通信学报 ›› 2018, Vol. 39 ›› Issue (8): 140-149.doi: 10.11959/j.issn.1000-436x.2018140

• 论文Ⅱ:学术论文 • 上一篇    下一篇

SDN中基于条件熵和GHSOM的DDoS攻击检测方法

田俊峰1,2,齐鎏岭1,2   

  1. 1 河北大学网络空间安全与计算机学院,河北 保定 071002
    2 河北省高可信信息系统重点实验室,河北 保定 071002
  • 修回日期:2018-07-03 出版日期:2018-08-01 发布日期:2018-09-13
  • 作者简介:田俊峰(1965-),男,河北保定人,河北大学教授、博士生导师,主要研究方向为信息安全与分布式计算。|齐鎏岭(1992-),男,河北保定人,河北大学硕士生,主要研究方向为信息安全与分布式计算。
  • 基金资助:
    国家自然科学基金资助项目(61170254);河北省自然科学基金资助项目(F2016201244)

DDoS attack detection method based on conditional entropy and GHSOM in SDN

Junfeng TIAN1,2,Liuling QI1,2   

  1. 1 School of Cyber Security and Computer,Hebei University,Baoding 071002,China
    2 Key Lab on High Trusted Information System in Hebei Province,Baoding 071002,China
  • Revised:2018-07-03 Online:2018-08-01 Published:2018-09-13
  • Supported by:
    The National Natural Science Foundation of China(61170254);The Natural Science Foundation of Hebei Province(F2016201244)

摘要:

软件定义网络(SDN,software defined networking)简化了网络结构,但同时控制器也面临着“单点失效”的安全威胁。攻击者可以发送大量交换机流表中并不存在的伪造数据流,影响网络正常性能。为了准确检测这种攻击的存在,提出了基于条件熵和 GHSOM(growing hierarchical SOM)神经网络的 DDoS 攻击检测方法MBCE&G 。首先,依据此DDoS的阶段性特征,定位了网络中的受损交换机以发现可疑攻击流;然后,依据可疑攻击流种类的多样性特征,以条件熵的形式提取了四元组特征向量,将其作为神经网络的输入特征进行更加精确的分析;最后,搭建了实验环境完成验证。实验结果显示,MBCE&G检测方法可以有效检测SDN中的DDoS攻击。

关键词: 软件定义网络, 条件熵, 神经网络, DDoS攻击

Abstract:

Software defined networking (SDN) simplifies the network architecture,while the controller is also faced with a security threat of “single point of failure”.Attackers can send a large number of forged data flows that do not exist in the flow tables of the switches,affecting the normal performance of the network.In order to detect the existence of this kind of attack,the DDoS attack detection method based on conditional entropy and GHSOM in SDN (MBCE&G) was presented.Firstly,according to the phased features of DDoS,the damaged switch in the network was located to find the suspect attack flows.Then,according to the diversity characteristics of the suspected attack flow,the quaternion feature vector was extracted in the form of conditional entropy,as the input features of the neural network for more accurate analysis.Finally,the experimental environment was built to complete the verification.The experimental results show that MBCE&G detection method can effectively detect DDoS attacks in SDN network.

Key words: software defined networking, conditional entropy, neural network, DDoS attack

中图分类号: 

[1] 刘伯涛. 移动回传的融合之路[J]. 电信科学, 2009, 25(11): 91 -93 .
[2] 鲜永菊,董灿,张祖凡,吴东伟. LTE-A载波聚合下的载波切换分析[J]. 电信科学, 2009, 25(12): 46 -50 .
[3] 桑俊俊,石胜飞,李建中,熊蜀光. 无线传感器网络分布式单向链路检测算法[J]. 通信学报, 2008, 29(11): 22 -172 .
[4] 曾 益,胡 波,冯 辉. 用于传感器网络的高效分时洪泛时钟同步协议[J]. 通信学报, 2007, 28(5): 2 -14 .
[5] 王俊波,陈 明. 单业务TDD-CDMA系统上行用户容量分析[J]. 通信学报, 2007, 28(6): 8 -53 .
[6] 张 静,胡华平,刘 波,肖枫涛. 基于ASPQ的LDoS攻击检测方法[J]. 通信学报, 2012, 33(5): 10 -84 .
[7] 牛德华,马建峰,马卓,李辰楠,王蕾. 基于属性的安全增强云存储访问控制方案[J]. 通信学报, 2013, 34(Z1): 37 -284 .
[8] 欧智慧,赵亚群. 一类对称布尔函数的研究[J]. 通信学报, 2013, 34(1): 10 -95 .
[9] 刘 龙,宋琦军,赵太飞,元向辉. 基于运动矢量时-空特性的快速运动估计算法研究[J]. 通信学报, 2013, 34(1): 14 -127 .
[10] 王亚石,闵丽娟,周严. OSS/BSS一体化及其与ITSM的融合[J]. 电信科学, 2014, 30(6): 17 -23 .