bqmxnh/IDSforSDN

GitHub: bqmxnh/IDSforSDN

基于 SDN 架构的 DDoS 攻击检测系统，整合 Open vSwitch、Ryu 控制器与 Suricata，实现从攻击检测到日志监控的完整安全运营演示。

Stars: 0 | Forks: 0

# 用于 DDoS 攻击检测的软件定义网络入侵检测系统 ## 系统架构: ![架构](https://static.pigsec.cn/wp-content/uploads/repos/2026/03/72a380a761180204.png) ## IP 地址: | 机器名称 | 接口 | IP 地址 | | :--- | :--- | :--- | | Switch VM | VMNet 2, VMNet 1 | VMNet 2: 192.168.111.10/24
VMNet 1: 192.168.184.10/24 | | Management VM | VMNet 2 | VMNet 2: 192.168.111.11/24 | | Controller VM | VMNet 2 | VMNet 2: 192.168.111.12/24 | | Victim VM | VMNet 2 | VMNet 2: 192.168.111.13/24 | | Attacker | VMNet 1 | 192.168.184.11 | ## 工作流程 (越南语): ``` sequenceDiagram participant A as Attacker (hping3) participant S as OVS Switch participant C as Ryu Controller participant I as Suricata IDS participant V as Victim Note over A: Bắt đầu tấn công SYN Flood loop Hàng ngàn packets/giây A->>S: Gửi TCP SYN (Src IP ngẫu nhiên) par Xử lý SDN S->>C: Packet-In (Gói tin mới) C->>S: Packet-Out + FlowMod (Cài luật) Note right of C: CPU Controller tăng vọt (Quá tải) and Xử lý IDS S->>I: Mirror/Copy Traffic I->>I: Khớp luật (Signature Match) I-->>Log: Ghi log "Possible DDoS attack" end S->>V: Chuyển tiếp gói tin (Nếu không bị drop) end ``` ## 结果: - 搭建了包含 OVSSwitch 和 Ryu Controller 的 SDN 架构: ![SDN](https://static.pigsec.cn/wp-content/uploads/repos/2026/03/8c9139892e180214.png) - 使用 Prometheus, Grafana, Loki 的监控系统: ![Grafana](https://static.pigsec.cn/wp-content/uploads/repos/2026/03/933b923d06180224.jpg) ![Grafana](https://static.pigsec.cn/wp-content/uploads/repos/2026/03/d682805e46180233.jpg) ![Log](https://static.pigsec.cn/wp-content/uploads/repos/2026/03/a36ab21615180246.jpg) ![Log](https://static.pigsec.cn/wp-content/uploads/repos/2026/03/f40911447a180257.jpg) - 通过 Suricata 成功检测到 DDoS 攻击 ![DDoS](https://static.pigsec.cn/wp-content/uploads/repos/2026/03/4459fd55ef180308.png) ## 安装与部署指南: [安装说明](SETUP.md) ## 工具栈参考 - **Open vSwitch (OVS)** – 用于软件定义网络的虚拟交换机 https://docs.openvswitch.org/ - **Ryu SDN Controller** – 基于 Python 的 SDN 控制器框架 https://ryu.readthedocs.io/ - **Suricata IDS/IPS** – 网络入侵检测和防御系统 https://docs.suricata.io/ - **Prometheus** – 监控和指标收集系统 https://prometheus.io/docs/ - **Grafana** – 可视化和监控仪表盘 https://grafana.com/docs/ - **Grafana Loki** – 面向云原生环境的日志聚合系统 https://grafana.com/docs/loki/ - **hping3** – 用于生成 TCP SYN flood 流量的网络工具 https://github.com/antirez/hping

标签：DDoS攻击检测, Grafana, Loki, Metaprompt, Open vSwitch, OVS, PB级数据处理, Python, Ryu控制器, SDN, SecOps, Suricata, SYN Flood, 云安全架构, 入侵检测系统, 安全数据湖, 安全运维, 异常检测, 拒绝服务攻击, 无后门, 流量监控, 现代安全运营, 网络安全, 自定义请求头, 虚拟化, 软件定义网络, 逆向工具, 配置错误, 隐私保护