During the Distributed Denial of Service (DDoS) attack happening in Software Defined Network (SDN) network, the attackers send a large number of data packets. Large quantities of new terminal identifiers are generated. Accordingly, the network connection resources are occupied, obstructing the normal operation of the network. To detect the attacked target accurately, and release the occupied resources, a DDoS attack detection method based on object features with the GHSOM technology is provided. First, the seven-tuple is proposed for detection to determine whether the target address is under attack by DDoS. Then, a simulation platform is built, which is based on the OpenDayLight controller. GHSOM algorithm is applied to the network. Simulation experiments are performed to validate the feasibility of the detection method. The results show that the seven-tuple for detection can effectively confirm whether the target object is under a DDoS attack.
姚琳元,董平,张宏科. 基于对象特征的软件定义网络分布式拒绝服务攻击检测方法[J]. 电子与信息学报, 2017, 39(2): 381-388.
YAO Linyuan, DONG Ping, ZHANG Hongke. Distributed Denial of Service Attack Detection Based on Object Character in Software Defined Network. JEIT, 2017, 39(2): 381-388.
BENSON T, AKELLA A, and MALTZ D A. Unraveling the Complexity of Network Management[C]. 6th USENIX Symposium on Networked Systems Design and Implementation, Boston, MA, USA, 2009: 335-348.
[2]
KREUTZ D, RAMOS F M V, ESTEVES VERISSIMO P, et al. Software-defined networking: A comprehensive survey[J]. Proceedings of the IEEE, 2015, 103(1): 14-76. doi: 10.1109/ jproc.2014.2371999.
[3]
MCKEOWN N. How SDN will shape networking[C]. Open Networking Summit, Palo Alto, CA, USA, 2011: 56-61.
[4]
SHENKER S, CASADO M, KOPONEN T, et al. The future of networking, and the past of protocols[C]. Open Networking Summit, Palo Alto, CA, USA, 2011: 24-29.
[5]
KANDOI R and ANTIKAINEN M. Denial-of-service attacks in OpenFlow SDN networks[C]. 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM), Ottawa, BC, Canada, 2015: 1322-1326. doi: 10.1109/inm.2015.7140489.
[6]
SHIN S, YEGNESWARAN V, PORRAS P, et al. Avant- guard: Scalable and vigilant switch flow management in software-defined networks[C]. Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, Berlin, Germany, 2013: 413-424. doi: 10.1145/ 2508859.2516684.
[7]
ASHRAF J and LATIF S. Handling intrusion and DDoS attacks in software defined networks using machine learning techniques[C]. IEEE 2014 National Software Engineering Conference (NSEC), Event-Karachi, Pakistan, 2014: 55-60. doi: 10. 1109/nsec.2014.6998241.
YANG Yahui, JIANG Dianbo, SHEN Qingni, et al. Research on intrusion detection based on an improved GHSOM[J]. Journal on Communications, 2011, 32(1): 121-126. doi: 10. 3969/j.issn.1000-436X.2011.01.016.
[9]
BRAGA R, MOTA E, and PASSITO A. Lightweight DDoS flooding attack detection using NOX/OpenFlow[C]. IEEE 2010 35th Conference on Local Computer Networks (LCN), Denver, Colorado, USA, 2010: 408-415. doi: 10.1109/lcn. 2010.5735752.
[10]
MOUSAVI S M and ST-HILAIRE M. Early detection of DDoS attacks against SDN controllers[C]. IEEE 2015 International Conference on Computing, Networking and Communications (ICNC), Anaheim, California, USA, 2015: 77-81. doi: 10.1109/iccnc.2015.7069319.
[11]
GIOTIS K, ARGYROPOULOS C, ANDROULIDAKIS G, et al. Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments[J]. Computer Networks, 2014, 6(2): 122-136. doi: 10.1016/j.bjp.2013.10.014.
[12]
PORRAS P, SHIN S, YEGNESWARAN V, et al. A security enforcement kernel for OpenFlow networks[C]. Proceedings of the First Workshop on Hot Topics in Software Defined Networks, Helsinki, Finland, 2012: 121-126. doi: 10.1145/ 2342441.2342466.
[13]
MIHAI-GABRIEL I and VICTOR-VALERIU P. Achieving DDoS resiliency in a software defined network by intelligent risk assessment based on neural networks and danger theory[C]. IEEE 2014 15th International Symposium on Computational Intelligence and Informatics (CINTI), Budapest, Hungary, 2014: 319-324. doi: 10.1109/CINTI. 2014.7028696.
[14]
RAUBER A, MERKL D, and DITTENBACH M. The growing hierarchical self-organizing map: exploratory analysis of high-dimensional data[J]. IEEE Transactions on Neural Networks, 2002, 13(6): 1331-1341. doi: 10.1109/tnn. 2002.804221.
[15]
HUANG S Y and HUANG Y. Network forensic analysis using growing hierarchical SOM[C]. IEEE 2013 13th International Conference on Data Mining Workshops (ICDMW), Brisbane, Australia, 2013: 536-543. doi: 10.1109/icdmw.2013.66.
[16]
RAUBER. The GHSOM Architecture and Training Process [OL]. http://www.ifs.tuwien.ac.at/~andi/ghsom/description.
BAO Xuhua, HONG Hai, AND CAO Zhihua. The King of Destruction: DDoS Attact and Defense Depth Analysis[M]. Beijing: China Machine Press, 2014: 20-76.
[18]
BORGNAT P, DEWAELE G, FUKUDA K, et al. Seven years and one day: Sketching the evolution of internet traffic[C]. IEEE 2009 INFOCOM, Rio de Janeiro, Brazil, 2009: 711-719. doi: 10.1109/infcom.2009.5061979.
[19]
KENJIRO Cho. MAWI working group traffic archive[OL]. http://mawi.wide.ad.jp/mawi/, 2016.