计算机工程

• 安全技术 • 上一篇    下一篇

基于软件定义网络的DDoS攻击检测方法及其应用

李鹤飞,黄新力,郑正奇   

  1. (华东师范大学信息科学与技术学院通信工程系,上海 200241)
  • 收稿日期:2015-02-06 出版日期:2016-02-15 发布日期:2016-01-29
  • 作者简介:李鹤飞(1990-),女,硕士研究生,主研方向为网络安全;黄新力,副教授;郑正奇,教授。
  • 基金项目:
    上海市科技创新行动计划基金资助项目“基于开放架构的高可靠软件定义网络体系研究”(13511500400)。

Detection Method of DDoS Attack Based on Software Defined Network and Its Application

LI Hefei,HUANG Xinli,ZHENG Zhengqi   

  1. (Department of Communication Engineering,School of Information Science and Technology, East China Normal University,Shanghai 200241,China)
  • Received:2015-02-06 Online:2016-02-15 Published:2016-01-29

摘要: 根据分布式拒绝服务(DDoS)攻击特性与OpenFlow技术,提出一种基于软件定义网络(SDN)的DDoS攻击检测方法。获取OpenFlow交换机中安装的流表项,构建针对目的地址的流表特征值,并采用支持向量机对训练样本进行分类,实现DDoS攻击的检测。通过将该DDoS攻击检测方法进行原型系统实现并集成到SDN网络环境中,验证了该方法的正确性和有效性,并表明其能在提高DDoS攻击行为检测率的同时明显降低误报率,具有较好的综合检测性能。

关键词: 软件定义网络, OpenFlow技术, 分布式拒绝服务, 流表特征值, 监督学习算法, 攻击检测

Abstract: According to the characteristics of Distributed Denial of Service(DDoS) attack and OpenFlow technology,this paper proposes a novel DDoS attack detection method based on Software Defined Network(SDN).It gets flow-table item installed in OpenFlow switch,constructs the effective global network flow-table characteristic values for destination address,and classifies the training sample by using Support Vector Machine(SVM) to realize DDoS attack on-line detection.It implements prototype system of DDoS attack detection methods and makes it integrate into the SDN environment to verify the correctness and validity of the method.Experimental result shows that this method can improve the DDoS attack Detection Rate(DR) and decrease False Alarm Rate(FR),and it has good comprehensive performance.

Key words: Software Defined Network(SDN), OpenFlow technology, Distributed Denial of Service(DDoS), flow-table characteristic value, supervised learning algorithm, attack detection

中图分类号: