While software defined network (SDN) brings more innovation to the development of future networks, it also faces a more severe threat from DDoS attacks.In order to deal with the single point of failure on SDN controller caused by Dog-Collars DDoS attacks, we propose a framework for detection and defense of DDoS attacks in the SDN environment.Firstly, we deploy a trigger mechanism of DDoS attack detection on data plane to screen for abnormal flows in the network.
Then, we use a combined machine learning algorithm based on K-Means and KNN to exploit the rate characteristics and asymmetry characteristics of the flows and to detect the suspicious flows determined by the detection trigger #3.37 ESPRESSO mechanism.Finally, the controller will take corresponding actions to defense against the attacks.In this paper, we propose a new framework of cooperative detection methods of control plane and data plane, which effectively improve the detection accuracy and efficiency, and prevent DDoS attacks on SDN.