基于软件定义物联网的分布式拒绝服务攻击检测方法  被引量：12

作　　者：刘向举[1] 刘鹏程 徐辉[1] 朱晓娟[1] LIU Xiangju;LIU Pengcheng;XU Hui;ZHU Xiaojuan(College of Computer Science and Engineering,Anhui University of Science and Technology,Huainan Anhui 232001,China)

机构地区：[1]安徽理工大学计算机科学与工程学院

出　　处：《计算机应用》2020年第3期753-759,共7页journal of Computer Applications

基　　金：国家自然科学基金资助项目(51504010,61404001);安徽省高校省级自然科学研究重大项目(KJ2014ZD12);淮南市科技计划项目(2013A4011)~~

摘　　要：由于物联网(IoT)设备众多、分布广泛且所处环境复杂,相较于传统网络更容易遭受分布式拒绝服务(DDoS)攻击,针对这一问题提出了一种在软件定义物联网(SD-IoT)架构下基于均分取值区间长度-K均值(ELVRKmeans)算法的DDoS攻击检测方法。首先,利用SD-IoT控制器的集中控制特性通过获取OpenFlow交换机的流表,分析SD-IoT环境下DDoS攻击流量的特性,提取出与DDoS攻击相关的七元组特征;然后,使用ELVR-Kmeans算法对所获取的流表进行分类,以检测是否有DDoS攻击发生;最后,搭建仿真实验环境,对该方法的检测率、准确率和错误率进行测试。实验结果表明,该方法能够较好地检测SD-IoT环境中的DDoS攻击,检测率和准确率分别达到96.43%和98.71%,错误率为1.29%。Due to the large number,wide distribution and complex environments of Internet of Things(IoT)devices,IoT is more vulnerable to DDoS(Distributed Denial of Service)attacks than traditional networks.Concerning this problem,a Distributed Denial of Service(DDoS)attack detection method based on Equal Length of Value Range K-means(ELVRKmeans)algorithm in Software Defined IoT(SD-IoT)architecture was proposed.Firstly,the centralized control characteristic of the SD-IoT controller was used to extract the flow tables of the OpenFlow switch to analyze the DDoS attack traffic characteristics in SD-IoT environment and extract the seven-tuple features related to the DDoS attack traffic.Secondly,the obtained flow tables were classified by the ELVR-Kmeans algorithm to detect whether a DDoS attack had occurred.Finally,the simulation experiment environment was built to test the detection rate,accuracy and error rate of the method.The simulation results show that the proposed method can effectively detect DDoS attacks in SD-IoT environment with detection rate and accuracy of 96.43%and 98.71%respectively,and error rate of 1.29%.

关 键 词：软件定义物联网 分布式拒绝服务攻击 均分取值区间长度-K均值算法 七元组特征 攻击检测 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]