摘要
为了在软件定义网络(SDN)环境中有效解决分布式拒绝服务攻击(DDoS)的问题,提出了一种主被动结合、统计流表特征的DDoS攻击检测方法.利用SDN网络架构在部署DDoS攻击检测系统方面灵活和多维度的特点,通过控制器从大量的网络设备中早期发现受害主机,并有针对性的进行攻击检测.首先通过packet_in消息被动统计作为预判,进而下发监控流表进一步细粒度统计特征,并利用XGBoost算法构造异常检测分类器进行分类攻击.最后在OpenDayLight控制器中实现了上述DDoS攻击检测系统,并在Mininet网络中进行了评估验证.结果表明,这种检测方法可以高效定位出遭受DDoS攻击的网络设备并检测出受害主机,XGBoost算法应用在此场景中可以在保证检测率的同时发挥其处理效率高的特性,适用于此系统.
To solve the problem of distributed denial of service( DDoS) in software-defined network( SDN) environment,a DDoS attack detection method with active passive combination and statistical flow features is presented. Utilizing the flexible and multi-dimensional features of SDN network architecture in deploying DDoS attack detection system,the victim host is detected from a large number of network devices earlier through controller and the targeted attack detection is conducted. First,the traffic statistics of the packet_in message is used as the pre-judgment. Then the fine-grained statistical features are further distributed,and the XGBoost algorithm is used to construct the anomaly detection classifier to classify the attacks. Finally,the DDoS attack detection system is implemented in the OpenDayLight controller and evaluated in the Mininet network. The results show that the method can efficiently locate the network equipment suffered DDoS attacks and detect the victim host. XGBoost algorithm applied to the scene has characteristics of high efficiency processing and guarantee the detection rate at the same time,thus it is suitable for the system.
出处
《东南大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2017年第A01期14-19,共6页
Journal of Southeast University:Natural Science Edition
基金
国家高技术研究发展计划(863计划)资助项目(2015AA016105)
教育部-中国移动科研基金资助项目(MCM20160304)
关键词
软件定义网络
分布式拒绝服务攻击
攻击检测
网络入侵
software definition network(SDN)
distributed denial of service
attack detection
network intrusion
