基于对象特征的软件定义网络分布式拒绝服务攻击检测方法

doi:10.11999/JEIT160370

摘要
图/表
参考文献(19)
相关文章 (12)

全文: PDF (1408 KB)
输出: BibTeX | EndNote (RIS)

摘要

软件定义网络(SDN)受到分布式拒绝服务(DDoS)攻击时，攻击方会发送大量数据包，产生大量新的终端标识占用网络连接资源，影响网络正常运转。为准确发现受攻击对象，检测被占用资源，利用GHSOM技术，该文提出基于对象特征的DDoS攻击检测方法。首先，结合SDN网络及攻击特点，提出基于目的地址的检测7元组，并以此作为判断目标地址是否受到DDoS攻击的检测元素；然后，采用模块化设计，将GHSOM算法应用于SDN网络DDoS攻击的分析检测中，并在OpenDayLight的仿真平台上完成了仿真实验。实验结果显示，该文提出的检测7元组可有效检测目标对象是否受到DDoS攻击。

	服务

	把本文推荐给朋友
	加入我的书架
	加入引用管理器
	E-mail Alert
	RSS
	作者相关文章
	姚琳元
	董平
	张宏科

关键词 ：软件定义网络, 7元组, 自组织映射, 分布式拒绝服务

Abstract：

During the Distributed Denial of Service (DDoS) attack happening in Software Defined Network (SDN) network, the attackers send a large number of data packets. Large quantities of new terminal identifiers are generated. Accordingly, the network connection resources are occupied, obstructing the normal operation of the network. To detect the attacked target accurately, and release the occupied resources, a DDoS attack detection method based on object features with the GHSOM technology is provided. First, the seven-tuple is proposed for detection to determine whether the target address is under attack by DDoS. Then, a simulation platform is built, which is based on the OpenDayLight controller. GHSOM algorithm is applied to the network. Simulation experiments are performed to validate the feasibility of the detection method. The results show that the seven-tuple for detection can effectively confirm whether the target object is under a DDoS attack.

Key words： Software Defined Network (SDN) Seven-tuple Self-organization mapping Distributed Denial of Service (DDoS)

收稿日期: 2016-04-18 出版日期: 2016-12-20

PACS:

TP393

基金资助:

国家973重点基础研究发展计划(2013CB329100)，国家863高技术研究发展计划(2015AA016103)，国家自然科学基金(61301081)，国家电网公司科技项目([2016]377)

通讯作者: 董平 E-mail: pdong@bjtu.edu.cn

作者简介: 姚琳元：男，1988年生，博士生，研究方向为下一代互联网网络层关键技术. 董平：男，1979年生，副教授，研究方向为新一代互联网、移动、安全. 张宏科：男，1957年生，教授，博士生导师，研究方向为下一代互联网架构、协议理论与技术、移动互联网络路由、传感器网络技术等.

引用本文:

姚琳元,董平,张宏科. 基于对象特征的软件定义网络分布式拒绝服务攻击检测方法[J]. 电子与信息学报, 2017, 39(2): 381-388. YAO Linyuan, DONG Ping, ZHANG Hongke. Distributed Denial of Service Attack Detection Based on Object Character in Software Defined Network. JEIT, 2017, 39(2): 381-388.

链接本文:

http://jeit.ie.ac.cn/CN/10.11999/JEIT160370 或 http://jeit.ie.ac.cn/CN/Y2017/V39/I2/381

[1]	BENSON T, AKELLA A, and MALTZ D A. Unraveling the Complexity of Network Management[C]. 6th USENIX Symposium on Networked Systems Design and Implementation, Boston, MA, USA, 2009: 335-348.
[2]	KREUTZ D, RAMOS F M V, ESTEVES VERISSIMO P, et al. Software-defined networking: A comprehensive survey[J]. Proceedings of the IEEE, 2015, 103(1): 14-76. doi: 10.1109/ jproc.2014.2371999.
[3]	MCKEOWN N. How SDN will shape networking[C]. Open Networking Summit, Palo Alto, CA, USA, 2011: 56-61.
[4]	SHENKER S, CASADO M, KOPONEN T, et al. The future of networking, and the past of protocols[C]. Open Networking Summit, Palo Alto, CA, USA, 2011: 24-29.
[5]	KANDOI R and ANTIKAINEN M. Denial-of-service attacks in OpenFlow SDN networks[C]. 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM), Ottawa, BC, Canada, 2015: 1322-1326. doi: 10.1109/inm.2015.7140489.
[6]	SHIN S, YEGNESWARAN V, PORRAS P, et al. Avant- guard: Scalable and vigilant switch flow management in software-defined networks[C]. Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, Berlin, Germany, 2013: 413-424. doi: 10.1145/ 2508859.2516684.
[7]	ASHRAF J and LATIF S. Handling intrusion and DDoS attacks in software defined networks using machine learning techniques[C]. IEEE 2014 National Software Engineering Conference (NSEC), Event-Karachi, Pakistan, 2014: 55-60. doi: 10. 1109/nsec.2014.6998241.
[8]	杨雅辉, 姜电波, 沈晴霓, 等. 基于改进的GHSOM的入侵检测研究[J]. 通信学报, 2011, 32(1): 121-126. doi: 10.3969/j. issn.1000-436X.2011.01.016.
	YANG Yahui, JIANG Dianbo, SHEN Qingni, et al. Research on intrusion detection based on an improved GHSOM[J]. Journal on Communications, 2011, 32(1): 121-126. doi: 10. 3969/j.issn.1000-436X.2011.01.016.
[9]	BRAGA R, MOTA E, and PASSITO A. Lightweight DDoS flooding attack detection using NOX/OpenFlow[C]. IEEE 2010 35th Conference on Local Computer Networks (LCN), Denver, Colorado, USA, 2010: 408-415. doi: 10.1109/lcn. 2010.5735752.
[10]	MOUSAVI S M and ST-HILAIRE M. Early detection of DDoS attacks against SDN controllers[C]. IEEE 2015 International Conference on Computing, Networking and Communications (ICNC), Anaheim, California, USA, 2015: 77-81. doi: 10.1109/iccnc.2015.7069319.
[11]	GIOTIS K, ARGYROPOULOS C, ANDROULIDAKIS G, et al. Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments[J]. Computer Networks, 2014, 6(2): 122-136. doi: 10.1016/j.bjp.2013.10.014.
[12]	PORRAS P, SHIN S, YEGNESWARAN V, et al. A security enforcement kernel for OpenFlow networks[C]. Proceedings of the First Workshop on Hot Topics in Software Defined Networks, Helsinki, Finland, 2012: 121-126. doi: 10.1145/ 2342441.2342466.
[13]	MIHAI-GABRIEL I and VICTOR-VALERIU P. Achieving DDoS resiliency in a software defined network by intelligent risk assessment based on neural networks and danger theory[C]. IEEE 2014 15th International Symposium on Computational Intelligence and Informatics (CINTI), Budapest, Hungary, 2014: 319-324. doi: 10.1109/CINTI. 2014.7028696.
[14]	RAUBER A, MERKL D, and DITTENBACH M. The growing hierarchical self-organizing map: exploratory analysis of high-dimensional data[J]. IEEE Transactions on Neural Networks, 2002, 13(6): 1331-1341. doi: 10.1109/tnn. 2002.804221.
[15]	HUANG S Y and HUANG Y. Network forensic analysis using growing hierarchical SOM[C]. IEEE 2013 13th International Conference on Data Mining Workshops (ICDMW), Brisbane, Australia, 2013: 536-543. doi: 10.1109/icdmw.2013.66.
[16]	RAUBER. The GHSOM Architecture and Training Process [OL]. http://www.ifs.tuwien.ac.at/~andi/ghsom/description.
	html, 2016.
[17]	鲍旭华, 洪海, 曹志华. 破坏之王: DDoS攻击与防范深度剖析[M]. 北京: 机械工业出版社, 2014: 20-76.
	BAO Xuhua, HONG Hai, AND CAO Zhihua. The King of Destruction: DDoS Attact and Defense Depth Analysis[M]. Beijing: China Machine Press, 2014: 20-76.
[18]	BORGNAT P, DEWAELE G, FUKUDA K, et al. Seven years and one day: Sketching the evolution of internet traffic[C]. IEEE 2009 INFOCOM, Rio de Janeiro, Brazil, 2009: 711-719. doi: 10.1109/infcom.2009.5061979.
[19]	KENJIRO Cho. MAWI working group traffic archive[OL]. http://mawi.wide.ad.jp/mawi/, 2016.