The security threats to software-defined networks(SDNs)have become a significant problem,generally because of the open framework of SDNs.Among all the threats,distributed denial-of-service(DDoS)attacks can have a deva...The security threats to software-defined networks(SDNs)have become a significant problem,generally because of the open framework of SDNs.Among all the threats,distributed denial-of-service(DDoS)attacks can have a devastating impact on the network.We propose a method to discover DDoS attack behaviors in SDNs using a feature-pattern graph model.The feature-pattern graph model presented employs network patterns as nodes and similarity as weighted links;it can demonstrate not only the traffc header information but also the relationships among all the network patterns.The similarity between nodes is modeled by metric learning and the Mahalanobis distance.The proposed method can discover DDoS attacks using a graph-based neighborhood classification method;it is capable of automatically finding unknown attacks and is scalable by inserting new nodes to the graph model via local or global updates.Experiments on two datasets prove the feasibility of the proposed method for attack behavior discovery and graph update tasks,and demonstrate that the graph-based method to discover DDoS attack behaviors substantially outperforms the methods compared herein.展开更多
基金project supported by the National Key R&D Program of China(Nos.2017YFB0802300 and 2017YFC0803700)
文摘The security threats to software-defined networks(SDNs)have become a significant problem,generally because of the open framework of SDNs.Among all the threats,distributed denial-of-service(DDoS)attacks can have a devastating impact on the network.We propose a method to discover DDoS attack behaviors in SDNs using a feature-pattern graph model.The feature-pattern graph model presented employs network patterns as nodes and similarity as weighted links;it can demonstrate not only the traffc header information but also the relationships among all the network patterns.The similarity between nodes is modeled by metric learning and the Mahalanobis distance.The proposed method can discover DDoS attacks using a graph-based neighborhood classification method;it is capable of automatically finding unknown attacks and is scalable by inserting new nodes to the graph model via local or global updates.Experiments on two datasets prove the feasibility of the proposed method for attack behavior discovery and graph update tasks,and demonstrate that the graph-based method to discover DDoS attack behaviors substantially outperforms the methods compared herein.
