SDN环境下DDoS攻击检测算法研究
首发时间:2020-03-04
摘要:软件定义网络(Software Defined Networking, SDN)通过解耦转发和控制平面,提供灵活的网络管理。SDN的安全问题中,最紧急和最难解决的安全问题之一是分布式拒绝服务攻击(Distributed Denial of Servcie, DDoS)。相较于传统网络,DDoS攻击对SDN的危害更加严重。并且DDoS攻击和闪拥事件(Flash Event, FE)的表现与特征相似,难以区分。为了提高DDoS攻击检测的准确率并节约资源,本文提出了一种基于φ-熵的攻击检测触发与基于XGBoost的攻击检测确认相结合的攻击检测算法。攻击检测触发算法初步判断SDN环境中是否存在异常,如果检测到异常则启动攻击检测确认算法进一步检测。在Mininet平台上进行仿真实验验证该方法,实验结果表明本文提出的攻击检测算法可以提高检测的准确率并且能够节约资源。
关键词: SDN安全 DDoS攻击检测 φ-熵 XGBoost
For information in English, please click here
Research on DDoS Attack Detection Algorithm in SDN Environment
Abstract:Software Defined Networking (SDN) provides flexible network management by decoupling the forwarding and control planes. Among the security problems of SDN, one of the most urgent and difficult to solve is the Distributed Denial of Service (DDoS). Compared with traditional networks, DDoS attacks are more harmful to SDN. In addition, DDoS attacks and Flash Event (FE) are similar in characteristics and difficult to distinguish. In order to improve the accuracy of DDoS attack detectionand save resources, this thesis proposes an attack detection algorithm combining attack detection trigger based on φ-entropy and attack detection confirmation based on XGBoost. The attack detection trigger algorithm preliminarily determines whether there is an abnormality in the SDN environment, and if an abnormality is detected, the attack detection confirmation algorithm is started. Simulation experiments were performed on the Mininet platform to verify the method, the experimental results show that the attack detection algorithm proposed in this thesis can improve the detection accuracy and save resources.
Keywords: SDN security DDoS attack detection φ-entropy XGBoost
基金:
引用
No.****
同行评议
勘误表
SDN环境下DDoS攻击检测算法研究
评论
全部评论0/1000