《计算机应用研究》|Application Research of Computers

SDN环境下基于BP神经网络的DDoS攻击检测方法

DDoS attack detection based on BPNN in software defined networks

免费全文下载 (已被下载 次)  
获取PDF全文
作者 王晓瑞,庄雷,胡颖,王国卿,马丁,景晨凯
机构 1.郑州大学 信息工程学院,郑州 450001;2.河南工业大学 信息科学与工程学院,郑州 450001
统计 摘要被查看 次,已被下载
文章编号 1001-3695(2018)03-0911-05
DOI 10.3969/j.issn.1001-3695.2018.03.057
摘要 软件定义网络是一种全新的网络架构,集中控制是其主要优势,但若受到DDoS 攻击则会造成信息不可达,也容易造成单点失效。为了有效地识别DDoS攻击,提出了一种SDN环境下基于BP神经网络的DDoS攻击检测方法。该方法获取OpenFlow交换机的流表项,分析SDN环境下DDoS攻击特性,提取出与攻击相关的流表匹配成功率、流表项速率等六个重要特征;通过分析六个相关特征值的变化,采用BP神经网络算法对训练样本进行分类,实现对DDoS攻击的检测。实验结果表明,该方法在有效提高识别率的同时,降低了检测时间。通过在软件定义网络环境中的部署,验证了该方法的有效性。
关键词 软件定义网络;分布式拒绝服务攻击;反向传播神经网络;特征值;攻击检测
基金项目 国家“973”计划资助项目(2012CB315901)
国家自然科学基金资助项目(61379079)
河南省科技攻关项目(122102210042)
本文URL http://www.arocmag.com/article/01-2018-03-057.html
英文标题 DDoS attack detection based on BPNN in software defined networks
作者英文名 Wang Xiaorui, Zhuang Lei, Hu Ying, Wang Guoqing, Ma Ding, Jing Chenkai
机构英文名 1.SchoolofInformationEngineering,ZhengzhouUniversity,Zhengzhou450001,China;2.CollegeofInformationScience&Engineering,HenanUniversityofTechnology,Zhengzhou450001,China
英文摘要 Software definition network is a new network architecture that achieves a centralized network control. Although centralized control is the main advantage of SDN, but if subject to DDoS attacks, the information will be not reachable, it also likely to cause a single point of failure. In order to mitigate this threat, this paper proposed a DDoS attack detection method based on SDN centralized control. This algorithm obtained the flow table items of OpenFlow switch, analyzed the characteristics of DDoS attacks in SDN environment, and extracted six characteristics related to attacks. By analyzing the changes of the six eigenvalues, it used BP neural network algorithm to classify the training samples to achieve the DDoS attack detection. The experimental results show that the method can improve the recognition rate and reduce the detection time. The effectiveness of the method is verified by the deployment in a software-defined network environment.
英文关键词 software definition network; DDoS attack; BP neural network; eigenvalues; attack detection
参考文献 查看稿件参考文献
  [1] 左青云, 陈鸣, 赵广松, 等. 基于OpenFlow的SDN技术研究[J] . 软件学报, 2013, 24(5):1078-1097.
[2] 郑亚, 陈兴蜀, 尹学渊. 基于PCC时间序列的DDoS检测算法[J] . 四川大学学报:工程科学版, 2015(S2):142-148.
[3] 杨君刚, 王新桐, 刘故箐. 基于流量和 IP熵特性的DDoS攻击检测方法[J] . 计算机应用研究, 2016, 33(4):1145-1149.
[4] Saied A, Overill R E, Radzik T. Detection of known and unknown DDoS attacks using artificial neural networks[J] . Neurocomputing, 2016, 172(C):385-393.
[5] 肖甫, 马俊青, 黄洵松, 等. SDN环境下基于KNN的DDoS攻击检测方法[J] . 南京邮电大学学报:自然科学版, 2015, 35(1):84-88.
[6] Wang Xiulei, Chen Ming, Xing Changyou, et al. Defending DDoS attacks in software-defined networking based on legitimate source and destination IP address database[J] . IEICE Trans on Information & Systems, 2016, E99. D(4):850-859.
[7] 李鹤飞, 黄新力, 郑正奇. 基于软件定义网络的DDoS攻击检测方法及其应用[J] . 计算机工程, 2016, 42(2):118-123.
[8] Wang Xiulei, Chen Ming, Wei Xianglin, et al. Defending DDoS attacks in software defined networking based on improved Shiryaev-Roberts detection algorithm[J] . Journal of High Speed Networks, 2015, 21(4):285-298.
[9] Braga B R, Mota M E, Passito P A. Lightweight DDoS flooding attack detection using NOX/OpenFlow[C] //Proc of IEEE Conference on Local Computer Networks. Washington DC:IEEE Computer Society, 2010:408-415.
[10] 王帅, 金华敏. 基于SDN的安全分析及关键技术研究[J] . 电信科学, 2014(S2):45-49.
[11] Scott-Hayward S, O’Callaghan G, Sezer S. SDN security:a survey[C] //Proc of IEEE SDN for Future Networks and Services. [S. l. ] :IEEE Press, 2013:1-7.
[12] Li Jin, Liu Yong, Gu Lin. DDoS attack detection based on neural network[C] //Proc of International Symposium on Aware Computing. 2010:196-199.
[13] Mousavi S M, Sthilaire M. Early detection of DDoS attacks against SDN controllers[C] //Proc of International Conference on Computing, Networking and Communications. Washington DC:IEEE Computer Society, 2015:77-81.
[14] 李鹤飞, 董晨, 郑晓航, 等. 基于软件定义网络的流量管理应用的研究和实现[J] . 计算机应用与软件, 2015, 32(5):17-19.
[15] 成亚男, 董晨, 褚灵伟, 等. 基于软件定义网络的防火墙系统设计与实现[J] . 计算机应用与软件, 2015, 32(1):286-288.
[16] Kokila R T, Thamarai Selvi S, Govindarajan K. DDoS detection and analysis in SDN-based environment using support vector machine classifier[C] //Proc of the 6th International Conference on Advanced Computing. 2014.
[17] 何亨, 黄伟, 李涛, 等. 基于SDS架构的多级DDoS防护机制[J] . 计算机工程与应用, 2016, 52(1):81-88.
[18] 张永铮, 肖军, 云晓春, 等. DDoS攻击检测和控制方法[J] . 软件学报, 2012, 23(8):2058-2072.
[19] Lim S, Yang S, Kim Y, et al. Controller scheduling for continued SDN operation under DDoS attacks[J] . Electronics Letters, 2015, 51(16):1259-1261.
[20] 孙鹏, 刘秋研. SDN安全技术研究[J] . 中国电子科学研究院学报, 2015, 10(4):416-420.
[21] 张朝昆, 崔勇, 唐翯翯, 等. 软件定义网络(SDN)研究进展[J] . 软件学报, 2015, 26(1):62-81.
[22] Feng Yifu, Guo Rui, Wang Dongqi, et al. Research on the active DDoS filtering algorithm based on IP flow[C] //Proc of International Conference on Natural Computation. 2009:628-632.
[23] 左青云, 陈鸣, 王秀磊, 等. 一种基于SDN的在线流量异常检测方法[J] . 西安电子科技大学学报:自然科学版, 2015, 42(1):155-160.
[24] Klaedtke F, Karame G O, Bifulco R, et al. Towards an access control scheme for accessing flows in SDN[C] //Proc of the 1st IEEE Conference on Network Softwarization. [S. l. ] :IEEE Press, 2015.
[25] 黄韬, 刘江, 魏亮, 等. 软件定义网络核心原理与应用实践[M] . 北京:人民邮电出版社, 2014.
收稿日期 2016/12/2
修回日期 2017/2/16
页码 911-915
中图分类号 TP393.08
文献标志码 A