摘要
针对云环境SDN网络中存在的对低速率DDoS攻击检测精度较低,缺乏统一框架对数据平面、控制平面低速率DDoS攻击进行检测及防御等问题,提出了一种针对低速率DDoS的统一检测框架。首先,分析验证了数据平面低速率DDoS攻击的有效性,在此基础上结合低速率DDoS攻击在通信、频率等方面的特性,提取了均值、最大值、偏差度、平均离差、存活时间这5个方面的十维特征,实现了基于贝叶斯网络的低速率DDoS攻击检测。然后,通过控制器下发相关策略来阻断攻击流。实验表明在OpenStack云环境下对低速率DDoS攻击检测率达到99.3%,CPU占用率为9.04%,证明了所提方案能够有效地完成低速率DDoS攻击的检测及防御。
Aiming at the problems of low-rate DDoS attack detection accuracy in cloud SDN network and the lack of unified framework for data plane and control plane low-rate DDoS attack detection and defense,a unified framework for low-rate DDoS attack detection was proposed.First of all,the validity of the data plane DDoS attacks in low rate was analyzed,on the basis of combining with low-rate of DDoS attacks in the aspect of communications,frequency characteristics,extract the mean value,maximum value,deviation degree and average deviation,survival time of ten dimensions characteristics of five aspects,to achieve the low-rate of DDoS attack detection based on bayesian networks,issued by the controller after the relevant strategies to block the attack flow.Finally,in OpenStack cloud environment,the detection rate of low-rate DDoS attack reaches 99.3%and the CPU occupation rate is 9.04%.It can effectively detect and defend low-rate DDoS attacks.
作者
陈兴蜀
滑强
王毅桐
葛龙
朱毅
CHEN Xingshu;HUA Qiang;WANG Yitong;GE Long;ZHU Yi(College of Cybersecurity,Sichuan University,Chengdu 610065,China;Research Institute of Cybersecurity,Sichuan University,Chengdu 610065,China;College of Computer Science,Sichuan University,Chengdu 610065,China)
出处
《通信学报》
EI
CSCD
北大核心
2019年第6期210-222,共13页
Journal on Communications
基金
国家自然科学基金青年科学基金资助项目(No.61802270,No.61802271)
四川省重点研发基金资助项目(No.2018G20100)~~
