SDN下基于深度学习混合模型的DDoS攻击检测与防御

doi:10.11959/j.issn.1000-436x.2018128

Abstract

Abstract:

Software defined network (SDN) is a new kind of network technology,and the security problems are the hot topics in SDN field,such as SDN control channel security,forged service deployment and external distributed denial of service (DDoS) attacks.Aiming at DDoS attack problem of security in SDN,a DDoS attack detection method called DCNN-DSAE based on deep learning hybrid model in SDN was proposed.In this method,when a deep learning model was constructed,the input feature included 21 different types of fields extracted from the data plane and 5 extra self-designed features of distinguishing flow types.The experimental results show that the method has high accuracy,it’s better than the traditional support vector machine (SVM) and deep neural network (DNN) and other machine learning methods.At the same time,the proposed method can also shorten the processing time of classification detection.The detection model is deployed in SDN controller,and the new security policy is sent to the OpenFlow switch to achieve the defense against specific DDoS attack.

Key words: distributed denial of service, software defined network, attack detection, deep learning

CLC Number:

TP393

Chuanhuang LI,Yan WU,Zhengzhe QIAN,Zhengjun SUN,Weiming WANG. DDoS attack detection and defense based on hybrid deep learning model in SDN[J]. Journal on Communications, 2018, 39(7): 176-187.

Figures/Tables 21

References 21

[1]	YAN Q , YU F R , GONG Q ,et al. Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments:a survey,some research issues,and challenges[J]. IEEE Communications Surveys ＆ Tutorials, 2016,18(1): 602-622.
[2]	RADWARE.2017-2018 global application ＆ network security report[R]. 2018.
[3]	AKAMAI.[State of the Internet]/security Q4 2017 executive summary[R]. 2017.
[4]	VOELLMY A , WANG J . Scalable software defined network controllers[J]. ACM SIGCOMM Computer Communication Review, 2012,42(4): 289-290.
[5]	PENG T , LECKIE C , RAMAMOHANARAO K . Survey of network-based defense mechanisms countering the DoS and DDoS problems[J]. ACM Computing Surveys, 2007,39(1):3.
[6]	MIRKOVIC J , MARTIN J , REIHER P . A taxonomy of DDoS attacks and DDoS defense mechanisms[J]. ACM SIGCOMM Computer Communication Review, 2001,34(2): 39-53.
[7]	LI D , LI J , HUANG J ,et al. Recent advances in deep learning for speech research at Microsoft[C]// 2013 IEEE International Conference on Acoustics,Speech and Signal Processing. 2013: 8604-8608.
[8]	YU K , . Large-scale deep learning at Baidu[C]// 22nd ACM international conference on Information ＆ Knowledge Management. 2013: 2211-2212.
[9]	杨余旺, 杨静宇, 孙亚民 . 分布式拒绝服务攻击的实现机理及其防御研究[J]. 计算机工程与设计, 2004,25(5): 657-660.
	YANG Y W , YANG J Y , SUN Y M . Defense study and implementation mechanism of distributed denial of service attack[J]. Computer Engineering and Design, 2004,25(5): 657-660.
[10]	孟江涛, 冯登国, 薛锐 ,等. 分布式拒绝服务攻击的原理与防范[J]. 中国科学院大学学报, 2004,21(1): 90-94.
	MENG J T , FENG D G , XUE R ,et al. Distributed denial of service attacks:principle and defense[J]. Journal of the Graduate School of the Chinese Academy of Sciences, 2004,21(1): 90-94.
[11]	GIL T M , POLETTO M . MULTOPS:a data-structure for bandwidth attack detection[C]// 10th Usenix Security Symposium. 2001: 23-38.
[12]	MOUSAVI S M , ST-HILAIRE M , . Early detection of DDoS attacks against SDN controllers[C]// 2015 International Conference on Computing,Networking and Communications (ICNC). 2015: 77-81.
[13]	WANG R , JIA Z , JU L . An entropy-based distributed DDoS detection mechanism in software-defined networking[C]// 2015 IEEE Trustcom/BigDataSE/ISPA. 2015: 310-317.
[14]	JADIDI Z , MUTHUKKUMARASAMY V , SITHIRASENAN E ,et al. Flow-based anomaly detection using neural network optimized with GSA algorithm[C]// 2013 IEEE 33rd International Conference on Distributed Computing Systems Workshops. 2013: 76-81.
[15]	WINTER P , HERMANN E , ZEILINGER M . Inductive intrusiondetection in flow-based network data using one-class support vector machines[C]// 2011 4th IFIP International Conference on New Technologies,Mobility and Security. 2011: 1-5.
[16]	TRUNG P V , HUONG T T , DANG V T ,et al. A multi-criteria-based DDoS-attack prevention solution using software defined networking[C]// 2015 International Conference on Advanced Technologies for Communications (ATC). 2015: 308-313.
[17]	YUAN X Y , LI C H , LI X . DeepDefense:identifying DDoS attack via deep learning[C]// 2017 IEEE International Conference on Smart Computing (SMARTCOMP). 2017: 1-8.
[18]	李传煌, 孙正君, 袁小雍 ,等. 基于深度学习的实时 DDoS 攻击检测[J]. 电信科学, 2017,33(7): 53-65.
	LI C H , SUN Z J , YUAN X Y ,et al. Real-time DDoS attack detection based on deep learning[J]. Telecommunications Science, 2017,33(7): 53-65.
[19]	LIU C , SUN W , CHAO W . Convolution neural network for relation extraction[C]// International Conference on Advanced Data Mining and Applications (ADMA 2013). 2013: 231-242.
[20]	HINTON G E , SRIVASTAVA N , KRIZHEVSKY A ,et al. Improving neural networks by preventing co-adaptation of feature detectors[J]. Computer Science, 2012,3(4): 212-223.
[21]	SRIVASTAVA N , HINTON G , KRIZHEVSKY A ,et al. Dropout:a simple way to prevent neural networks from overfitting[J]. Journal of Machine Learning Research, 2014,15(1): 1929-1958.

Metrics

Recommended 0

No Suggested Reading articles found!

特征名称	描述
durationSeconds	持续时间
packetCount	每条流中数据分组数量
byteCount	每条流中数据分组比特数
match.eth_type	匹配的以太网类型
match.eth_dst	匹配的以太网目的地址
match.eth_src	匹配的以太网源地址
match.in_port	匹配的入端口
priority	优先级
match.ipv4_src	匹配的源IP
match.ipv4_dst	匹配的目的IP
match.udp_dst	匹配的UDP目的端口
match.udp_dst	匹配的UDP源端口
match.tcp_dst	匹配的TCP目的端口
match.tcp_dst	匹配的TCP源端口
idleTimeoutSec	空闲超时
match.ip_proto	匹配的IP协议
durationNSeconds	持续时间
cookie	Cookie
tableId	表ID
hardTimeoutSec	严格超时
actions.actions	动作

特征名称	描述
growth rate of single flow (grsf)	单流增长速率
growth rate of different port (grdp)	不同端口增长速率
average packets per flow (appf)	流表平均数据分组量
average bytes per flow (abpf)	流表平均比特数
average durations per flow (adpf)	流量平均持续时间

数据集	正常流特征/条	DDoS流特征/条
训练集	43 000	47 000
测试集	28 000	32 000

模型名称							模型结构
	卷积层1	批标准化1	池化层1	卷积层2	批标准化2	池化层2	卷积层3	批标准化3	池化层3	全连接层（2）	全连接层（4）	激活函数
C3P2F2	1	1	1	1	1	1	1	0	0	1	0	ReLU,Softplus
C3P3F2	1	1	1	1	1	1	1	1	1	1	0	ReLU,Softplus
C2P2F2	1	1	1	1	1	1	0	0	0	1	0	ReLU,Softplus
C2P2F4	1	1	1	1	1	1	0	0	0	0	0	ReLU,Softplus

模型名称	Acc	P	R	F₁
C3P2F2	97.73%	98.11%	97.93%	97.30%
C3P3F2	97.74%	97.17%	97.22%	97.02%
C2P2F2	96.43%	97.42%	97.54%	96.93%
C2P2F4	96.37%	97.07%	96.98%	97.01%

DDoS attack detection and defense based on hybrid deep learning model in SDN

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 21

References 21

Related Articles 15

Metrics

Recommended 0

模型名称	Acc	P	R	F₁
SAE3	97.67%	97.41%	97.63%	97.30%
SAE4	98.11%	97.77%	97.74%	97.62%
SAE5	96.43%	97.72%	97.44%	96.95%

模型名称	Acc	P	R	F₁
SVM	96.72%	96.47%	95.84%	96.77%
DCNN-DSAE	98.53%	98.17%	97.94%	98.12%
C3P2F2	97.73%	98.11%	97.93%	97.30%
SAE4	97.44%	97.12%	97.87%	97.53%
DNN	94.47%	95.82%	93.74%	93.55%

特征数量/个	Acc	P	R	F₁
5	88.33%	89.15%	89.97%	90.07%
10	94.21%	94.19%	93.77%	94.04%
15	95.13%	95.20%	94.94%	94.85%
21	92.47%	92.57%	93.10%	92.20%
26	98.53%	98.17%	97.64%	98.12%
30	98.51%	98.20%	97.59%	98.11%

[1]	Dongyu CHEN, Hua CHEN, Limin FAN, Yifang FU, Jian WANG. Research on test strategy for randomness based on deep learning [J]. Journal on Communications, 2023, 44(6): 23-33.
[2]	Rongpeng LI, Bingyan WANG, Honggang ZHANG, Zhifeng ZHAO. Design of knowledge enhanced semantic communication receiver [J]. Journal on Communications, 2023, 44(6): 70-76.
[3]	Shuai MA, Ke PEI, Huayan QI, Hang LI, Wen CAO, Hongmei WANG, Hailiang XIONG, Shiyin LI. Research on geomagnetic indoor high-precision positioning algorithm based on generative model [J]. Journal on Communications, 2023, 44(6): 211-222.
[4]	Dongbin WANG, Dongzhe WU, Hui ZHI, Kun GUO, Xu ZHANG, Jinqiao SHI, Yu ZHANG, Yueming LU. Preventing flow table overflow against denial of service attack in software defined network [J]. Journal on Communications, 2023, 44(2): 1-11.
[5]	Zongxuan SHA, Ru HUO, Chuang SUN, Shuo WANG, Tao HUANG. Forwarding efficiency aware traffic scheduling algorithm based on deep reinforcement learning [J]. Journal on Communications, 2022, 43(8): 30-40.
[6]	Jie YANG, Biao DONG, Xue FU, Yu WANG, Guan GUI. Lightweight decentralized learning-based automatic modulation classification method [J]. Journal on Communications, 2022, 43(7): 134-142.
[7]	Xiuzhang YANG, Guojun PENG, Zichuan LI, Yangqi LYU, Side LIU, Chenguang LI. Research on entity recognition and alignment of APT attack based on Bert and BiLSTM-CRF [J]. Journal on Communications, 2022, 43(6): 58-70.
[8]	Binghao YAN, Qinrang LIU, Jianliang SHEN, Xiantuo TANG, Dong LIANG. Fast loop-free path migration strategy in software defined network [J]. Journal on Communications, 2022, 43(5): 24-35.
[9]	Yong LIAO, Shiyi WANG. CSI feedback algorithm based on RM-Net for massive MIMO systems in high-speed mobile environment [J]. Journal on Communications, 2022, 43(5): 166-176.
[10]	Yurong LIAO, Haining WANG, Cunbao LIN, Yang LI, Yuqiang FANG, Shuyan NI. Research progress of deep learning-based object detection of optical remote sensing image [J]. Journal on Communications, 2022, 43(5): 190-203.
[11]	Zenghua ZHAO, Yuefan TONG, Jiayang CUI. Device-independent Wi-Fi fingerprinting indoor localization model based on domain adaptation [J]. Journal on Communications, 2022, 43(4): 143-153.
[12]	Chuanhuang LI, Yangting CHEN, Jingjing TANG, Jiali LOU, Renhua XIE, Chuntao FANG, Weiming WANG, Chao CHEN. QL-STCT: an intelligent routing convergence method for SDN link failure [J]. Journal on Communications, 2022, 43(2): 131-142.
[13]	Lixia XIE, Xueou LI, Hongyu YANG, Liang ZHANG, Xiang CHENG. Multi-stage detection method for APT attack based on sample feature reinforcement [J]. Journal on Communications, 2022, 43(12): 66-76.
[14]	Yong LIAO, Gang CHENG, Yujie LI. CSI feedback algorithm based on deep unfolding for massive MIMO systems [J]. Journal on Communications, 2022, 43(12): 77-88.
[15]	Xueyuan DUAN, Yu FU, Kun WANG, Bin LI. LDoS attack detection method based on simple statistical features [J]. Journal on Communications, 2022, 43(11): 53-64.

模型名称			模型结构
模型名称	自编码（128-64）	自编码（64-32）	自编码（32-16）	自编码（16-8）	自编码（8-4）	softmax
SAE3	1	1	1	0	0	1
SAE4	1	1	1	1	0	1
SAE5	1	1	1	1	1	1