期刊文献+

SDN中基于条件熵和GHSOM的DDoS攻击检测方法 被引量:14

DDoS attack detection method based on conditional entropy and GHSOM in SDN
下载PDF
导出
摘要 软件定义网络(SDN,software defined networking)简化了网络结构,但同时控制器也面临着"单点失效"的安全威胁。攻击者可以发送大量交换机流表中并不存在的伪造数据流,影响网络正常性能。为了准确检测这种攻击的存在,提出了基于条件熵和GHSOM(growing hierarchical SOM)神经网络的DDoS攻击检测方法MBCE&G。首先,依据此DDoS的阶段性特征,定位了网络中的受损交换机以发现可疑攻击流;然后,依据可疑攻击流种类的多样性特征,以条件熵的形式提取了四元组特征向量,将其作为神经网络的输入特征进行更加精确的分析;最后,搭建了实验环境完成验证。实验结果显示,MBCE&G检测方法可以有效检测SDN中的DDoS攻击。 Software defined networking(SDN)simplifies the network architecture,while the controller is also faced with a security threat of“single point of failure”.Attackers can send a large number of forged data flows that do not exist in the flow tables of the switches,affecting the normal performance of the network.In order to detect the existence of this kind of attack,the DDoS attack detection method based on conditional entropy and GHSOM in SDN(MBCE&G)was presented.Firstly,according to the phased features of DDoS,the damaged switch in the network was located to find the suspect attack flows.Then,according to the diversity characteristics of the suspected attack flow,the quaternion feature vector was extracted in the form of conditional entropy,as the input features of the neural network for more accurate analysis.Finally,the experimental environment was built to complete the verification.The experimental results show that MBCE&G detection method can effectively detect DDoS attacks in SDN network.
作者 田俊峰 齐鎏岭 TIAN Junfeng;QI Liuling(School of Cyber Security and Computer,Hebei University,Baoding 071002,China;Key Lab on High Trusted Information System in Hebei Province,Baoding 071002,China)
出处 《通信学报》 EI CSCD 北大核心 2018年第8期140-149,共10页 Journal on Communications
基金 国家自然科学基金资助项目(No.61170254) 河北省自然科学基金资助项目(No.F2016201244)~~
关键词 软件定义网络 条件熵 神经网络 DDOS攻击 software defined networking conditional entropy neural network DDoS attack
  • 相关文献

参考文献3

二级参考文献20

  • 1卿斯汉,蒋建春,马恒太,文伟平,刘雪飞.入侵检测技术研究综述[J].通信学报,2004,25(7):19-29. 被引量:234
  • 2FAOUR A, LERAY P, ETER B. Growing hierarchical self-organizing map for alarm filtering in network intrusion detection systems[A]. Proceedings of 1st IFIP International Conference on New Technologies, Mobility and Security[C]. Paris, France, 2007. 被引量:1
  • 3Index of / databases/kddcup99 [EB/OL]. http://kdd.ics.uci.edu/data- bases/kddcup99.2009. 被引量:1
  • 4JIANG D B, YANG Y H, XIA M. Research on intrusion detection based on an improved sore neural network[A]. Proceedings of Fifth International Conference on Information Assurance and Security[C]. Xi'an, China, 2009. 400-403. 被引量:1
  • 5DEPREN O, TOPALLAR M, ANARIM E, et al. An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks[J]. Expert Systems with Applications,2005,29: 713-722. 被引量:1
  • 6RAMADAS M, OSTERMANN M, TJADEN B. Detecting anomalous network traffic with self-organizing maps[A]. Proceedings of the 6th International Symposium on Recent Advances in Intrusion Detection[C]. Pittsburgh, PA, USA, 2003. 被引量:1
  • 7RAUBER A, MERKL D, DrFFENBACH M. The growing hierarchical self-organizing map: Exploratory analysis of high-dimensional data[J]. IEEE Transactions on Neural Networks, 2002,13(6): 1331-1341. 被引量:1
  • 8PALOMO E J, DOMINGUEZ E, LUQUE R M, et al. A new GHSOM model applied to network security[J]. Lecture Notes in Computer Science Springer, 2008, 5168: 680-689. 被引量:1
  • 9PALOMO E J, DOMINGUES E, LUQUE R M, et al. An intrusion detection system based on hierarchical self-organization[J]. Journal of Information Assurance and Security4, 2009, 4(3): 209-216. 被引量:1
  • 10Lichodzi Jewski P, Zincir-Heywood A N, et al. Dynamic intrusion detection using self-organizing maps [C/OL] //Proc of the 14th Annual Canadian Information Technology Security Symp, [2012-08-24]. http://scholar. google, com. hk/scholar?q = Dynamic + Intrusion + Detection + Using + Self-Organizing + Maps&.hl = zh-CN&.as_ sdt = O&as_ vis = 1 &oi = scholart&sa = X&ei = RlU3UOSTCOqViAfIqoGQBA &ved=OCBOQgQMwAA. 被引量:1

共引文献59

同被引文献91

引证文献14

二级引证文献73

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部