东北大学学报:自然科学版 ›› 2020, Vol. 41 ›› Issue (9): 1217-1222.DOI: 10.12068/j.issn.1005-3026.2020.09.001

• 信息与控制 •    下一篇

SDN中DDoS攻击的高效联合检测和防御机制

曾荣飞1, 高原2, 王兴伟2, 张榜2   

  1. (1. 东北大学 软件学院, 辽宁 沈阳110169; 2. 东北大学 计算机科学与工程学院, 辽宁 沈阳110169)
  • 收稿日期:2019-09-30 修回日期:2019-09-30 出版日期:2020-09-15 发布日期:2020-09-15
  • 通讯作者: 曾荣飞
  • 作者简介:曾荣飞(1983-),男,辽宁沈阳人,东北大学副教授; 王兴伟(1968-),男,辽宁盖州人,东北大学教授,博士生导师.
  • 基金资助:
    国家重点研发计划项目(2017YFB0801701); 国家自然科学基金资助项目(61872073).

Efficient Joint Detection and Defense Mechanism for DDoS Attack in SDN

ZENG Rong-fei1, GAO Yuan2, WANG Xing-wei2, ZHANG Bang2   

  1. 1.School of Software, Northeastern University, Shenyang 110169, China; 2.School of Computer Science & Engineering, Northeastern University, Shenyang 110169, China.
  • Received:2019-09-30 Revised:2019-09-30 Online:2020-09-15 Published:2020-09-15
  • Contact: WANG Xing-wei
  • About author:-
  • Supported by:
    -

摘要: 为解决软件定义网络(SDN,software-defined networking)控制器所面临的DDoS攻击问题,本文提出一个高效率的联合检测和防御机制.联合检测部分采用改进自组织映射(SOM,self-organizing mapping)算法和多维条件熵算法相结合,通过对自组织映射算法的改进,与多维条件熵算法相互提供反馈信息,达到高效联合检测目的.联合防御部分采用常规防御模块与快速防御模块相结合,通过调整优先级的方式针对不同的检测结果采取不同的防御策略.大量实验表明,本文的联合检测机制可以达到95.2%的检测率;与单独的防御机制相比,联合防御机制中控制器的响应时间可以平均降低0.11s.

关键词: 软件定义网络, 分布式拒绝服务攻击, 改进自组织映射算法, 多维条件熵算法, 优先级

Abstract: In order to defend against the DDoS attacks for SDN(software-defined networking) controller, this paper proposed an efficient joint detection and defense mechanism. The joint detection part adopted the combination of improved self-organizing mapping algorithm and multidimensional conditional entropy algorithm. By combining the two methods, the purpose of joint detection was achieved. The joint defense part includes a conventional defense module and a fast defense module, which adopts different defense strategies for different detection results by adjusting the priority. Extensive experimental results showed that the joint detection mechanism can achieve a detection rate of 95.2%, and the response time of the joint defense mechanism to the controller can be reduced by 0.11s on average, compared with the single defense mechanism.

Key words: software-defined networking, distributed denial of service attack, improved self-organizing mapping algorithm, multidimensional conditional entropy algorithm, priority

中图分类号: