一种SDN中基于熵值计算的异常流量检测方法

doi:10.11959/j.issn.1000-0801.2015217

Abstract

Abstract:

SDN（software defined networking）is a novel network infrastructure which separate the control plane from the data plane. Taking advantage of the idea of SDN, a central security center was built which collected traffic from the SDN data plane entity for analyzing. The attacks can be detected based on the entropy variation of the identifier and locate the type of attack with the classification algorithm. As the anomaly patterns were detected, the security center would cooperate with the central controller to install the flow table to alleviate the influence of the attack. The anomaly traffic can be detected early and can't influence the performance of the controller. Besides, the controller can be protected from attack based on our system.

Key words: SDN, security center, entropy, DDoS

Mingxin Wang,Huachun Zhou,Jia Chen,Hongke Zhang. An Entropy Based Anomaly Traffic Detection Approach in SDN[J]. Telecommunications Science, 2015, 31(9): 83-89.

Figures/Tables 5

References 14

1	Open Networking Foundation. Software-Defined Networking: the New Norm for Networks, 2012
2	McKeown N , Anderson T , Balakrishnan H , et al. OpenFlow:enabling innovation in campus networks. Computer Communication Review, 2008,38（2）:69～74
3	ONF. OpenFlow Switch Specification 1.3.4, 2014
4	Braga R , Mota E , Passito A . Lightweight DDoS flooding attack detection using NOX/OpenFlow. Proceedings of IEEE 35th Conference on Local Computer Networks （LCN）, Denver, Colorado, USA, 2010:408～415
5	Mousavi S M , St-Hilaire M . Early detection of DDoS attacks against SDN controllers. Proceedings of 2015 International Conference on Computing, Networking and Communications （ICNC）, Ottawa, Canada, 2015:77～81
6	Su W , Wu L , Huang Y , et al. Design of event-based intrusion detection system on OpenFlow network. Proceedings of IEEE International Conference on Dependable Systems and Networks （SDN）, Budapest, Hungary, 2013:1～2
7	Giotis K , Argyropoulos C , Androulidakis G , et al. Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Computer Networks, 2014（62）:122～136
8	POX. , 2015
9	Hofstede R , Celeda P , Trammell B , et al. Flow monitoring explained: from packet capture to data analysis with NetFlow and IPFIX. IEEE Communications Surveys and Tutorials, 2014,16（4）:2037～2064
10	Denning D E . An intrusion-detection model. IEEE Transactions on Software Engineering, 1987,13（2）:222～232
11	Lakhina A , Crovella M , Diot C . Mining anomalies using traffic feature distributions. Proceedings of ACM SIGCOMM, Philadelphia, PA, USA, 2005:217～228
12	陈小辉．基于数据挖掘算法的入侵检测方法．计算机工程， 2010,36（17）:72～76 Chen X H . Intrusion detection method based on data mining algorithm. Computer Engineering, 2010,36（17）:72～76
13	杜强，孙敏．基于改进聚类分析算法的入侵检测系统研究．计算机工程与应用， 2011,47（11）:106～108 Du Q , Sun M . Intrusion detection system based on improved clustering algorithm. Computer Engineering and Applications. 2011,47（11）:106～108
14	Scapy. , 2014

Metrics

Recommended 0

No Suggested Reading articles found!

名称	代表厂商	版本	主要特点
NetFlow	Cisco	V1、V5、V7、V8、V9	应用最广泛，衍生版本最多
sFlow	HP、NEC、OpenvSwitch	V4、V5	实时性较强，具备突出的第2～7层信息描述能力
CFlowd	Juniper	V5、V8	应用厂商较少
NetStream	华为	V5、V8、V9	与NetFlow类似
IPFIX	IETF标准	RFC3917	以NetFlow V9为蓝本衍生，成为IETF标准

目的接入标识	正常流量	25% DDoS攻击流量
平均熵值	1.523	1.322
标准差	0.010	0.016
置信区间	[-0.0032,+0.0032]	[-0.0054,+0.0054]
正常流量最小值与异常流量最大值之间差值	1.519 8-1.327 4=0.192 4
阈值	1.33

[1]	Yanxia TAN, Guangquan WANG, Zelin WANG, Yanlei ZHENG, He ZHANG, Chenfang ZHANG, Sai HAN, Shikui SHEN. Research on technical scheme of SDN intelligent management and control orchestration system [J]. Telecommunications Science, 2023, 39(3): 143-152.
[2]	Qionghua LUO, Hongkui WANG, Haibing YIN, Yafen XING. Just noticeable distortion model based on entropy masking in DCT domain [J]. Telecommunications Science, 2023, 39(2): 59-70.
[3]	Panpan LI, Zhengxia XIE, Zengkai WANG, Rui JIN. Calculation method of information dissemination based on information entropy in public internet [J]. Telecommunications Science, 2022, 38(4): 90-100.
[4]	Yafen1 XING, Haibing YIN, Hongkui WANG, Qionghua LUO. Video temporal perception characteristics based just noticeable difference model [J]. Telecommunications Science, 2022, 38(2): 92-102.
[5]	Tai LIU, Chao ZHU, Yi CHENG, Yiming WANG. Research on SDN based tactical communication network architecture [J]. Telecommunications Science, 2022, 38(10): 120-130.
[6]	Zaisheng LIU, Fei NI, Rongpeng LI, Honggang ZHANG, Chang LIU, Jiefang ZHANG, Songyun XIE. Persistent homology based topological analysis on the gestalt patterns during human brain cognition process [J]. Telecommunications Science, 2021, 37(7): 77-85.
[7]	Daoyun HU, Jin QI, Qianchun LU, Feng LI, Hongqiang FANG. Research and application of traffic engineering algorithm based on deep learning [J]. Telecommunications Science, 2021, 37(2): 107-114.
[8]	Le ZHANG, Yanqin WU, Ke ZHANG, Dongfeng MAO, Song JIANG, Huawei HU. Research and implementation of intelligent endogenous technology for SDN cooperative controller [J]. Telecommunications Science, 2021, 37(12): 101-109.
[9]	Feiyang LIU, Kun LI, Fei SONG, Huachun ZHOU. Construction of DDoS attacks malicious behavior knowledge base construction [J]. Telecommunications Science, 2021, 37(11): 17-32.
[10]	Yanshang YIN, Tongpeng SUO, Ligang DONG, Xian JIANG. SDN security prediction method based on bayesian attack graph [J]. Telecommunications Science, 2021, 37(11): 75-85.
[11]	Huiguang CHEN, Huan LI. Orchestration system architecture design and implementation of smart line service [J]. Telecommunications Science, 2021, 37(10): 152-161.
[12]	Huifang HOU,Xuefang LI,Jie PAN,Zhigang DING. 5G carrier network data collection and security management evolution ideas [J]. Telecommunications Science, 2020, 36(9): 154-159.
[13]	Xiongyan TANG,Haijun WANG,Hongbo YANG. Key technologies and application of optical transport network for leased line services [J]. Telecommunications Science, 2020, 36(7): 18-25.
[14]	Chang CAO,Shuai ZHANG,Ying LIU,Xiongyan TANG. Convergence of telco cloud and bearer network based computing power network orchestration [J]. Telecommunications Science, 2020, 36(7): 55-62.
[15]	Jinglin LI,Xiaolan WAN. SDN resolve space-ground integrated network based on end side computing [J]. Telecommunications Science, 2020, 36(7): 80-91.

An Entropy Based Anomaly Traffic Detection Approach in SDN

RichHTML

PDF下载

Knowledge

Cited

Abstract

Cite this article

share this article

Figures/Tables 5

References 14

Related Articles 15

Metrics

Recommended 0