基于对象特征的软件定义网络分布式拒绝服务攻击检测方法

姚琳元; 董平; 张宏科

doi:10.11999/JEIT160370

基于对象特征的软件定义网络分布式拒绝服务攻击检测方法

doi: 10.11999/JEIT160370

基金项目:

国家973重点基础研究发展计划(2013CB329100)，国家863高技术研究发展计划(2015AA016103)，国家自然科学基金(61301081)，国家电网公司科技项目([2016]377)

计量
- 文章访问数: 1345
- HTML全文浏览量: 152
- PDF下载量: 508
- 被引次数: 0
出版历程
- 收稿日期: 2016-04-18
- 修回日期: 2016-10-19
- 刊出日期: 2017-02-19

Distributed Denial of Service Attack Detection Based on Object Character in Software Defined Network

Funds:

The National Key Basic Research Program of China (2013CB329100), The National High Technology Research and Development Program 863 (2015AA016103), The National Natural Science Foundation of China (61301081), SGRIXTJSFW ([2016]377)

摘要

摘要: 软件定义网络(SDN)受到分布式拒绝服务(DDoS)攻击时，攻击方会发送大量数据包，产生大量新的终端标识占用网络连接资源，影响网络正常运转。为准确发现受攻击对象，检测被占用资源，利用GHSOM技术，该文提出基于对象特征的DDoS攻击检测方法。首先，结合SDN网络及攻击特点，提出基于目的地址的检测7元组，并以此作为判断目标地址是否受到DDoS攻击的检测元素；然后，采用模块化设计，将GHSOM算法应用于SDN网络DDoS攻击的分析检测中，并在OpenDayLight的仿真平台上完成了仿真实验。实验结果显示，该文提出的检测7元组可有效检测目标对象是否受到DDoS攻击。
- 软件定义网络 /
- 7元组 /
- 自组织映射 /
- 分布式拒绝服务
Abstract: During the Distributed Denial of Service (DDoS) attack happening in Software Defined Network (SDN) network, the attackers send a large number of data packets. Large quantities of new terminal identifiers are generated. Accordingly, the network connection resources are occupied, obstructing the normal operation of the network. To detect the attacked target accurately, and release the occupied resources, a DDoS attack detection method based on object features with the GHSOM technology is provided. First, the seven-tuple is proposed for detection to determine whether the target address is under attack by DDoS. Then, a simulation platform is built, which is based on the OpenDayLight controller. GHSOM algorithm is applied to the network. Simulation experiments are performed to validate the feasibility of the detection method. The results show that the seven-tuple for detection can effectively confirm whether the target object is under a DDoS attack.
- Software Defined Network (SDN) /
- Seven-tuple /
- Self-organization mapping /
- Distributed Denial of Service (DDoS)

HTML全文

参考文献(20)

BENSON T, AKELLA A, and MALTZ D A. Unraveling the Complexity of Network Management[C]. 6th USENIX Symposium on Networked Systems Design and Implementation, Boston, MA, USA, 2009: 335-348.

KREUTZ D, RAMOS F M V, ESTEVES VERISSIMO P, et al. Software-defined networking: A comprehensive survey[J]. Proceedings of the IEEE, 2015, 103(1): 14-76. doi: 10.1109/ jproc.2014.2371999.

MCKEOWN N. How SDN will shape networking[C]. Open Networking Summit, Palo Alto, CA, USA, 2011: 56-61.

SHENKER S, CASADO M, KOPONEN T, et al. The future of networking, and the past of protocols[C]. Open Networking Summit, Palo Alto, CA, USA, 2011: 24-29.

KANDOI R and ANTIKAINEN M. Denial-of-service attacks in OpenFlow SDN networks[C]. 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM), Ottawa, BC, Canada, 2015: 1322-1326. doi: 10.1109/inm.2015.7140489.

SHIN S, YEGNESWARAN V, PORRAS P, et al. Avant- guard: Scalable and vigilant switch flow management in software-defined networks[C]. Proceedings of the 2013 ACM SIGSAC Conference on Computer Communications Security, Berlin, Germany, 2013: 413-424. doi: 10.1145/ 2508859.2516684.

ASHRAF J and LATIF S. Handling intrusion and DDoS attacks in software defined networks using machine learning techniques[C]. IEEE 2014 National Software Engineering Conference (NSEC), Event-Karachi, Pakistan, 2014: 55-60. doi: 10. 1109/nsec.2014.6998241.

杨雅辉, 姜电波, 沈晴霓, 等. 基于改进的GHSOM的入侵检测研究[J]. 通信学报, 2011, 32(1): 121-126. doi: 10.3969/j. issn.1000-436X.2011.01.016.

YANG Yahui, JIANG Dianbo, SHEN Qingni, et al. Research on intrusion detection based on an improved GHSOM[J]. Journal on Communications, 2011, 32(1): 121-126. doi: 10. 3969/j.issn.1000-436X.2011.01.016.

BRAGA R, MOTA E, and PASSITO A. Lightweight DDoS flooding attack detection using NOX/OpenFlow[C]. IEEE 2010 35th Conference on Local Computer Networks (LCN), Denver, Colorado, USA, 2010: 408-415. doi: 10.1109/lcn. 2010.5735752.

MOUSAVI S M and ST-HILAIRE M. Early detection of DDoS attacks against SDN controllers[C]. IEEE 2015 International Conference on Computing, Networking and Communications (ICNC), Anaheim, California, USA, 2015: 77-81. doi: 10.1109/iccnc.2015.7069319.

GIOTIS K, ARGYROPOULOS C, ANDROULIDAKIS G, et al. Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments[J]. Computer Networks, 2014, 6(2): 122-136. doi: 10.1016/j.bjp.2013.10.014.

PORRAS P, SHIN S, YEGNESWARAN V, et al. A security enforcement kernel for OpenFlow networks[C]. Proceedings of the First Workshop on Hot Topics in Software Defined Networks, Helsinki, Finland, 2012: 121-126. doi: 10.1145/ 2342441.2342466.

MIHAI-GABRIEL I and VICTOR-VALERIU P. Achieving DDoS resiliency in a software defined network by intelligent risk assessment based on neural networks and danger theory[C]. IEEE 2014 15th International Symposium on Computational Intelligence and Informatics (CINTI), Budapest, Hungary, 2014: 319-324. doi: 10.1109/CINTI. 2014.7028696.

RAUBER A, MERKL D, and DITTENBACH M. The growing hierarchical self-organizing map: exploratory analysis of high-dimensional data[J]. IEEE Transactions on Neural Networks, 2002, 13(6): 1331-1341. doi: 10.1109/tnn. 2002.804221.

HUANG S Y and HUANG Y. Network forensic analysis using growing hierarchical SOM[C]. IEEE 2013 13th International Conference on Data Mining Workshops (ICDMW), Brisbane, Australia, 2013: 536-543. doi: 10.1109/icdmw.2013.66.

html, 2016.

鲍旭华, 洪海, 曹志华. 破坏之王: DDoS攻击与防范深度剖析[M]. 北京: 机械工业出版社, 2014: 20-76.

BAO Xuhua, HONG Hai, AND CAO Zhihua. The King of Destruction: DDoS Attact and Defense Depth Analysis[M]. Beijing: China Machine Press, 2014: 20-76.

BORGNAT P, DEWAELE G, FUKUDA K, et al. Seven years and one day: Sketching the evolution of internet traffic[C]. IEEE 2009 INFOCOM, Rio de Janeiro, Brazil, 2009: 711-719. doi: 10.1109/infcom.2009.5061979.

施引文献

资源附件(0)

访问统计