《计算机应用研究》|Application Research of Computers

SDN场景中基于双向流量特征的DDoS攻击检测方法

Distributed denial of service attack detection based on bidirectional traffic feature in software defined network

免费全文下载 (已被下载 次)  
获取PDF全文
作者 陈超,曹晓梅
机构 南京邮电大学 计算机与软件学院,南京 210000
统计 摘要被查看 次,已被下载
文章编号 1001-3695(2019)07-049-2148-06
DOI 10.19734/j.issn.1001-3695.2018.01.0039
摘要 传统网络资源的分布式特性使得管理员较难实现网络的集中管控,在分布式拒绝服务攻击发生时难以快速准确地检出攻击并溯源。针对这一问题,结合软件定义网络集中管控、动态管理的优势和分布式拒绝服务攻击特点,引入双向流量概念,提出了攻击检测四元组特征,并利用增长型分层自组织映射算法对网络流中提取的四元组特征向量快速准确地分析并分类,同时提出了一种通过自适应改变监控流表粒度以定位潜在受害者的检测方法。仿真实验结果表明,提出的四元组特征及下发适量监控流表项的检测算法能以近似96%的准确率检出攻击并定位受害者,且对控制器造成的计算开销较小。
关键词 软件定义网络; 双向流量; 四元组特征; 分布式拒绝服务攻击; 增长型分层自组织映射
基金项目 国家自然科学基金资助项目(61202353)
国家“973”计划资助项目(2011CB302903)
江苏高校优势学科建设工程资助项目(yx002001)
本文URL http://www.arocmag.com/article/01-2019-07-049.html
英文标题 Distributed denial of service attack detection based on bidirectional traffic feature in software defined network
作者英文名 Chen Chao, Cao Xiaomei
机构英文名 School of Computer & Software,Nanjing University of Posts & Telecommunications,Nanjing 210000,China
英文摘要 The distributed nature of traditional network resources makes it more difficult for administrators to realize the centralized control of the network. It is difficult to quickly and accurately detect and trace the DDoS attacks when distributed denial of service attacks occur. To solve this problem, combined with the advantages of centralized management and control of software defined network, the advantages of dynamic management and the characteristics of DDoS attacks, this paper first introduced the concept of bidirectional traffic feature, put forward the four-tuple characteristics of attack detection and made use of the growth hierarchical self-organizing map algorithm to analyze and classify the quaternion eigenvectors extracted from network flows quickly and accurately. At the same time, this paper proposed a new detection method that located potential victims by adaptively changing the granularity of flow table. Simulation results show that the four-tuple features, as well as the detection algorithm issuing the monitoring flow entry, can detect DDoS attacks and pinpoint the victim with accuracy of nearly 96%, and the computational overhead for the controller is small.
英文关键词 software defined network(SDN); bidirectional traffic feature; four-tuple; distributed denial of service(DDoS); growing hierarchical self-organization map
参考文献 查看稿件参考文献
 
收稿日期 2018/1/22
修回日期 2018/3/19
页码 2148-2153
中图分类号 TP393
文献标志码 A