reach 99.5% in accuracy. And compared with the based of SVM attack detection model, the performance based on the BP neural network model is better.Secondly, DDoS attack defense under SDN architecture, analyzed the short of the DDoS attack traceability method in the traditional network environment, take advantage of the characteristics of the SDN architecture, a method is studied that is based on Packet_in threshold. The algorithm bases on the results of DDoS attack detection. Combined the controller master the entire network topology information in the SDN architecture.That is to implement traceability for DDoS attack, and Compared with the classical traceability algorithm in the traditional network architecture, the traceability algorithm has no special requirements for the devices in the network, and that is easy to debug and maintain. Finally, based on the traceability results, this theies introduces a defense method through flow table entry control to filter DDoS attack packets from the source.

In order to verify the effectiveness of the researched DDoS attack detection and defense methods, the Mininet simulation platform, Open vSwitch and Floodlight controller is used to build SDN simulation environment. Normal background traffic and attack traffic are simulated to test DDoS attack detection and defense methods. The simulation results show that the study of DDoS attack and defense methods can effectively realize the detection, traceability and defense of DDoS attacks in the network.