作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2024, Vol. 50 ›› Issue (8): 123-132. doi: 10.19678/j.issn.1000-3428.0067730

• 网络空间安全 • 上一篇    下一篇

基于曲线决策融合的SDN饱和攻击检测方法

崔允贺1,2,3,*(), 赵建朋4, 杨鸿珍4, 李显超1   

  1. 1. 贵州翔明科技有限责任公司, 贵州 贵阳 550025
    2. 贵州大学公共大数据国家重点实验室, 贵州 贵阳 550025
    3. 贵州大学文本计算与认知智能教育部工程研究中心, 贵州 贵阳 550025
    4. 国网浙江省电力有限公司信息通信分公司, 浙江 杭州 310000
  • 收稿日期:2023-05-30 出版日期:2024-08-15 发布日期:2024-08-09
  • 通讯作者: 崔允贺
  • 基金资助:
    国网浙江省电力有限公司科技项目(5211XT220003)

Curve Decision Fusion-Based Saturation Attack Detection Method in SDN

Yunhe CUI1,2,3,*(), Jianpeng ZHAO4, Hongzhen YANG4, Xianchao LI1   

  1. 1. Guizhou Xiangming Technology Co., Ltd, Guiyang 550025, Guizhou, China
    2. State Key Laboratory of Public Big Data, Guizhou University, Guiyang 550025, Guizhou, China
    3. Engineering Research Center of Text Computing and Cognitive Intelligence, Guizhou University, Guiyang 550025, Guizhou, China
    4. Information and Telecommunication Branch, State Grid Zhejiang Electric Power Co., Ltd., Hangzhou 310000, Zhejiang, China
  • Received:2023-05-30 Online:2024-08-15 Published:2024-08-09
  • Contact: Yunhe CUI

摘要:

针对软件定义网络(SDN)交换机和控制器的饱和攻击是SDN中的主要安全问题。在使用集成学习方法检测饱和攻击时, 现有方法通常使用距离或熵值等简单的信息计算方法修正证据, 可能存在信息丢失问题, 降低饱和攻击检测精度。为解决上述问题, 提出一种基于曲线决策融合的饱和攻击检测方法(SACOIN)。SACOIN首先计算多分类器概率矩阵的混乱程度修正多分类器内证据; 随后将多分类器概率矩阵转换为曲线并去除噪声, 提取重构小波的信号特征组成特征矩阵; 然后计算特征矩阵行内互信息, 基于上述互信息修正多分类器间证据; 最后使用D-S证据理论融合修正证据, 得到最终检测结果。实验结果表明, SACOIN在检测针对SDN交换机和控制器的饱和攻击时的准确率、精确率、召回率、F1值分别为92.3%、93%、92.1%、91.3%。

关键词: 饱和攻击, 软件定义网络, 滤波, 决策融合, D-S理论

Abstract:

Saturation attacks against Software Defined Network (SDN) switches and controllers are major security issues in SDN. When using ensemble learning methods to detect saturation attacks, existing methods typically use simple distance or entropy calculations to fix the evidence. This may lead to information loss, thereby decreasing detection accuracy. To overcome this problem, a novel curve decision fusion-based saturation attack detection method SACOIN is proposed. SACOIN first calculates the degree of confusion in the original probability matrix to fix the inter-multiclassifier evidence. The probability matrix of the binary classifier is then converted into a signal, and the noise is removed. SACOIN extracts the signal features from the reconstructed wavelet to form a decision matrix. Subsequently, the mutual information between the rows of the decision matrix is calculated to fix the original evidence of multiple classifiers. Finally, the Dempster-Shafer (D-S) evidence theory is used to combine the evidence and obtain the final detection result. The experimental results show that when detecting saturation attacks targeting SDN switches and controllers, SACOIN can achieve high accuracy, precision, recall, and F1 value of 92.3%, 93%, 92.1%, and 91.3%, respectively.

Key words: saturation attack, Software Defined Network(SDN), filtering, decision fusion, D-S theory