DDoS attack detection and defense based on hybrid deep learning model in SDN

Chuanhuang LI; Yan WU; Zhengzhe QIAN; Zhengjun SUN; Weiming WANG

doi:10.11959/j.issn.1000-436x.2018128

您当前的位置：

首页 >

文章列表页 >

DDoS attack detection and defense based on hybrid deep learning model in SDN

Correspondences | 更新时间：2024-06-05

- DDoS attack detection and defense based on hybrid deep learning model in SDN
- Journal on Communications Vol. 39, Issue 7, Pages: 176-187(2018)
- 作者机构：
  
  浙江工商大学信息与电子工程学院，浙江杭州 310018
- 作者简介：
- 基金信息：
  
  The National Key Research and Development Program of China(2017YFB0803202);The Natural Science Foundation of Zhejiang Province(LY18F010006);The Key Laboratory of New Network Standards and Technologies of Zhejiang Province(2013E10012);The National Key Research and Development Program of Zhejiang Province(2017C03058)
- DOI：10.11959/j.issn.1000-436x.2018128
  CLC： TP393
- Online First：2018-07，
  
  Published：25 July 2018
- 稿件说明：
移动端阅览
Chuanhuang LI, Yan WU, Zhengzhe QIAN, et al. DDoS attack detection and defense based on hybrid deep learning model in SDN[J]. Journal on Communications, 2018, 39(7): 176-187.
DOI：

Chuanhuang LI, Yan WU, Zhengzhe QIAN, et al. DDoS attack detection and defense based on hybrid deep learning model in SDN[J]. Journal on Communications, 2018, 39(7): 176-187. DOI： 10.11959/j.issn.1000-436x.2018128.

摘要

软件定义网络（SDN

software defined network）作为一种新兴的网络架构，其安全问题一直是SDN领域研究的热点，如SDN控制通道安全性、伪造服务部署及外部分布式拒绝服务（DDoS

distributed denial of service）攻击等。针对SDN安全中的外部DDoS攻击问题进行研究，提出了一种基于深度学习混合模型的DDoS攻击检测方法——DCNN-DSAE。该方法在构建深度学习模型时，输入特征除了从数据平面提取的21个不同类型的字段外，同时设计了能够区分流类型的5个额外流表特征。实验结果表明，该方法具有较高的精确度，优于传统的支持向量机和深度神经网络等机器学习方法，同时，该方法还可以缩短分类检测的处理时间。将该检测模型部署于控制器中，利用检测结果产生新的安全策略，下发到OpenFlow交换机中，以实现对特定DDoS攻击的防御。

Abstract

Software defined network (SDN) is a new kind of network technology

and the security problems are the hot topics in SDN field

such as SDN control channel security

forged service deployment and external distributed denial of service (DDoS) attacks.Aiming at DDoS attack problem of security in SDN

a DDoS attack detection method called DCNN-DSAE based on deep learning hybrid model in SDN was proposed.In this method

when a deep learning model was constructed

the input feature included 21 different types of fields extracted from the data plane and 5 extra self-designed features of distinguishing flow types.The experimental results show that the method has high accuracy

it’s better than the traditional support vector machine (SVM) and deep neural network (DNN) and other machine learning methods.At the same time

the proposed method can also shorten the processing time of classification detection.The detection model is deployed in SDN controller

and the new security policy is sent to the OpenFlow switch to achieve the defense against specific DDoS attack.

关键词

Keywords

references

YAN Q , YU F R , GONG Q , et al . Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments:a survey,some research issues,and challenges [J ] . IEEE Communications Surveys ＆ Tutorials , 2016 , 18 ( 1 ): 602 - 622 .

RADWARE.2017-2018 global application ＆ network security report [R ] . 2018 .

AKAMAI.[State of the Internet]/security Q4 2017 executive summary [R ] . 2017 .

VOELLMY A , WANG J . Scalable software defined network controllers [J ] . ACM SIGCOMM Computer Communication Review , 2012 , 42 ( 4 ): 289 - 290 .

PENG T , LECKIE C , RAMAMOHANARAO K . Survey of network-based defense mechanisms countering the DoS and DDoS problems [J ] . ACM Computing Surveys , 2007 , 39 ( 1 ):3.

MIRKOVIC J , MARTIN J , REIHER P . A taxonomy of DDoS attacks and DDoS defense mechanisms [J ] . ACM SIGCOMM Computer Communication Review , 2001 , 34 ( 2 ): 39 - 53 .

LI D , LI J , HUANG J , et al . Recent advances in deep learning for speech research at Microsoft [C ] // 2013 IEEE International Conference on Acoustics,Speech and Signal Processing . 2013 : 8604 - 8608 .

YU K , . Large-scale deep learning at Baidu [C ] // 22nd ACM international conference on Information ＆ Knowledge Management . 2013 : 2211 - 2212 .

杨余旺 , 杨静宇 , 孙亚民 . 分布式拒绝服务攻击的实现机理及其防御研究 [J ] . 计算机工程与设计 , 2004 , 25 ( 5 ): 657 - 660 .

YANG Y W , YANG J Y , SUN Y M . Defense study and implementation mechanism of distributed denial of service attack [J ] . Computer Engineering and Design , 2004 , 25 ( 5 ): 657 - 660 .

孟江涛 , 冯登国 , 薛锐 , 等 . 分布式拒绝服务攻击的原理与防范 [J ] . 中国科学院大学学报 , 2004 , 21 ( 1 ): 90 - 94 .

MENG J T , FENG D G , XUE R , et al . Distributed denial of service attacks:principle and defense [J ] . Journal of the Graduate School of the Chinese Academy of Sciences , 2004 , 21 ( 1 ): 90 - 94 .

GIL T M , POLETTO M . MULTOPS:a data-structure for bandwidth attack detection [C ] // 10th Usenix Security Symposium . 2001 : 23 - 38 .

MOUSAVI S M , ST-HILAIRE M , . Early detection of DDoS attacks against SDN controllers [C ] // 2015 International Conference on Computing,Networking and Communications (ICNC) . 2015 : 77 - 81 .

WANG R , JIA Z , JU L . An entropy-based distributed DDoS detection mechanism in software-defined networking [C ] // 2015 IEEE Trustcom/BigDataSE/ISPA . 2015 : 310 - 317 .

JADIDI Z , MUTHUKKUMARASAMY V , SITHIRASENAN E , et al . Flow-based anomaly detection using neural network optimized with GSA algorithm [C ] // 2013 IEEE 33rd International Conference on Distributed Computing Systems Workshops . 2013 : 76 - 81 .

WINTER P , HERMANN E , ZEILINGER M . Inductive intrusiondetection in flow-based network data using one-class support vector machines [C ] // 2011 4th IFIP International Conference on New Technologies,Mobility and Security . 2011 : 1 - 5 .

TRUNG P V , HUONG T T , DANG V T , et al . A multi-criteria-based DDoS-attack prevention solution using software defined networking [C ] // 2015 International Conference on Advanced Technologies for Communications (ATC) . 2015 : 308 - 313 .

YUAN X Y , LI C H , LI X . DeepDefense:identifying DDoS attack via deep learning [C ] // 2017 IEEE International Conference on Smart Computing (SMARTCOMP) . 2017 : 1 - 8 .

李传煌 , 孙正君 , 袁小雍 , 等 . 基于深度学习的实时 DDoS 攻击检测 [J ] . 电信科学 , 2017 , 33 ( 7 ): 53 - 65 .

LI C H , SUN Z J , YUAN X Y , et al . Real-time DDoS attack detection based on deep learning [J ] . Telecommunications Science , 2017 , 33 ( 7 ): 53 - 65 .

LIU C , SUN W , CHAO W . Convolution neural network for relation extraction [C ] // International Conference on Advanced Data Mining and Applications (ADMA 2013) . 2013 : 231 - 242 .

HINTON G E , SRIVASTAVA N , KRIZHEVSKY A , et al . Improving neural networks by preventing co-adaptation of feature detectors [J ] . Computer Science , 2012 , 3 ( 4 ): 212 - 223 .

SRIVASTAVA N , HINTON G , KRIZHEVSKY A , et al . Dropout:a simple way to prevent neural networks from overfitting [J ] . Journal of Machine Learning Research , 2014 , 15 ( 1 ): 1929 - 1958 .

Views

2609

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Distributed abnormal traffic detection method for SDN based on deep learning

Survey of research on abnormal traffic detection for software defined networks

LDoS attack detection method based on simple statistical features

Review of unsupervised anomaly detection techniques for medical imaging

Target visibility prediction method based on cost-sensitive CNN-BiLSTM network

Related Author

WANG Kun

FU Yu

DUAN Xueyuan

YU Yihan

LIU Taotao

Yu FU

Kun WANG

Xueyuan DUAN

Related Institution

Department of Information Security, Naval University of Engineering

School of Information and Communication Engineering, Xinyang Vocational and Technical College

College of Computer and Information Technology, Xinyang Normal University

Henan Key Laboratory of Analysis and Applications of Education Big Data

Department of Operational Research and Programming, Naval University of Engineering

AI问答

⁰