The architecture of software‐defined network (SDN)enhances the openness of the network by separating the control and forwarding functions, but the centralized SDN control form is susceptible to distributed denial of service (DDoS) attacks. In this paper, entropy value and back‐propagation neural network (BPNN) were applied to the DDoS attack detection of SDN, and then the two detection algorithms were simulated in MATLAB software and compared with the K‐means algorithm. The results showed that in the face of four DDoS attacks, SYN Flood, ACK Flood, UDP Flood and ICMP Flood, the BPNN‐based DDoS detection had higher accuracy and less detection time; the switch that adopted the BPNN‐based DDoS detection algorithm adjusted the traffic ratio back to normal level faster when facing DDoS attacks, reducing the impact on other switches and maintaining the traffic stability of the network. © 2024 Institute of Electrical Engineers of Japan. Published by Wiley Periodicals LLC.

中文翻译：

---

分布式拒绝服务混合攻击后软件定义网络架构检测与防御方法研究

软件定义网络（SDN）的架构通过分离控制和转发功能来增强网络的开放性，但集中式SDN控制形式容易受到分布式拒绝服务（DDoS）攻击。本文将熵值和反向传播神经网络（BPNN）应用于SDN的DDoS攻击检测，然后在MATLAB软件中对两种检测算法进行仿真，并与K-means算法进行比较。结果表明，面对SYN Flood、ACK Flood、UDP Flood和ICMP Flood四种DDoS攻击，基于BPNN的DDoS检测具有更高的准确率和更少的检测时间；采用基于BPNN的DDoS检测算法的交换机在面临DDoS攻击时能够更快地将流量比例恢复到正常水平，减少对其他交换机的影响，保持网络流量的稳定性。© 2024 日本电气工程师协会。由 Wiley 期刊有限责任公司出版。