面向软件定义网络的两级DDoS攻击检测与防御  被引量:4

A Two-stage DDoS Attack Detection and Defense Method in Software Defined Network

在线阅读下载全文

作  者:于俊清[1,2] 李自尊 吴驰 赵贻竹[1] YU Junqing;LI Zizun;WU Chi;ZHAO Yizhu(School of Cyber Science and Engineering,Huazhong University of Science and Technology,Wuhan 430074,China;Center of Network and Computation,Huazhong University of Science and Technology,Wuhan 430074,China)

机构地区:[1]华中科技大学网络空间安全学院,武汉430074 [2]华中科技大学网络与计算中心,武汉430074

出  处:《信息网络安全》2022年第1期1-8,共8页Netinfo Security

基  金:国家重点研发计划[2018YFB1800405]。

摘  要:分布式拒绝服务(DDoS)攻击一直是互联网的主要威胁之一,在软件定义网络(SDN)中会导致控制器资源耗尽,影响整个网络正常运行。针对SDN网络中的DDoS攻击问题,文章设计并实现了一种两级攻击检测与防御方法。基于控制器北向接口采集交换机流表数据并提取直接特征和派生特征,采用序贯概率比检验(Sequential Probability Ratio Test,SPRT)和轻量级梯度提升机(LightGBM)设计两级攻击检测算法,快速定位攻击端口和对攻击类型进行精准划分,通过下发流表规则对攻击流量进行实时过滤。实验结果表明,攻击检测模块能够快速定位攻击端口并对攻击类型进行精准划分,分类准确率达到98%,攻击防御模块能够在攻击发生后2 s内迅速下发防御规则,对攻击流量进行过滤,有效保护SDN网络的安全。Distributed denial of service(DDoS)attacks have always been a major threat to Internet.In SDN network,it will lead to the exhaustion of controller resources and affect the normal operation of the entire network.Aiming at mitigating DDoS attacks in SDN network,a two-stage attack detection and defense method is designed and implemented,which firstly collects flow data based on the controller's northbound interface to extract direct and derived features,and uses sequential probability ratio test(SPRT)and light gradient boosting machine(LightGBM)to locate attacks quickly and differentiate attack types accurately,at last filters the attack traffic in real time by installing flow rules.Experimental results show that this attack detection method can quickly locate the attack port and classify the attack traffic which accuracy reaches to 98%,and attack defense method can install defense flow rules in time to filter the attack traffic within 2 s after attack happens to protect the safety of SDN network effectively.

关 键 词:软件定义网络 分布式拒绝服务攻击 序贯概率比检验 轻量级梯度提升机 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象