通信学报 ›› 2018, Vol. 39 ›› Issue (8): 140-149.doi: 10.11959/j.issn.1000-436x.2018140

• 论文Ⅱ:学术论文 • 上一篇    下一篇

SDN中基于条件熵和GHSOM的DDoS攻击检测方法

田俊峰1,2,齐鎏岭1,2   

  1. 1 河北大学网络空间安全与计算机学院,河北 保定 071002
    2 河北省高可信信息系统重点实验室,河北 保定 071002
  • 修回日期:2018-07-03 出版日期:2018-08-01 发布日期:2018-09-13
  • 作者简介:田俊峰(1965-),男,河北保定人,河北大学教授、博士生导师,主要研究方向为信息安全与分布式计算。|齐鎏岭(1992-),男,河北保定人,河北大学硕士生,主要研究方向为信息安全与分布式计算。
  • 基金资助:
    国家自然科学基金资助项目(61170254);河北省自然科学基金资助项目(F2016201244)

DDoS attack detection method based on conditional entropy and GHSOM in SDN

Junfeng TIAN1,2,Liuling QI1,2   

  1. 1 School of Cyber Security and Computer,Hebei University,Baoding 071002,China
    2 Key Lab on High Trusted Information System in Hebei Province,Baoding 071002,China
  • Revised:2018-07-03 Online:2018-08-01 Published:2018-09-13
  • Supported by:
    The National Natural Science Foundation of China(61170254);The Natural Science Foundation of Hebei Province(F2016201244)

摘要:

软件定义网络(SDN,software defined networking)简化了网络结构,但同时控制器也面临着“单点失效”的安全威胁。攻击者可以发送大量交换机流表中并不存在的伪造数据流,影响网络正常性能。为了准确检测这种攻击的存在,提出了基于条件熵和 GHSOM(growing hierarchical SOM)神经网络的 DDoS 攻击检测方法MBCE&G 。首先,依据此DDoS的阶段性特征,定位了网络中的受损交换机以发现可疑攻击流;然后,依据可疑攻击流种类的多样性特征,以条件熵的形式提取了四元组特征向量,将其作为神经网络的输入特征进行更加精确的分析;最后,搭建了实验环境完成验证。实验结果显示,MBCE&G检测方法可以有效检测SDN中的DDoS攻击。

关键词: 软件定义网络, 条件熵, 神经网络, DDoS攻击

Abstract:

Software defined networking (SDN) simplifies the network architecture,while the controller is also faced with a security threat of “single point of failure”.Attackers can send a large number of forged data flows that do not exist in the flow tables of the switches,affecting the normal performance of the network.In order to detect the existence of this kind of attack,the DDoS attack detection method based on conditional entropy and GHSOM in SDN (MBCE&G) was presented.Firstly,according to the phased features of DDoS,the damaged switch in the network was located to find the suspect attack flows.Then,according to the diversity characteristics of the suspected attack flow,the quaternion feature vector was extracted in the form of conditional entropy,as the input features of the neural network for more accurate analysis.Finally,the experimental environment was built to complete the verification.The experimental results show that MBCE&G detection method can effectively detect DDoS attacks in SDN network.

Key words: software defined networking, conditional entropy, neural network, DDoS attack

中图分类号: 

  • TP309