DDoS attack detection method based on SDN

A technology of attack detection and attack traffic, applied in the direction of instruments, character and pattern recognition, electrical components, etc., can solve the problems of not giving full play to the SDN network architecture, the detection accuracy rate is not satisfactory, and cannot be well applied to achieve detection speed Fast, high accuracy, less controller resource occupation

Inactive Publication Date: 2021-11-09
KUNMING UNIV OF SCI & TECH
View PDF0 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

When a DDoS attack occurs, the controller will receive a large number of Packet_In messages, and the controller will spend a lot of resources to process these messages. The bandwidth between the switch and the controller may be fully occupied by the surge of traffic, which will greatly reduce network performance. Legitimate requests will not be responded to
At present, most of the detection methods for DDoS attacks are based on the traditional network architecture, which cannot be well applied to SDN. The research on detecting DDoS atta...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DDoS attack detection method based on SDN
  • DDoS attack detection method based on SDN
  • DDoS attack detection method based on SDN

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0060] Embodiment 1: as figure 1 Shown, a kind of DDoS attack detection method based on SDN comprises the following steps:

[0061] (1) Calculate the multidimensional conditional entropy threshold based on the public DDoS dataset;

[0062] (2) Use the M / M / 1 queue theory to calculate the controller entry queue length threshold;

[0063] (3) Monitor the SDN status in real time through the SDN controller, and calculate the conditional entropy of each dimension in the arriving traffic in real time;

[0064] (4) Real-time monitoring of the controller entrance Packet_In data frame queue length through the SDN controller;

[0065] (5) According to the conditional entropy value and queue length value calculated in real time, it is judged whether there is a DDoS attack on the current network. If there is, it will enter step (6), otherwise, the routing regulation will be normally issued to the corresponding switch;

[0066] (6) Send the Packet_In data frame to the fine-grained detect...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a DDoS attack detection method based on an SDN, and belongs to the field of software defined networks. According to the method, the queue theory and the conditional entropy are used as a coarse-grained detection module of the arrival flow in the SDN environment, and machine learning is used as a fine-grained detection module, so malicious flow is accurately detected from legal packets, and the possibility that a server in a network is attacked is reduced while a controller is protected from being attacked. Coarse granularity detection is composed of two parallel detection modules, namely a multi-dimensional conditional entropy detection module and a controller entry queue length detection module, fine granularity detection is triggered when a detection result of any one module exceeds a threshold value, the fine granularity detection module collects flow table items and counter information from a switch based on an OpenFlow protocol for statistical processing, and the traffic is finally judged by using a random forest (RF) classification model which is trained and is placed in the controller, so as to effectively detect the attack traffic and prevent the controller from being damaged.

Description

technical field [0001] The invention relates to an SDN-based DDoS attack detection method, which belongs to the field of software-defined networks. Background technique [0002] Software-Defined Networking (SDN) is a new network architecture with logical centralized control. SDN decouples the control plane and data plane of the network, abstracts the data plane network resources, and supports the unified interface to The network is directly programmed and controlled, and SDN manages the flow of the entire network through the control and distribution of the flow table. In the SDN environment, everything is managed by the controller. According to the OpenFlow protocol, when a new message comes to the switch, the forwarding table in the switch does not have a matching routing rule, and the switch will use the Packet_In data frame to encapsulate it and send it to Controller, requesting new routing rules. After receiving the message, the controller provides the corresponding re...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06G06K9/62
CPCH04L63/1458H04L63/1416G06F18/24323
Inventor 谢汶锦张智斌张三妞徐一轩匡波安
Owner KUNMING UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap