基于对象特征的软件定义网络分布式拒绝服务攻击检测方法

姚琳元; 董平; 张宏科

doi:10.11999/JEIT160370

基于对象特征的软件定义网络分布式拒绝服务攻击检测方法

doi: 10.11999/JEIT160370

基金项目:

国家973重点基础研究发展计划(2013CB329100)，国家863高技术研究发展计划(2015AA016103)，国家自然科学基金(61301081)，国家电网公司科技项目([2016]377)

计量
- 文章访问数: 1416
- HTML全文浏览量: 170
- PDF下载量: 508
- 被引次数: 51
出版历程
- 收稿日期: 2016-04-18
- 修回日期: 2016-10-19
- 刊出日期: 2017-02-19

Distributed Denial of Service Attack Detection Based on Object Character in Software Defined Network

Funds:

The National Key Basic Research Program of China (2013CB329100), The National High Technology Research and Development Program 863 (2015AA016103), The National Natural Science Foundation of China (61301081), SGRIXTJSFW ([2016]377)

摘要

摘要: 软件定义网络(SDN)受到分布式拒绝服务(DDoS)攻击时，攻击方会发送大量数据包，产生大量新的终端标识占用网络连接资源，影响网络正常运转。为准确发现受攻击对象，检测被占用资源，利用GHSOM技术，该文提出基于对象特征的DDoS攻击检测方法。首先，结合SDN网络及攻击特点，提出基于目的地址的检测7元组，并以此作为判断目标地址是否受到DDoS攻击的检测元素；然后，采用模块化设计，将GHSOM算法应用于SDN网络DDoS攻击的分析检测中，并在OpenDayLight的仿真平台上完成了仿真实验。实验结果显示，该文提出的检测7元组可有效检测目标对象是否受到DDoS攻击。
- 软件定义网络 /
- 7元组 /
- 自组织映射 /
- 分布式拒绝服务
Abstract: During the Distributed Denial of Service (DDoS) attack happening in Software Defined Network (SDN) network, the attackers send a large number of data packets. Large quantities of new terminal identifiers are generated. Accordingly, the network connection resources are occupied, obstructing the normal operation of the network. To detect the attacked target accurately, and release the occupied resources, a DDoS attack detection method based on object features with the GHSOM technology is provided. First, the seven-tuple is proposed for detection to determine whether the target address is under attack by DDoS. Then, a simulation platform is built, which is based on the OpenDayLight controller. GHSOM algorithm is applied to the network. Simulation experiments are performed to validate the feasibility of the detection method. The results show that the seven-tuple for detection can effectively confirm whether the target object is under a DDoS attack.
- Software Defined Network (SDN) /
- Seven-tuple /
- Self-organization mapping /
- Distributed Denial of Service (DDoS)

HTML全文

参考文献(20)

BENSON T, AKELLA A, and MALTZ D A. Unraveling the Complexity of Network Management[C]. 6th USENIX Symposium on Networked Systems Design and Implementation, Boston, MA, USA, 2009: 335-348.

KREUTZ D, RAMOS F M V, ESTEVES VERISSIMO P, et al. Software-defined networking: A comprehensive survey[J]. Proceedings of the IEEE, 2015, 103(1): 14-76. doi: 10.1109/ jproc.2014.2371999.

MCKEOWN N. How SDN will shape networking[C]. Open Networking Summit, Palo Alto, CA, USA, 2011: 56-61.

SHENKER S, CASADO M, KOPONEN T, et al. The future of networking, and the past of protocols[C]. Open Networking Summit, Palo Alto, CA, USA, 2011: 24-29.

KANDOI R and ANTIKAINEN M. Denial-of-service attacks in OpenFlow SDN networks[C]. 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM), Ottawa, BC, Canada, 2015: 1322-1326. doi: 10.1109/inm.2015.7140489.

SHIN S, YEGNESWARAN V, PORRAS P, et al. Avant- guard: Scalable and vigilant switch flow management in software-defined networks[C]. Proceedings of the 2013 ACM SIGSAC Conference on Computer Communications Security, Berlin, Germany, 2013: 413-424. doi: 10.1145/ 2508859.2516684.

ASHRAF J and LATIF S. Handling intrusion and DDoS attacks in software defined networks using machine learning techniques[C]. IEEE 2014 National Software Engineering Conference (NSEC), Event-Karachi, Pakistan, 2014: 55-60. doi: 10. 1109/nsec.2014.6998241.

杨雅辉, 姜电波, 沈晴霓, 等. 基于改进的GHSOM的入侵检测研究[J]. 通信学报, 2011, 32(1): 121-126. doi: 10.3969/j. issn.1000-436X.2011.01.016.

YANG Yahui, JIANG Dianbo, SHEN Qingni, et al. Research on intrusion detection based on an improved GHSOM[J]. Journal on Communications, 2011, 32(1): 121-126. doi: 10. 3969/j.issn.1000-436X.2011.01.016.

BRAGA R, MOTA E, and PASSITO A. Lightweight DDoS flooding attack detection using NOX/OpenFlow[C]. IEEE 2010 35th Conference on Local Computer Networks (LCN), Denver, Colorado, USA, 2010: 408-415. doi: 10.1109/lcn. 2010.5735752.

MOUSAVI S M and ST-HILAIRE M. Early detection of DDoS attacks against SDN controllers[C]. IEEE 2015 International Conference on Computing, Networking and Communications (ICNC), Anaheim, California, USA, 2015: 77-81. doi: 10.1109/iccnc.2015.7069319.

GIOTIS K, ARGYROPOULOS C, ANDROULIDAKIS G, et al. Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments[J]. Computer Networks, 2014, 6(2): 122-136. doi: 10.1016/j.bjp.2013.10.014.

PORRAS P, SHIN S, YEGNESWARAN V, et al. A security enforcement kernel for OpenFlow networks[C]. Proceedings of the First Workshop on Hot Topics in Software Defined Networks, Helsinki, Finland, 2012: 121-126. doi: 10.1145/ 2342441.2342466.

MIHAI-GABRIEL I and VICTOR-VALERIU P. Achieving DDoS resiliency in a software defined network by intelligent risk assessment based on neural networks and danger theory[C]. IEEE 2014 15th International Symposium on Computational Intelligence and Informatics (CINTI), Budapest, Hungary, 2014: 319-324. doi: 10.1109/CINTI. 2014.7028696.

RAUBER A, MERKL D, and DITTENBACH M. The growing hierarchical self-organizing map: exploratory analysis of high-dimensional data[J]. IEEE Transactions on Neural Networks, 2002, 13(6): 1331-1341. doi: 10.1109/tnn. 2002.804221.

HUANG S Y and HUANG Y. Network forensic analysis using growing hierarchical SOM[C]. IEEE 2013 13th International Conference on Data Mining Workshops (ICDMW), Brisbane, Australia, 2013: 536-543. doi: 10.1109/icdmw.2013.66.

html, 2016.

鲍旭华, 洪海, 曹志华. 破坏之王: DDoS攻击与防范深度剖析[M]. 北京: 机械工业出版社, 2014: 20-76.

BAO Xuhua, HONG Hai, AND CAO Zhihua. The King of Destruction: DDoS Attact and Defense Depth Analysis[M]. Beijing: China Machine Press, 2014: 20-76.

BORGNAT P, DEWAELE G, FUKUDA K, et al. Seven years and one day: Sketching the evolution of internet traffic[C]. IEEE 2009 INFOCOM, Rio de Janeiro, Brazil, 2009: 711-719. doi: 10.1109/infcom.2009.5061979.

施引文献

期刊类型引用(23)

1.	郑素珍. 旋转物体的单光子三维重建技术. 应用光学. 2024(05): 879-884 . 百度学术
2.	王月，齐庆杰，孙立峰，程会锋，张婧雯，刘英杰，马天放，仙文豪. 基于超宽带雷达的穿墙生命体征信号检测研究综述. 国外电子测量技术. 2024(09): 26-40 . 百度学术
3.	祁萍萍，李琦，韩壮志. 基于RFT的随机调频周期LFMCW雷达微弱目标检测. 无线电工程. 2022(06): 996-1003 . 百度学术
4.	郭立民，莫禹涵，刘鲁涛，郭晓冉. 线性调频连续波雷达低空小目标长时间相参积累方法. 国防科技大学学报. 2022(04): 190-197 . 百度学术
5.	关键，裴家正，黄勇，陈小龙，陈宝欣. 杂波背景下的时距联合检测前聚焦方法研究. 雷达学报. 2022(05): 753-764 . 百度学术
6.	张军周，刘益辰，尹天宫. 对抗相位编码末制导雷达有源干扰方法研究. 舰船电子工程. 2021(03): 80-83 . 百度学术
7.	裴家正，黄勇，陈宝欣，关键，蔡咪，陈小龙. 联合脉压与Radon傅里叶变换的长时间相参积累方法. 雷达学报. 2021(06): 956-969 . 百度学术
8.	董鹏曙，向龙，谢幼才，金加根. 基于运动补偿的动目标检测处理方法. 探测与控制学报. 2020(06): 29-34 . 百度学术
9.	梁璞，陈兴，刘让，商哲然，易天柱，卢大威. 基于RFT和AMF融合聚焦的雷达弱小目标检测. 航空兵器. 2019(06): 1-9 . 百度学术
10.	段毅，商哲然，谭贤四，曲智国，李志淮. 面向雷达高速目标检测的RFT快速实现方法. 系统工程与电子技术. 2018(06): 1233-1240 . 百度学术
11.	王万田，袁俊泉，王悦，周亮. 一种天空双基地预警雷达高速机动目标检测算法. 空军预警学院学报. 2017(05): 313-318 . 百度学术
12.	商哲然，谭贤四，曲智国，王红，杨康峰. 一种改进的快速RFT实现方法. 现代防御技术. 2017(01): 140-146 . 百度学术
13.	商哲然，谭贤四，曲智国，尉强，王红. 高超声速目标雷达检测方法综述. 现代雷达. 2017(01): 1-8+40 . 百度学术
14.	章建成，苏涛，吕倩. 基于运动参数非搜索高速机动目标检测. 电子与信息学报. 2016(06): 1460-1467 . 本站查看
15.	商哲然，谭贤四，曲智国，王红，丰骁. 基于GPU的RFT算法并行化. 雷达科学与技术. 2016(05): 505-509+516 . 百度学术
16.	商哲然，谭贤四，曲智国，王红. 基于改进的快速RFT算法的高速目标检测. 雷达科学与技术. 2016(02): 184-188+193 . 百度学术
17.	李炯，赵彬，韩闯，徐跃. 临近空间高超声速目标跟踪技术及展望. 现代雷达. 2016(09): 1-6 . 百度学术
18.	董鹏曙，向龙，谢幼才，金加根. 高速机动目标信号多普勒频移补偿方法. 探测与控制学报. 2016(03): 66-70+74 . 百度学术
19.	陈潜，刘俊豪，王海涛. 频域切变Radon-Fourier变换算法及其对微弱目标的检测. 太赫兹科学与电子信息学报. 2016(02): 299-305 . 百度学术
20.	王慧，洪丽娜，易建新，万显荣. 数字电视外辐射源雷达目标徙动补偿新方法. 电子与信息学报. 2015(05): 1017-1022 . 本站查看
21.	田超，文树梁. 基于非均匀FFT的长时间相参积累算法. 电子与信息学报. 2014(06): 1374-1380 . 本站查看
22.	刘京然，王星，王党卫. OFDM-MIMO雷达运动目标回波相参积累方法. 现代雷达. 2014(12): 43-47+53 . 百度学术
23.	汪连栋，曾勇虎，高磊，陆俊. 临近空间高超声速目标雷达探测技术现状与趋势. 信号处理. 2014(01): 72-85 . 百度学术