摘要
分布式拒绝服务(distributed denial-of-service,DDoS)攻击是网络中的常见威胁,攻击者通过向受害服务器发送大量无用请求使正常用户无法访问服务器,DDoS逐渐成为软件定义网络(software-defined networking,SDN)的重大安全隐患。针对SDN中DDoS攻击检测问题,提出了一种粗粒度与细粒度相结合的检测方案,使用队列论及条件熵作为到达流的粗粒度检测模块,使用机器学习作为细粒度检测模块,从合法包中准确检测出恶意流量。实验表明,在使用Mininet模拟SDN网络的环境中,方案可准确检测出DDoS攻击。
Distributed denial-of-service(DDoS)attacks are a common threat in many networks.Attackers send a large number of useless requests to the victim server to prevent other users from accessing the server.These attacks rely on a high degree of randomness to establish a large number of connections with victims,which makes it difficult to be detected and blocked by the firewall.With the rapid development of software defined networking(SDN),DDoS attacks have gradually become a major concern in SDN.For the problem of DDoS attack detection in SDN,a combined coarse-grained and fine-grained attack detection scheme is proposed,using queueing theory and conditional entropy as the coarse-grained detection module for arriving flows and machine learning as the fine-grained detection module to accurately detect malicious traffic from legitimate packets.Experiments show that the detection scheme can accurately and efficiently detect DDoS attacks in a simulated SDN network environment using Mininet.
作者
谢汶锦
张智斌
张三妞
XIE Wenjin;ZHANG Zhibin;ZHANG Sanniu(Faculty of Information Engineering and Automation,Kunming University of Science and Technology,Kunming 650500,P.R.China)
出处
《重庆邮电大学学报(自然科学版)》
CSCD
北大核心
2022年第6期1032-1039,共8页
Journal of Chongqing University of Posts and Telecommunications(Natural Science Edition)
关键词
软件定义网络
分布式拒绝服务攻击
条件熵
队列论
机器学习
software-defined networking
distributed denial-of-service attack
conditional entropy
queueing theory
machine learning