SDN下基于深度学习混合模型的DDoS攻击检测与防御

李传煌; 吴艳; 钱正哲; 孙正君; 王伟明

doi:10.11959/j.issn.1000-436x.2018128

您当前的位置：

首页 >

文章列表页 >

SDN下基于深度学习混合模型的DDoS攻击检测与防御

学术通信 | 更新时间：2024-06-05

- SDN下基于深度学习混合模型的DDoS攻击检测与防御
- DDoS attack detection and defense based on hybrid deep learning model in SDN
- 通信学报 2018年39卷第7期页码：176-187
- 作者机构：
  
  浙江工商大学信息与电子工程学院，浙江杭州 310018
- 作者简介：
  
  [ "李传煌（1980-），男，江西九江人，博士，浙江工商大学副教授、硕士生导师，主要研究方向为软件定义网络、深度学习、开放可编程网络、系统性能预测和分析模型。" ]
  [ "吴艳（1995-），女，安徽宣城人，浙江工商大学硕士生，主要研究方向为软件定义网络、深度学习。" ]
  [ "钱正哲（1994-），男，浙江杭州人，浙江工商大学硕士生，主要研究方向为软件定义网络、深度学习。" ]
  [ "孙正君（1993-），男，安徽滁州人，浙江工商大学硕士生，主要研究方向为软件定义网络、深度学习。" ]
  [ "王伟明（1964-），男，浙江遂昌人，博士，浙江工商大学教授、硕士生导师，主要研究方向为新一代网络架构、开放可编程网络。" ]
- 基金信息：
  
  国家重点研发计划基金资助项目(2017YFB0803202);目江省自然科学基金资助项目(LY18F010006);浙江省新型网络标准与应用技术重点实验室基金资助项目(2013E10012);浙江省重点研发计划基金资助项目(2017C03058)
- DOI：10.11959/j.issn.1000-436x.2018128
  中图分类号： TP393
- 网络出版日期：2018-07，
  
  纸质出版日期：2018-07-25
- 稿件说明：
移动端阅览
李传煌, 吴艳, 钱正哲, 等. SDN下基于深度学习混合模型的DDoS攻击检测与防御[J]. 通信学报, 2018,39(7):176-187.

Chuanhuang LI, Yan WU, Zhengzhe QIAN, et al. DDoS attack detection and defense based on hybrid deep learning model in SDN[J]. Journal on communications, 2018, 39(7): 176-187.
李传煌, 吴艳, 钱正哲, 等. SDN下基于深度学习混合模型的DDoS攻击检测与防御[J]. 通信学报, 2018,39(7):176-187. DOI： 10.11959/j.issn.1000-436x.2018128.

Chuanhuang LI, Yan WU, Zhengzhe QIAN, et al. DDoS attack detection and defense based on hybrid deep learning model in SDN[J]. Journal on communications, 2018, 39(7): 176-187. DOI： 10.11959/j.issn.1000-436x.2018128.

摘要

软件定义网络（SDN

software defined network）作为一种新兴的网络架构，其安全问题一直是SDN领域研究的热点，如SDN控制通道安全性、伪造服务部署及外部分布式拒绝服务（DDoS

distributed denial of service）攻击等。针对SDN安全中的外部DDoS攻击问题进行研究，提出了一种基于深度学习混合模型的DDoS攻击检测方法——DCNN-DSAE。该方法在构建深度学习模型时，输入特征除了从数据平面提取的21个不同类型的字段外，同时设计了能够区分流类型的5个额外流表特征。实验结果表明，该方法具有较高的精确度，优于传统的支持向量机和深度神经网络等机器学习方法，同时，该方法还可以缩短分类检测的处理时间。将该检测模型部署于控制器中，利用检测结果产生新的安全策略，下发到OpenFlow交换机中，以实现对特定DDoS攻击的防御。

Abstract

Software defined network (SDN) is a new kind of network technology

and the security problems are the hot topics in SDN field

such as SDN control channel security

forged service deployment and external distributed denial of service (DDoS) attacks.Aiming at DDoS attack problem of security in SDN

a DDoS attack detection method called DCNN-DSAE based on deep learning hybrid model in SDN was proposed.In this method

when a deep learning model was constructed

the input feature included 21 different types of fields extracted from the data plane and 5 extra self-designed features of distinguishing flow types.The experimental results show that the method has high accuracy

it’s better than the traditional support vector machine (SVM) and deep neural network (DNN) and other machine learning methods.At the same time

the proposed method can also shorten the processing time of classification detection.The detection model is deployed in SDN controller

and the new security policy is sent to the OpenFlow switch to achieve the defense against specific DDoS attack.

关键词

Keywords

references

YAN Q , YU F R , GONG Q , et al . Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments:a survey,some research issues,and challenges [J ] . IEEE Communications Surveys ＆ Tutorials , 2016 , 18 ( 1 ): 602 - 622 .

RADWARE.2017-2018 global application ＆ network security report [R ] . 2018 .

AKAMAI.[State of the Internet]/security Q4 2017 executive summary [R ] . 2017 .

VOELLMY A , WANG J . Scalable software defined network controllers [J ] . ACM SIGCOMM Computer Communication Review , 2012 , 42 ( 4 ): 289 - 290 .

PENG T , LECKIE C , RAMAMOHANARAO K . Survey of network-based defense mechanisms countering the DoS and DDoS problems [J ] . ACM Computing Surveys , 2007 , 39 ( 1 ):3.

MIRKOVIC J , MARTIN J , REIHER P . A taxonomy of DDoS attacks and DDoS defense mechanisms [J ] . ACM SIGCOMM Computer Communication Review , 2001 , 34 ( 2 ): 39 - 53 .

LI D , LI J , HUANG J , et al . Recent advances in deep learning for speech research at Microsoft [C ] // 2013 IEEE International Conference on Acoustics,Speech and Signal Processing . 2013 : 8604 - 8608 .

YU K , . Large-scale deep learning at Baidu [C ] // 22nd ACM international conference on Information ＆ Knowledge Management . 2013 : 2211 - 2212 .

杨余旺 , 杨静宇 , 孙亚民 . 分布式拒绝服务攻击的实现机理及其防御研究 [J ] . 计算机工程与设计 , 2004 , 25 ( 5 ): 657 - 660 .

YANG Y W , YANG J Y , SUN Y M . Defense study and implementation mechanism of distributed denial of service attack [J ] . Computer Engineering and Design , 2004 , 25 ( 5 ): 657 - 660 .

孟江涛 , 冯登国 , 薛锐 , 等 . 分布式拒绝服务攻击的原理与防范 [J ] . 中国科学院大学学报 , 2004 , 21 ( 1 ): 90 - 94 .

MENG J T , FENG D G , XUE R , et al . Distributed denial of service attacks:principle and defense [J ] . Journal of the Graduate School of the Chinese Academy of Sciences , 2004 , 21 ( 1 ): 90 - 94 .

GIL T M , POLETTO M . MULTOPS:a data-structure for bandwidth attack detection [C ] // 10th Usenix Security Symposium . 2001 : 23 - 38 .

MOUSAVI S M , ST-HILAIRE M , . Early detection of DDoS attacks against SDN controllers [C ] // 2015 International Conference on Computing,Networking and Communications (ICNC) . 2015 : 77 - 81 .

WANG R , JIA Z , JU L . An entropy-based distributed DDoS detection mechanism in software-defined networking [C ] // 2015 IEEE Trustcom/BigDataSE/ISPA . 2015 : 310 - 317 .

JADIDI Z , MUTHUKKUMARASAMY V , SITHIRASENAN E , et al . Flow-based anomaly detection using neural network optimized with GSA algorithm [C ] // 2013 IEEE 33rd International Conference on Distributed Computing Systems Workshops . 2013 : 76 - 81 .

WINTER P , HERMANN E , ZEILINGER M . Inductive intrusiondetection in flow-based network data using one-class support vector machines [C ] // 2011 4th IFIP International Conference on New Technologies,Mobility and Security . 2011 : 1 - 5 .

TRUNG P V , HUONG T T , DANG V T , et al . A multi-criteria-based DDoS-attack prevention solution using software defined networking [C ] // 2015 International Conference on Advanced Technologies for Communications (ATC) . 2015 : 308 - 313 .

YUAN X Y , LI C H , LI X . DeepDefense:identifying DDoS attack via deep learning [C ] // 2017 IEEE International Conference on Smart Computing (SMARTCOMP) . 2017 : 1 - 8 .

李传煌 , 孙正君 , 袁小雍 , 等 . 基于深度学习的实时 DDoS 攻击检测 [J ] . 电信科学 , 2017 , 33 ( 7 ): 53 - 65 .

LI C H , SUN Z J , YUAN X Y , et al . Real-time DDoS attack detection based on deep learning [J ] . Telecommunications Science , 2017 , 33 ( 7 ): 53 - 65 .

LIU C , SUN W , CHAO W . Convolution neural network for relation extraction [C ] // International Conference on Advanced Data Mining and Applications (ADMA 2013) . 2013 : 231 - 242 .

HINTON G E , SRIVASTAVA N , KRIZHEVSKY A , et al . Improving neural networks by preventing co-adaptation of feature detectors [J ] . Computer Science , 2012 , 3 ( 4 ): 212 - 223 .

SRIVASTAVA N , HINTON G , KRIZHEVSKY A , et al . Dropout:a simple way to prevent neural networks from overfitting [J ] . Journal of Machine Learning Research , 2014 , 15 ( 1 ): 1929 - 1958 .

浏览量

2116

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于深度学习的SDN异常流量分布式检测方法

面向软件定义网络的异常流量检测研究综述

基于简单统计特征的LDoS攻击检测方法

超大规模太赫兹系统深度学习信道估计算法

基于机器学习的加密流量分类研究综述