SDN下基于深度学习混合模型的DDoS攻击检测与防御  被引量：35

作　　者：李传煌[1] 吴艳 钱正哲 孙正君[1] 王伟明[1] LI Chuanhuang;WU Yan;QIAN Zhengzhe;SUN Zhengjun;WANG Weiming(School of Information and Electronic Engineering,Zhejiang Gongshang University,Hangzhou 310018,China)

机构地区：[1]浙江工商大学信息与电子工程学院,浙江杭州310018

出　　处：《通信学报》2018年第7期176-187,共12页Journal on Communications

基　　金：国家重点研发计划基金资助项目(No.2017YFB0803202);浙江省自然科学基金资助项目(No.LY18F010006);浙江省新型网络标准与应用技术重点实验室基金资助项目(No.2013E10012);浙江省重点研发计划基金资助项目(No.2017C03058)~~

摘　　要：软件定义网络(SDN,software defined network)作为一种新兴的网络架构,其安全问题一直是SDN领域研究的热点,如SDN控制通道安全性、伪造服务部署及外部分布式拒绝服务(DDoS,distributed denial of service)攻击等。针对SDN安全中的外部DDoS攻击问题进行研究,提出了一种基于深度学习混合模型的DDoS攻击检测方法——DCNN-DSAE。该方法在构建深度学习模型时,输入特征除了从数据平面提取的21个不同类型的字段外,同时设计了能够区分流类型的5个额外流表特征。实验结果表明,该方法具有较高的精确度,优于传统的支持向量机和深度神经网络等机器学习方法,同时,该方法还可以缩短分类检测的处理时间。将该检测模型部署于控制器中,利用检测结果产生新的安全策略,下发到Open Flow交换机中,以实现对特定DDoS攻击的防御。Software defined network(SDN)is a new kind of network technology,and the security problems are the hot topics in SDN field,such as SDN control channel security,forged service deployment and external distributed denial of service(DDoS)attacks.Aiming at DDoS attack problem of security in SDN,a DDoS attack detection method called DCNN-DSAE based on deep learning hybrid model in SDN was proposed.In this method,when a deep learning model was constructed,the input feature included 21 different types of fields extracted from the data plane and 5 extra self-designed features of distinguishing flow types.The experimental results show that the method has high accuracy,it’s better than the traditional support vector machine(SVM)and deep neural network(DNN)and other machine learning methods.At the same time,the proposed method can also shorten the processing time of classification detection.The detection model is deployed in SDN controller,and the new security policy is sent to the OpenFlow switch to achieve the defense against specific DDoS attack.

关 键 词：分布式拒绝服务 软件定义网络 攻击检测 深度学习 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]