SDN中基于条件熵和GHSOM的DDoS攻击检测方法

doi:10.11959/j.issn.1000-436x.2018140

Abstract

Abstract:

Software defined networking (SDN) simplifies the network architecture,while the controller is also faced with a security threat of “single point of failure”.Attackers can send a large number of forged data flows that do not exist in the flow tables of the switches,affecting the normal performance of the network.In order to detect the existence of this kind of attack,the DDoS attack detection method based on conditional entropy and GHSOM in SDN (MBCE&G) was presented.Firstly,according to the phased features of DDoS,the damaged switch in the network was located to find the suspect attack flows.Then,according to the diversity characteristics of the suspected attack flow,the quaternion feature vector was extracted in the form of conditional entropy,as the input features of the neural network for more accurate analysis.Finally,the experimental environment was built to complete the verification.The experimental results show that MBCE&G detection method can effectively detect DDoS attacks in SDN network.

Key words: software defined networking, conditional entropy, neural network, DDoS attack

CLC Number:

TP309

Junfeng TIAN,Liuling QI. DDoS attack detection method based on conditional entropy and GHSOM in SDN[J]. Journal on Communications, 2018, 39(8): 140-149.

Figures/Tables 8

References 17

[1]	KREUTZ D , RAMOS F M V , ESTEVES V P ,et al. Software-defined networking:a comprehensive survey[J]. Proceedings of the IEEE, 2014,103(1): 10-13.
[2]	SEZER S , SCOTT H S , CHOUHAN P K ,et al. Are we ready for SDN? implementation challenges for software-defined networks[J]. IEEE Communications Magazine, 2013,51(7): 36-43.
[3]	SHIN S , GU G . Attacking software-defined networks:a first feasibility study[C]// ACM SIGCOMM Workshop on Hot Topics in Software Defined NETWORKING. , 2013: 165-166.
[4]	NEELAM D , SHASHANK S . Analyzing behavior of DDoS attacks to identify DDoS detection features in SDN[C]// IEEE International Conference on Communication System and Networks (COMSNETS), 2017.
[5]	CHEN K Y , JUNUTHULA A R , SIDDHRAU I K ,et al. SDNShiled:towards more comprehensive defense against DDoS attacks on SDN control plane[C]// IEEE Conference on Communications and Networks Security (CNS). 2016.
[6]	KLOTI R , KOTRONIS V , SMITH P . OpenFlow:a security analysis[C]// IEEE International Conference on Network Protocols. 2013: 1-6.
[7]	BENTON K , CAMP L J , SMALL C . OpenFlow vulnerability assessment[C]// ACM SIGCOMM Workshop on Hot Topics in Software Defined NETWORKING. 2013: 151-152.
[8]	DAYAL N , MAITY P , SRIVASTAVA S ,et al. Research trends in security and DDoS in SDN[J]. Security ＆ Communication Networks, 2016,9.
[9]	MOUSAVI S M , STHILAIRE M . Early detection of DDoS attacks against SDN controllers[C]// International Conference on Computing,NETWORKING and Communications. 2015: 77-81.
[10]	DONG P , DU X , ZHANG H ,et al. A detection method for a novelDDoS attack against SDN controllers by vast new low-traffic flows[C]// IEEE International Conference on Communications. 2016: 1-6.
[11]	BRAGA R , MOTA E , PASSITO A . Lightweight DDoS flooding attack detection using NOX/OpenFlow[C]// Conference on Local Computer Networks. 2010: 408-415.
[12]	姚琳元, 董平, 张宏科 . 基于对象特征的软件定义网络分布式拒绝服务攻击检测方法[J]. 电子与信息学报, 2017,39(2): 381-388.
	YAO L Y , DONG P , ZHANG H K . Distributed denial of service attack detection based on object character in software defined network[J]. Journal of Electronica ＆ Information Technology, 2017,39(2): 381-388.
[13]	杨雅辉, 姜电波, 沈晴霓 ,等. 基于改进的 GHSOM 的入侵检测研究[J]. 通信学报, 2011,32(1): 121-126.
	YANG Y H , JIANG D B , SHEN Q N ,et al. Research on intrusion detection based on an improved GHSOM[J]. Journal on Communications, 2011,32(1): 121-126.
[14]	阳时来, 杨雅辉, 沈晴霓 ,等. 一种基于半监督 GHSOM 的入侵检测方法[J]. 计算机研究与发展, 2013,50(11): 2375-2382.
	YANG S L , YANG Y H , SHEN Q N ,et al. A method of intrusion detection based on semi-supervised GHSOM[J]. Journal of Computer Research and Development, 2013,50(11): 2375-2382.
[15]	SHANNON C E . A mathematical theory of communication[J]. ACM Sigmobile Mobile Computing ＆ Communications Review, 1948,27(4): 379-423.
[16]	MA D , XU Z , LIN D . Defending blind DDoS attack on SDN based on moving target defense[C]// International Conference on Security and Privacy in Communication Systems. 2014: 463-480.
[17]	BORGNAT P , DEWAELE G , FUKUDA K ,et al. Seven years and one day:sketching the evolution of internet traffic[C]// INFOCOM. 2009: 711-719.

Metrics

Recommended 0

No Suggested Reading articles found!

攻击类型	MBCE＆G	GHSOM	SOM	熵检测法
neptune	97.6%	96.8%	96.4%	94.3%
portsweep	95.7%	94.6%	81.3%	71.6%
ipsweep	95.5%	93.5%	82.1%	70.7%

攻击类型	MBCE＆G/ms	GHSOM/ms	SOM/ms	熵检测法/ms
neptune	517	430	314	212
portsweep	552	453	342	233
ipsweep	564	465	357	246

DDoS attack detection method based on conditional entropy and GHSOM in SDN

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 8

References 17

Related Articles 15

Metrics

Recommended 0

[1]	Jinyin CHEN, Haiyang XIONG, Haonan MA, Yayu ZHENG. CLB-Defense: based on contrastive learning defense for graph neural network against backdoor attack [J]. Journal on Communications, 2023, 44(4): 154-166.
[2]	Jianfeng LI, Zheyu LIU, Yang RONG, Zhan LI, Bolin LIAO, Linxi QU, Zhijie LIU, Kunhuang LIN. Zeroing neural network for time-varying convex quadratic programming with linear noise [J]. Journal on Communications, 2023, 44(4): 226-233.
[3]	Yun LIN, Huaitao XU, Sen WANG, Sicheng ZHANG, Long ZHUANG. Objective assessment of communication speech interference effect based on feature fusion [J]. Journal on Communications, 2023, 44(3): 105-116.
[4]	Hongyu YANG, Haiyun YANG, Liang ZHANG, Xiang CHENG. Feature dependence graph based source code loophole detection method [J]. Journal on Communications, 2023, 44(1): 103-117.
[5]	Shiwen HE, Jun YUAN, Zhenyu AN, Min ZHANG, Yongming HUANG, Yaoxue ZHANG. GNN-based optimization algorithm for joint user scheduling and beamforming [J]. Journal on Communications, 2022, 43(7): 73-84.
[6]	Tao LENG, Lijun CAI, Aimin YU, Ziyuan ZHU, Jian’gang MA, Chaofei LI, Ruicheng NIU, Dan MENG. Review of threat discovery and forensic analysis based on system provenance graph [J]. Journal on Communications, 2022, 43(7): 172-188.
[7]	Yurong LIAO, Haining WANG, Cunbao LIN, Yang LI, Yuqiang FANG, Shuyan NI. Research progress of deep learning-based object detection of optical remote sensing image [J]. Journal on Communications, 2022, 43(5): 190-203.
[8]	Fan ZHANG, Yun HUANG, Zizhuo FANG, Wei GUO. Lost-minimum post-training parameter quantization method for convolutional neural network [J]. Journal on Communications, 2022, 43(4): 114-122.
[9]	Zhengyu ZHU, Gengwang HOU, Chongwen HUANG, Gangcan SUN, Wanming HAO, Jing LIANG. Systems resource allocation algorithm for RIS-assisted D2D secure communication based on parallel CNN [J]. Journal on Communications, 2022, 43(3): 172-179.
[10]	Junyan HUO, Danni WANG, Yanzhuo MA, Shuai WAN, Fuzheng YANG. Efficient cross-component prediction for H.266/VVC based on lightweight fully connected networks [J]. Journal on Communications, 2022, 43(2): 143-155.
[11]	Hua LONG, Zhangheng HUANG, Yubin SHAO, Qingzhi DU, Shumeng SU. Research on language recognition algorithm based on improved CFCC feature extraction [J]. Journal on Communications, 2022, 43(12): 211-221.
[12]	Zhengyu ZHU, Pengfei CHEN, Zixuan WANG, Kexian GONG, Di WU, Zhongyong WANG. Short wave protocol signals recognition based on Swin-Transformer [J]. Journal on Communications, 2022, 43(11): 127-135.
[13]	Jinbo XIONG, Yongjie ZHOU, Renwan BI, Liang WAN, Youliang TIAN. Towards edge-collaborative, lightweight and privacy-preserving classification framework [J]. Journal on Communications, 2022, 43(1): 127-137.
[14]	Yiteng WU, Wei LIU, Hongtao YU. Label flipping adversarial attack on graph neural network [J]. Journal on Communications, 2021, 42(9): 65-74.
[15]	Changyin SUN, Liyan LIU, Fan JIANG, Jing JIANG. DNN-based Sub-6 GHz assisted millimeter wave network power allocation algorithm [J]. Journal on Communications, 2021, 42(9): 184-193.