SDN中基于条件熵和GHSOM的DDoS攻击检测方法

doi:10.11959/j.issn.1000-436x.2018140

通信学报 ›› 2018, Vol. 39 ›› Issue (8): 140-149.doi: 10.11959/j.issn.1000-436x.2018140

SDN中基于条件熵和GHSOM的DDoS攻击检测方法

田俊峰^1,²,齐鎏岭^1,²

¹ 河北大学网络空间安全与计算机学院，河北保定 071002
² 河北省高可信信息系统重点实验室，河北保定 071002

修回日期:2018-07-03 出版日期:2018-08-01 发布日期:2018-09-13
作者简介:田俊峰（1965-），男，河北保定人，河北大学教授、博士生导师，主要研究方向为信息安全与分布式计算。|齐鎏岭（1992-），男，河北保定人，河北大学硕士生，主要研究方向为信息安全与分布式计算。
基金资助:
国家自然科学基金资助项目(61170254);河北省自然科学基金资助项目(F2016201244)

DDoS attack detection method based on conditional entropy and GHSOM in SDN

Junfeng TIAN^1,²,Liuling QI^1,²

¹ School of Cyber Security and Computer,Hebei University,Baoding 071002,China
² Key Lab on High Trusted Information System in Hebei Province,Baoding 071002,China

Revised:2018-07-03 Online:2018-08-01 Published:2018-09-13
Supported by:
The National Natural Science Foundation of China(61170254);The Natural Science Foundation of Hebei Province(F2016201244)

摘要/Abstract

摘要：

软件定义网络（SDN,software defined networking）简化了网络结构，但同时控制器也面临着“单点失效”的安全威胁。攻击者可以发送大量交换机流表中并不存在的伪造数据流，影响网络正常性能。为了准确检测这种攻击的存在，提出了基于条件熵和 GHSOM（growing hierarchical SOM）神经网络的 DDoS 攻击检测方法MBCE&G 。首先，依据此DDoS的阶段性特征，定位了网络中的受损交换机以发现可疑攻击流；然后，依据可疑攻击流种类的多样性特征，以条件熵的形式提取了四元组特征向量，将其作为神经网络的输入特征进行更加精确的分析；最后，搭建了实验环境完成验证。实验结果显示，MBCE&G检测方法可以有效检测SDN中的DDoS攻击。

关键词: 软件定义网络, 条件熵, 神经网络, DDoS攻击

Abstract:

Software defined networking (SDN) simplifies the network architecture,while the controller is also faced with a security threat of “single point of failure”.Attackers can send a large number of forged data flows that do not exist in the flow tables of the switches,affecting the normal performance of the network.In order to detect the existence of this kind of attack,the DDoS attack detection method based on conditional entropy and GHSOM in SDN (MBCE&G) was presented.Firstly,according to the phased features of DDoS,the damaged switch in the network was located to find the suspect attack flows.Then,according to the diversity characteristics of the suspected attack flow,the quaternion feature vector was extracted in the form of conditional entropy,as the input features of the neural network for more accurate analysis.Finally,the experimental environment was built to complete the verification.The experimental results show that MBCE&G detection method can effectively detect DDoS attacks in SDN network.

Key words: software defined networking, conditional entropy, neural network, DDoS attack

中图分类号:

TP309

田俊峰,齐鎏岭. SDN中基于条件熵和GHSOM的DDoS攻击检测方法[J]. 通信学报, 2018, 39(8): 140-149.

Junfeng TIAN,Liuling QI. DDoS attack detection method based on conditional entropy and GHSOM in SDN[J]. Journal on Communications, 2018, 39(8): 140-149.

图/表 8

图1

图2

图3

图4

图5

图6

表1

表2

参考文献 17

[1]	KREUTZ D , RAMOS F M V , ESTEVES V P ,et al. Software-defined networking:a comprehensive survey[J]. Proceedings of the IEEE, 2014,103(1): 10-13.
[2]	SEZER S , SCOTT H S , CHOUHAN P K ,et al. Are we ready for SDN? implementation challenges for software-defined networks[J]. IEEE Communications Magazine, 2013,51(7): 36-43.
[3]	SHIN S , GU G . Attacking software-defined networks:a first feasibility study[C]// ACM SIGCOMM Workshop on Hot Topics in Software Defined NETWORKING. , 2013: 165-166.
[4]	NEELAM D , SHASHANK S . Analyzing behavior of DDoS attacks to identify DDoS detection features in SDN[C]// IEEE International Conference on Communication System and Networks (COMSNETS), 2017.
[5]	CHEN K Y , JUNUTHULA A R , SIDDHRAU I K ,et al. SDNShiled:towards more comprehensive defense against DDoS attacks on SDN control plane[C]// IEEE Conference on Communications and Networks Security (CNS). 2016.
[6]	KLOTI R , KOTRONIS V , SMITH P . OpenFlow:a security analysis[C]// IEEE International Conference on Network Protocols. 2013: 1-6.
[7]	BENTON K , CAMP L J , SMALL C . OpenFlow vulnerability assessment[C]// ACM SIGCOMM Workshop on Hot Topics in Software Defined NETWORKING. 2013: 151-152.
[8]	DAYAL N , MAITY P , SRIVASTAVA S ,et al. Research trends in security and DDoS in SDN[J]. Security ＆ Communication Networks, 2016,9.
[9]	MOUSAVI S M , STHILAIRE M . Early detection of DDoS attacks against SDN controllers[C]// International Conference on Computing,NETWORKING and Communications. 2015: 77-81.
[10]	DONG P , DU X , ZHANG H ,et al. A detection method for a novelDDoS attack against SDN controllers by vast new low-traffic flows[C]// IEEE International Conference on Communications. 2016: 1-6.
[11]	BRAGA R , MOTA E , PASSITO A . Lightweight DDoS flooding attack detection using NOX/OpenFlow[C]// Conference on Local Computer Networks. 2010: 408-415.
[12]	姚琳元, 董平, 张宏科 . 基于对象特征的软件定义网络分布式拒绝服务攻击检测方法[J]. 电子与信息学报, 2017,39(2): 381-388.
	YAO L Y , DONG P , ZHANG H K . Distributed denial of service attack detection based on object character in software defined network[J]. Journal of Electronica ＆ Information Technology, 2017,39(2): 381-388.
[13]	杨雅辉, 姜电波, 沈晴霓 ,等. 基于改进的 GHSOM 的入侵检测研究[J]. 通信学报, 2011,32(1): 121-126.
	YANG Y H , JIANG D B , SHEN Q N ,et al. Research on intrusion detection based on an improved GHSOM[J]. Journal on Communications, 2011,32(1): 121-126.
[14]	阳时来, 杨雅辉, 沈晴霓 ,等. 一种基于半监督 GHSOM 的入侵检测方法[J]. 计算机研究与发展, 2013,50(11): 2375-2382.
	YANG S L , YANG Y H , SHEN Q N ,et al. A method of intrusion detection based on semi-supervised GHSOM[J]. Journal of Computer Research and Development, 2013,50(11): 2375-2382.
[15]	SHANNON C E . A mathematical theory of communication[J]. ACM Sigmobile Mobile Computing ＆ Communications Review, 1948,27(4): 379-423.
[16]	MA D , XU Z , LIN D . Defending blind DDoS attack on SDN based on moving target defense[C]// International Conference on Security and Privacy in Communication Systems. 2014: 463-480.
[17]	BORGNAT P , DEWAELE G , FUKUDA K ,et al. Seven years and one day:sketching the evolution of internet traffic[C]// INFOCOM. 2009: 711-719.

攻击类型	MBCE＆G	GHSOM	SOM	熵检测法
neptune	97.6%	96.8%	96.4%	94.3%
portsweep	95.7%	94.6%	81.3%	71.6%
ipsweep	95.5%	93.5%	82.1%	70.7%

攻击类型	MBCE＆G/ms	GHSOM/ms	SOM/ms	熵检测法/ms
neptune	517	430	314	212
portsweep	552	453	342	233
ipsweep	564	465	357	246

SDN中基于条件熵和GHSOM的DDoS攻击检测方法

DDoS attack detection method based on conditional entropy and GHSOM in SDN

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 8

参考文献 17

相关文章 15

Metrics

推荐阅读 0

[1]	陈晋音, 熊海洋, 马浩男, 郑雅羽. 基于对比学习的图神经网络后门攻击防御方法[J]. 通信学报, 2023, 44(4): 154-166.
[2]	李建锋, 刘哲宇, 荣洋, 李展, 廖柏林, 屈林曦, 刘志杰, 林琨煌. 用于线性噪声时变凸二次规划的归零神经网络[J]. 通信学报, 2023, 44(4): 226-233.
[3]	林云, 徐怀韬, 王森, 张思成, 庄龙. 基于特征融合的通信语音干扰效果客观评估[J]. 通信学报, 2023, 44(3): 105-116.
[4]	王东滨, 吴东哲, 智慧, 郭昆, 张勖, 时金桥, 张宇, 陆月明. 软件定义网络抗拒绝服务攻击的流表溢出防护[J]. 通信学报, 2023, 44(2): 1-11.
[5]	杨宏宇, 杨海云, 张良, 成翔. 基于特征依赖图的源代码漏洞检测方法[J]. 通信学报, 2023, 44(1): 103-117.
[6]	沙宗轩, 霍如, 孙闯, 汪硕, 黄韬. 基于深度强化学习的转发效能感知流量调度算法[J]. 通信学报, 2022, 43(8): 30-40.
[7]	何世文, 袁军, 安振宇, 张敏, 黄永明, 张尧学. 基于图神经网络的联合用户调度与波束成形优化算法[J]. 通信学报, 2022, 43(7): 73-84.
[8]	冷涛, 蔡利君, 于爱民, 朱子元, 马建刚, 李超飞, 牛瑞丞, 孟丹. 基于系统溯源图的威胁发现与取证分析综述[J]. 通信学报, 2022, 43(7): 172-188.
[9]	李昂, 陈建新, 魏昕, 周亮. 面向6G的跨模态信号重建技术[J]. 通信学报, 2022, 43(6): 28-40.
[10]	燕昺昊, 刘勤让, 沈剑良, 汤先拓, 梁栋. 软件定义网络中一种快速无循环路径迁移策略[J]. 通信学报, 2022, 43(5): 24-35.
[11]	王晓丹, 李京泰, 宋亚飞. DDAC：面向卷积神经网络图像隐写分析模型的特征提取方法[J]. 通信学报, 2022, 43(5): 68-81.
[12]	廖育荣, 王海宁, 林存宝, 李阳, 方宇强, 倪淑燕. 基于深度学习的光学遥感图像目标检测研究进展[J]. 通信学报, 2022, 43(5): 190-203.
[13]	张帆, 黄赟, 方子茁, 郭威. 卷积神经网络的损失最小训练后参数量化方法[J]. 通信学报, 2022, 43(4): 114-122.
[14]	吴平, 常朝稳, 左志斌, 马莹莹. 基于地址重载的SDN分组转发验证[J]. 通信学报, 2022, 43(3): 88-100.
[15]	朱政宇, 侯庚旺, 黄崇文, 孙钢灿, 郝万明, 梁静. 基于并行CNN的RIS辅助D2D保密通信系统资源分配算法[J]. 通信学报, 2022, 43(3): 172-179.