Abstract:Although the separation of the devices in the control layer and the forwarding layer can be achieved by software-defined networking (SDN), the decoupling of the two layers exposes the devices in different layers of the network to new types of distributed denial of service (DDoS) attacks. To solve the above problem, this study proposes a DDoS attack detection method based on the improved Dempster-Shafer (D-S) theory for detecting DDoS attacks aimed at SDN controllers and switches in an SDN environment. In the improved algorithm, the discrete factor and the purity factor are used to measure the conflicts among D-S evidence sources. Meanwhile, the evidence sources of the D-S evidence theory are adjusted according to the two factors, and the DDoS attack detection result is obtained with the adjusted evidence sources in light of Dempster’s rule of combination. Experimental results show that the proposed method achieves high detection precision.