SDN中基于条件熵和GHSOM的DDoS攻击检测方法

田俊峰; 齐鎏岭

doi:10.11959/j.issn.1000-436x.2018140

您当前的位置：

首页 >

文章列表页 >

SDN中基于条件熵和GHSOM的DDoS攻击检测方法

论文Ⅱ：学术论文 | 更新时间：2024-06-05

- SDN中基于条件熵和GHSOM的DDoS攻击检测方法
- DDoS attack detection method based on conditional entropy and GHSOM in SDN
- 通信学报 2018年39卷第8期页码：140-149
- 作者机构：
  
  1. 河北大学网络空间安全与计算机学院，河北保定 071002
  2. 河北省高可信信息系统重点实验室，河北保定 071002
- 作者简介：
  
  [ "田俊峰（1965-），男，河北保定人，河北大学教授、博士生导师，主要研究方向为信息安全与分布式计算。" ]
  [ "齐鎏岭（1992-），男，河北保定人，河北大学硕士生，主要研究方向为信息安全与分布式计算。" ]
- 基金信息：
  
  国家自然科学基金资助项目(61170254);河北省自然科学基金资助项目(F2016201244)
- DOI：10.11959/j.issn.1000-436x.2018140
  中图分类号： TP309
- 网络出版日期：2018-08，
  
  纸质出版日期：2018-08-25
- 稿件说明：
移动端阅览
田俊峰, 齐鎏岭. SDN中基于条件熵和GHSOM的DDoS攻击检测方法[J]. 通信学报, 2018,39(8):140-149.

Junfeng TIAN, Liuling QI. DDoS attack detection method based on conditional entropy and GHSOM in SDN[J]. Journal on communications, 2018, 39(8): 140-149.
田俊峰, 齐鎏岭. SDN中基于条件熵和GHSOM的DDoS攻击检测方法[J]. 通信学报, 2018,39(8):140-149. DOI： 10.11959/j.issn.1000-436x.2018140.

Junfeng TIAN, Liuling QI. DDoS attack detection method based on conditional entropy and GHSOM in SDN[J]. Journal on communications, 2018, 39(8): 140-149. DOI： 10.11959/j.issn.1000-436x.2018140.

摘要

软件定义网络（SDN

software defined networking）简化了网络结构，但同时控制器也面临着“单点失效”的安全威胁。攻击者可以发送大量交换机流表中并不存在的伪造数据流，影响网络正常性能。为了准确检测这种攻击的存在，提出了基于条件熵和 GHSOM（growing hierarchical SOM）神经网络的 DDoS 攻击检测方法MBCE＆amp;G 。首先，依据此DDoS的阶段性特征，定位了网络中的受损交换机以发现可疑攻击流；然后，依据可疑攻击流种类的多样性特征，以条件熵的形式提取了四元组特征向量，将其作为神经网络的输入特征进行更加精确的分析；最后，搭建了实验环境完成验证。实验结果显示，MBCE＆amp;G检测方法可以有效检测SDN中的DDoS攻击。

Abstract

Software defined networking (SDN) simplifies the network architecture

while the controller is also faced with a security threat of “single point of failure”.Attackers can send a large number of forged data flows that do not exist in the flow tables of the switches

affecting the normal performance of the network.In order to detect the existence of this kind of attack

the DDoS attack detection method based on conditional entropy and GHSOM in SDN (MBCE＆amp;G) was presented.Firstly

according to the phased features of DDoS

the damaged switch in the network was located to find the suspect attack flows.Then

according to the diversity characteristics of the suspected attack flow

the quaternion feature vector was extracted in the form of conditional entropy

as the input features of the neural network for more accurate analysis.Finally

the experimental environment was built to complete the verification.The experimental results show that MBCE＆amp;G detection method can effectively detect DDoS attacks in SDN network.

关键词

Keywords

references

KREUTZ D , RAMOS F M V , ESTEVES V P , et al . Software-defined networking:a comprehensive survey [J ] . Proceedings of the IEEE , 2014 , 103 ( 1 ): 10 - 13 .

SEZER S , SCOTT H S , CHOUHAN P K , et al . Are we ready for SDN? implementation challenges for software-defined networks [J ] . IEEE Communications Magazine , 2013 , 51 ( 7 ): 36 - 43 .

SHIN S , GU G . Attacking software-defined networks:a first feasibility study [C ] // ACM SIGCOMM Workshop on Hot Topics in Software Defined NETWORKING . , 2013 : 165 - 166 .

NEELAM D , SHASHANK S . Analyzing behavior of DDoS attacks to identify DDoS detection features in SDN [C ] // IEEE International Conference on Communication System and Networks (COMSNETS) , 2017 .

CHEN K Y , JUNUTHULA A R , SIDDHRAU I K , et al . SDNShiled:towards more comprehensive defense against DDoS attacks on SDN control plane [C ] // IEEE Conference on Communications and Networks Security (CNS) . 2016 .

KLOTI R , KOTRONIS V , SMITH P . OpenFlow:a security analysis [C ] // IEEE International Conference on Network Protocols . 2013 : 1 - 6 .

BENTON K , CAMP L J , SMALL C . OpenFlow vulnerability assessment [C ] // ACM SIGCOMM Workshop on Hot Topics in Software Defined NETWORKING . 2013 : 151 - 152 .

DAYAL N , MAITY P , SRIVASTAVA S , et al . Research trends in security and DDoS in SDN [J ] . Security ＆ Communication Networks , 2016 ,9.

MOUSAVI S M , STHILAIRE M . Early detection of DDoS attacks against SDN controllers [C ] // International Conference on Computing,NETWORKING and Communications . 2015 : 77 - 81 .

DONG P , DU X , ZHANG H , et al . A detection method for a novelDDoS attack against SDN controllers by vast new low-traffic flows [C ] // IEEE International Conference on Communications . 2016 : 1 - 6 .

BRAGA R , MOTA E , PASSITO A . Lightweight DDoS flooding attack detection using NOX/OpenFlow [C ] // Conference on Local Computer Networks . 2010 : 408 - 415 .

姚琳元 , 董平 , 张宏科 . 基于对象特征的软件定义网络分布式拒绝服务攻击检测方法 [J ] . 电子与信息学报 , 2017 , 39 ( 2 ): 381 - 388 .

YAO L Y , DONG P , ZHANG H K . Distributed denial of service attack detection based on object character in software defined network [J ] . Journal of Electronica ＆ Information Technology , 2017 , 39 ( 2 ): 381 - 388 .

杨雅辉 , 姜电波 , 沈晴霓 , 等 . 基于改进的 GHSOM 的入侵检测研究 [J ] . 通信学报 , 2011 , 32 ( 1 ): 121 - 126 .

YANG Y H , JIANG D B , SHEN Q N , et al . Research on intrusion detection based on an improved GHSOM [J ] . Journal on Communications , 2011 , 32 ( 1 ): 121 - 126 .

阳时来 , 杨雅辉 , 沈晴霓 , 等 . 一种基于半监督 GHSOM 的入侵检测方法 [J ] . 计算机研究与发展 , 2013 , 50 ( 11 ): 2375 - 2382 .

YANG S L , YANG Y H , SHEN Q N , et al . A method of intrusion detection based on semi-supervised GHSOM [J ] . Journal of Computer Research and Development , 2013 , 50 ( 11 ): 2375 - 2382 .

SHANNON C E . A mathematical theory of communication [J ] . ACM Sigmobile Mobile Computing ＆ Communications Review , 1948 , 27 ( 4 ): 379 - 423 .

MA D , XU Z , LIN D . Defending blind DDoS attack on SDN based on moving target defense [C ] // International Conference on Security and Privacy in Communication Systems . 2014 : 463 - 480 .

BORGNAT P , DEWAELE G , FUKUDA K , et al . Seven years and one day:sketching the evolution of internet traffic [C ] // INFOCOM . 2009 : 711 - 719 .

浏览量

1304

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于阵列的神经网络水声通信信号多参数联合估计算法

基于神经网络的恶意DNS流量检测方法

基于可见光和射频融合的通信定位一体化系统

基于特征依赖图的源代码漏洞检测方法

基于改进CFCC特征提取的语种识别算法研究