高级检索

    SDN中基于信息熵与DNN的DDoS攻击检测模型

    DDoS Attack Detection Model Based on Information Entropy and DNN in SDN

    • 摘要: 软件定义网络(software defined networking, SDN)解耦了网络的数据层与控制层,同时控制器也面临“单点失效”的危险.攻击者可以发起分布式拒绝服务攻击(distributed denial of service, DDoS)使控制器失效,影响网络安全.为解决SDN中的DDoS流量检测问题,创新性地提出了基于信息熵与深度神经网络(deep neural network, DNN)的DDoS检测模型.该模型包括基于信息熵的初检模块和基于深度神经网络DNN的DDoS流量检测模块.初检模块通过计算数据包源、目的IP地址的信息熵值初步发现网络中的可疑流量,并利用基于DNN的DDoS检测模块对疑似异常流量进行进一步确认,从而发现DDoS攻击.实验表明:该模型对DDoS流量的识别率达到99%以上,准确率也有显著提高,误报率明显优于基于信息熵的检测方法.同时,该模型还能缩短检测时间,提高资源使用效率.

       

      Abstract: The software defined networking (SDN) decouples the data layer and the control layer of the network, but the controller is in danger of “single node invalidation ”. Attackers launch DDoS attacks to disable the controller and threaten the safety of networks. This paper presents a DDoS detection model based on entropy and deep neural network (DNN), which includes the initial detection module based on entropy-based detection method and the further detection module based on DNN. The initial detection module finds out the suspicious traffic in the network preliminarily by calculating the entropy of source and destination IP address, and then the suspected abnormal traffic with DNN-based DDoS detection module confirms the anomaly traffic. Experiments show that this model has higher recognition rate and accuracy rate than the traditional detection algorithm based on entropy or machine learning. At the same time, the model can shorten the detection time and improve the efficiency of resource utilization.

       

    /

    返回文章
    返回