DoS attack detection method oriented to software defined network

A software-defined network, software-oriented technology, applied in the direction of electrical components, transmission systems, etc., can solve the problems of slow convergence speed and long training time of SOM algorithm, and achieve the effect of real-time and accurate detection

Active Publication Date: 2018-11-16
PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
View PDF4 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The detection method based on the self-organizing map (Self-organizing Maps, SOM) neural network uses the SOM neural network method for OpenFlow traffic detection, but the SOM algorithm has a slow convergence speed and a long training time

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DoS attack detection method oriented to software defined network
  • DoS attack detection method oriented to software defined network
  • DoS attack detection method oriented to software defined network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0052] Such as figure 1 Shown, a kind of software-defined network-oriented DoS attack detection method of the present invention comprises the following steps:

[0053] Step S101: Taking the three statistical attributes of single-flow scale SSF, flow address growth rate AGS, and flow table matching rate RSM as the DoS attack detection characteristics of software-defined networks, the collected historical traffic of DoS attacks in software-defined networks is marked Data for feature extraction and calculation;

[0054] Step S102: Standardize and normalize the historical flow data after feature extraction and calculation by using the linear function standardization method and the mutation progression method to obtain standardized and normalized historical flow data;

[0055] Step S103: using the standardized and normalized historical traffic data as a training data set, and constructing a DoS attack traffic classification model for a software-defined network using a conditional ...

Embodiment 2

[0058] Such as figure 2 As shown, another DoS attack detection method for software-defined network of the present invention comprises the following steps:

[0059] Step S201: Add a mark to the collected historical traffic data of the DoS attack of the software-defined network, mark it as 0 when it is normal, and mark it as 1 when it is abnormal.

[0060] Step S202: Using the three strongly representative statistical attributes of single-flow scale SSF, flow address growth rate AGS, and flow table matching rate RSM as the DoS attack detection features of the software-defined network, the collected DoS attacks of the software-defined network Marked historical traffic data for feature extraction and calculation;

[0061] The single-flow scale SSF (Size of a Single Flow) describes the size of each data flow entering the SDN network, including two attribute parameters of the number of flow packets and the number of flow bytes, the average value of the number of flow packets ANPF ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to the technical field of software defined networks, and especially relates to a DoS attack detection method oriented to a software defined network. The method comprises the following steps: taking Size of a Single Flow SSF, flow Address Growing Speed AGS and ratio of successful matching of flow table RSM as DoS attack detection features of the software defined network, and carrying out feature extraction and calculation on collected historical flow data; performing standardization and normalization processing on the historical flow data after being subjected to the feature extraction and calculation by using a linear function standardized method and a catastrophe progression method; taking the standardized and normalized historical flow data as a training data set, and constructing a DoS attack flow classification model of the software defined network by utilizing a conditional random fields CRF algorithm; and classifying real-time monitoring flow data of the DoSattack of the software defined network by using the generated classification module, and judging whether an abnormality exists. The DoS attack detection method oriented to the software defined network provided by the invention can classify the monitoring flow in real time and judge whether the abnormality exists, thereby performing attack detection.

Description

technical field [0001] The invention relates to the technical field of software-defined networks, in particular to a DoS attack detection method oriented to software-defined networks. Background technique [0002] As a software-based network architecture and technology, software-defined network (Software Defined Network, SDN) has a loosely coupled control plane and data plane, supports centralized network status control, and realizes the transparency of underlying network facilities to upper-layer applications. Through its flexible software programming capabilities, it can greatly improve the automatic management and control capabilities of the network, and effectively solve the problems faced by current network systems such as limited resource expansion, poor networking flexibility, and difficulty in quickly meeting business needs. In recent years, driven by the needs of emerging services represented by cloud computing and big data, technology development and business innov...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1425H04L63/1458
Inventor 郭毅许新忠张连成辜苛峻燕菊维钟华
Owner PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap