基于Renyi熵的SDN自主防护系统

doi:10.11959/j.issn.2096-109x.2021049

Abstract

Abstract:

Aiming at the abnormal behaviors in SDN architecture, a self-protection system based on Renyi entropy that implemented a set of detection, diagnosis and defense method of SDN abnormal behaviors was proposed.The system did not need to introduce the third-party measurement equipment, and directly used the flow table information of OpenFlow switches.Firstly, the abnormal network behavior was detected by calculating the characteristic entropy.Then, the information of the OpenFlow flow table was further analyzed to realize the diagnosis of abnormal behavior.Finally, a blacklist mechanism was established.And the system added the hosts with abnormal behavior to the blacklist and blocked the corresponding abnormal traffic.In order to verify the effectiveness of the system, a prototype was developed on the Floodlight controller.The simulation results on Mininet show that the system can effectively detect, diagnose and defend the abnormal behaviors.The system has low deployment cost, which enhances the security of SDN.

Key words: software defined network, anomaly detection, Renyi entropy, OpenFlow protocol

CLC Number:

TP393

Pu ZHAO, Wentao ZHAO, Zhangjie FU, Qiang LIU. SDN self-protection system based on Renyi entropy[J]. Chinese Journal of Network and Information Security, 2021, 7(3): 85-94.

Figures/Tables 10

References 17

[1]	BRAGA R , MOTA E , PASSITO A . Lightweight DDoS flooding attack detection using NOX/OpenFlow[C]// The 35th Annual IEEE Conference on Local Computer Networks. 2010.
[2]	BEHAL S , SINGH J . Detection and mitigation of DDoS attacks in SDN:a comprehensive review,research challenges and future directions[J]. Computer Science Review, 2020,37: 1-25.
[3]	MCKEOWN N , ANDERSON T , BALAKRISHNAN H ,et al. OpenFlow:enabling innovation in campus networks[J]. ACM Sigcomm Computer Communication Review, 2008,38(2): 69-74.
[4]	ZHAO P , ZHAO W , LIU Q . Multi-objective link-separation multipath selection using k max-min for software-defined MANET[C]// 2019 15th International Conference on Mobile Ad-Hoc and Sensor Networks (MSN). 2019: 253-258.
[5]	SALMAN O , ELHAJJ I H , KAYSSI A ,et al. A review on machine learning-based approaches for Internet traffic classification[J]. Annals of Telecommunications, 2020: 1-38.
[6]	WILLIAMS N , ZANDER S , ARMITAGE G . A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classification[J]. ACM SIGCOMM Computer Communication Review, 2006,36(5): 5-16.
[7]	LAKHINA A , CROVELLA M , DIOT C . Mining anomalies using traffic feature distributions[C]// ACM Sigcomm Conference on Applications. 2005:217.
[8]	FIADINO P D , DALCONZO A , SCHIAVONE M ,et al. Challenging entropy-based anomaly detection and diagnosis in cellular networks[J]. ACM Sigcomm Computer Communication Review, 2015,45(4): 87-88.
[9]	TIMCENKO V V , IBRAHIM J , GAJIN S . The hybrid machine learning support for entropy based network traffic anomaly detection[C]// ICIST 2019. 2019: 144-149.
[10]	IBRAHIM J , TIMCENKO V V , GAJIN S . A comprehensive flow-based anomaly detection architecture using entropy calculation and machine learning classification[C]// ICIST 2019. 2019: 138-143.
[11]	SHUKLA A S , MAURYA R . Entropy-based anomaly detection in a network[J]. Wireless Personal Communications, 2018,99: 1487-1501.
[12]	SCHAEFFER-FILHO A , MAUTHE A , HUTCHISON D ,et al. PReSET:a toolset for the evaluation of network resilience strategies[C]// IFIP/IEEE International Symposium on Integrated Network Management. 2013.
[13]	STONE-GROSS B , COVA M , GILBERT B ,et al. Analysis of a Botnet Takeover[J]. IEEE Security ＆ Privacy, 2011,9(1): 64-72.
[14]	WANG Q , CHEN Z , CHEN C ,et al. On the robustness of the botnet topology formed by worm infection[C]// Global Telecommunications Conference. 2010.
[15]	周佳骏, 汪婷婷 . 基于计算机网络对抗的 Agobot 实例分析[J]. 网络安全技术与应用, 2013,(7): 86-88.
	ZHOU J J , WANG T T . Instance analysis of Agobot based on computer network operations[J]. Network Security Technology ＆ Application, 2013,(7): 86-88.
[16]	李世杰, 倪洪 . 面向DDoS防御设备安全性测试的Scapy应用[J]. 网络安全技术与应用, 2020,(1): 20-22.
	LI S J , NI H . Scapy application for DDoS defense equipment se curity test[J]. Network Security Technology and Application, 2020,(1): 20-22.
[17]	KAUR K , SINGH J , GHUMMAN N S . Mininet as Software Defined Networking Testing Platform[C]// International Conference on Communiction,Computing ＆ Systems. 2014.

Metrics

Recommended 0

No Suggested Reading articles found!

恶意行为标记向量	网络异常行为	异常行为特点
（0,1,0,0,0,0）	端口扫描	目的端口号熵值显著增加
（0,1,1,0,0,0）	蠕虫病毒传播	目的端口号和源IP熵值显著下降
（0,1,0,1,0,0）	DDoS攻击	目的IP和目的端口号显著下降

源端口	目的端口	源IP	目的IP	源MAC	目的MAC
tcp_src	tcp_dst	ipv4_src	ipv4_dst	eth_src	eth_dst

匹配包数	传输字节数	活跃时间
packet_count	byte_count	duration_sec

SDN self-protection system based on Renyi entropy

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 10

References 17

Related Articles 13

Metrics

Recommended 0

[1]	Haoran SHI, Lixin JI, Shuxin LIU, Gengrun WANG. Abnormal link detection algorithm based on semi-local structure [J]. Chinese Journal of Network and Information Security, 2022, 8(1): 63-72.
[2]	Weizhen HE, Fucai CHEN, Jie NIU, Jinglei TAN, Shumin HUO, Guozhen CHENG. Research progress on dynamic hopping technology for network layer [J]. Chinese Journal of Network and Information Security, 2021, 7(6): 44-55.
[3]	Tao WANG, Hongchang CHEN. Multi-objective optimization placement strategy for SDN security controller considering Byzantine attributes [J]. Chinese Journal of Network and Information Security, 2021, 7(3): 72-84.
[4]	Qi WU,Hongchang CHEN. Low failure recovery cost controller placement strategy in software defined networks [J]. Chinese Journal of Network and Information Security, 2020, 6(6): 97-104.
[5]	Gansen ZHAO,Zhijian XIE,Xinming WANG,Jiahao HE,Chengzhi ZHANG,Chengchuang LIN,ZHOU Ziheng,Bingchuan CHEN,RONG Chunming. ContractGuard:defend Ethereum smart contract with embedded intrusion detection [J]. Chinese Journal of Network and Information Security, 2020, 6(2): 35-55.
[6]	Wei HUANG, Ran LU, Cuncai LIU, Sibo QI. QoS routing algorithm based on multiple domain architecture of SDN [J]. Chinese Journal of Network and Information Security, 2019, 5(5): 21-31.
[7]	Yidong WANG, Peishun LIU, Gbin WAN. Research on system log anomaly detection based on deep learning [J]. Chinese Journal of Network and Information Security, 2019, 5(5): 105-118.
[8]	Yang WANG,Guangming TANG,Cheng LEI,Dong HAN. Multidimensional detection and dynamic defense method for link flooding attack [J]. Chinese Journal of Network and Information Security, 2019, 5(4): 80-90.
[9]	Zhenping LU,Fucai CHEN,Guozhen CHENG. Design and implementation of the controller scheduling-time in SDN [J]. Chinese Journal of Network and Information Security, 2018, 4(1): 36-44.
[10]	Zhen-ping LU,Fu-cai CHEN,Guo-zhen CHENG. Secure control plane for SDN using Bayesian Stackelberg games [J]. Chinese Journal of Network and Information Security, 2017, 3(11): 40-49.
[11]	Zhen-peng WANG,Hong-chao HU,Guo-zhen CHENG,Chuan-hao ZHANG. Implementation architecture of mimic security defense based on SDN [J]. Chinese Journal of Network and Information Security, 2017, 3(10): 52-61.
[12]	Hui ZHANG,Cheng LIU. Anomaly intrusion detection based on modified SVM [J]. Chinese Journal of Network and Information Security, 2016, 2(8): 68-73.
[13]	Jia-wei LI,Zhi-ju YANG,Xi-jun LIN,UHai-peng Q. Research on networking troubleshooting method based on software defined network [J]. Chinese Journal of Network and Information Security, 2016, 2(12): 56-62.