摘要
为了对SDN中的DDoS攻击进行检测,该文提出了一种基于自组织映射决策树的DDoS检测算法,该算法利用二维自组织映射算法训练出的数据分布拟合网络,结合历史数据生成数据罕见度网络,结合决策树算法判断结果生成数据有害度网络,利用数据罕见度网络和数据有害度网络对决策树算法进行修正以产生最终检测结果;在SDN实验网络上基于所提算法搭建了一套DDoS检测系统,实现了对SDN网络流量的自动化周期性检测;并在搭建的实验网络中对检测算法的准确性和系统运行效果进行了测试。结果表明,所提算法对DDoS攻击的检测性能优于对比算法,且系统的运行效果符合预期。
In order to detect distributed denial of service(DDoS)attacks in software defined network(SDN),a DDoS detection algorithm based on self-organizing mapping decision tree(DT)is proposed,which firstly uses the data distribution fitting network trained by the two-dimensional self-organizing mapping algorithm,combines the historical data to generate the data rarity network,combines the judgment result of the decision tree algorithm to generate the data harmfulness network,and uses data rarity network and data harmfulness network to modify the decision tree algorithm to produce final detection results.In addition,a DDoS detection system is built on the SDN experimental network based on the proposed algorithm,which realizes the automatic periodic detection of SDN network traffic.Finally,the accuracy of detection algorithm and the system operation effect are tested in the built experimental network,and the results show that the detection performance of the proposed algorithm for DDoS attack is better than the algorithm compared,and the system operation effect is able to meet the expectation.
作者
王凯巍
陈美娟
WANG Kaiwei;CHEN Meijuan(College of Telecommunications&Information Engineering,Nanjing University of Post and Telecommunications,Nanjing 210003,China)
出处
《实验科学与技术》
2021年第5期23-30,共8页
Experiment Science and Technology
基金
国家自然科学基金(61871237)
江苏省重点研发计划(BE2019017)
江苏省教育改革研究课题(2019JSJG197)。
