作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2020, Vol. 46 ›› Issue (4): 157-161,182. doi: 10.19678/j.issn.1000-3428.0054238

• 网络空间安全 • 上一篇    下一篇

SDN环境下基于DBN的DDoS攻击检测

朱婧, 伍忠东, 丁龙斌, 汪洋   

  1. 兰州交通大学 电子与信息工程学院, 兰州 730070
  • 收稿日期:2019-03-14 修回日期:2019-04-15 出版日期:2020-04-15 发布日期:2019-06-03
  • 作者简介:朱婧(1993-),女,硕士研究生,主研方向为信息安全;伍忠东,教授;丁龙斌、汪洋,硕士研究生。
  • 基金资助:
    甘肃省高等学校协同创新团队项目(2017C-09);兰州市科技局科技项目(2018-1-51)。

DDoS Attack Detection Based on DBN in SDN Environment

ZHU Jing, WU Zhongdong, DING Longbin, WANG Yang   

  1. School of Electronic and Information Engineering, Lanzhou Jiaotong University, Lanzhou 730070, China
  • Received:2019-03-14 Revised:2019-04-15 Online:2020-04-15 Published:2019-06-03

摘要: 软件定义网络(SDN)作为新型网络架构模式,其安全威胁主要来自DDoS攻击,建立高效的DDoS攻击检测系统是网络安全管理的重要内容。在SDN环境下,针对DDoS的入侵检测算法具有支持协议少、实用性差等缺陷,为此,提出一种基于深度信念网络(DBN)的DDoS攻击检测算法。分析SDN环境下DDoS攻击的机制,通过Mininet模拟SDN的网络拓扑结构,并使用Wireshark完成DDoS流量数据包的收集和检测。实验结果表明,与XGBoost、随机森林、支持向量机算法相比,该算法具有攻击检测准确性高、误报率低、检测速率快和易于扩展等优势,综合性能较好。

关键词: 软件定义网络, 分布式拒绝服务攻击, DDoS攻击检测, 深度信念网络, 网络安全

Abstract: The main security threats to Software Defined Network(SDN),a new type of network architecture,are from DDoS attacks.Hence,theestablishment of an efficient DDoS attack detection system is importantt to network security management.In the SDN environment,support protocols of existing DDoS intrusion detection algorithms are limited,and the algorithms have poor practicability.To address the problem,this paper proposes a DDoS attack detection algorithm based on Deep Belief Network(DBN).The DDoS attack mechanism in the SDN environment is analyzed.The SDN network topology through Mininet is simulated,and Wireshark is used for collection and detection of DDoS traffic data packets.Experimental results show that compared with XGBoost,random forest,and Support Vector Machine(SVM) algorithms,the proposed algorithm has excellent overall performance with high accuracy,low false alarm rate,fast detection rate and high easy scalability.

Key words: Software Defined Network(SDN), distributed denial of service attack, DDoS attack detection, Deep Belief Network(DBN), cyber security

中图分类号: