DDoS Attack Detection Scheme Based on Entropy and PSO-BP Neural Network in SDN  被引量：8

作　　者：Zhenpeng Liu Yupeng He Wensheng Wang Bin Zhang 

机构地区：[1]School of Cyberspace Security and Computer, Hebei University, Baoding 071002, China [2]Information Technology Center, Hebei University, Baoding 071002, China [3]School of Electronic Information Engineering, Hebei University, Baoding 071002, China

出　　处：《China Communications》2019年第7期144-155,共12页中国通信（英文版）

基　　金：supported by the Hebei Province Innovation Capacity Improvement Program of China under Grant No.179676278D;the Ministry of Education Fund Project of China under Grant No.2017A20004

摘　　要：SDN (Software Defined Network) has many security problems, and DDoS attack is undoubtedly the most serious harm to SDN architecture network. How to accurately and effectively detect DDoS attacks has always been a difficult point and focus of SDN security research. Based on the characteristics of SDN, a DDoS attack detection method combining generalized entropy and PSOBP neural network is proposed. The traffic is pre-detected by the generalized entropy method deployed on the switch, and the detection result is divided into normal and abnormal. Locate the switch that issued the abnormal alarm. The controller uses the PSO-BP neural network to detect whether a DDoS attack occurs by further extracting the flow features of the abnormal switch. Experiments show that compared with other methods, the detection accurate rate is guaranteed while the CPU load of the controller is reduced, and the detection capability is better.SDN(Software Defined Network) has many security problems, and DDoS attack is undoubtedly the most serious harm to SDN architecture network. How to accurately and effectively detect DDoS attacks has always been a difficult point and focus of SDN security research. Based on the characteristics of SDN, a DDoS attack detection method combining generalized entropy and PSOBP neural network is proposed. The traffic is pre-detected by the generalized entropy method deployed on the switch, and the detection result is divided into normal and abnormal. Locate the switch that issued the abnormal alarm. The controller uses the PSO-BP neural network to detect whether a DDoS attack occurs by further extracting the flow features of the abnormal switch. Experiments show that compared with other methods, the detection accurate rate is guaranteed while the CPU load of the controller is reduced, and the detection capability is better.

关 键 词：software-defined NETWORKING distributed DENIAL of service ATTACKS generalized information ENTROPY particle SWARM optimization back propagation neural network ATTACK detection 

分 类 号：TN[电子电信]