ISSN 1000-1239 CN 11-1777/TP

• 网络技术 •

### SDN中基于信息熵与DNN的DDoS攻击检测模型

1. (天津理工大学计算机科学与工程学院 天津 300384) (计算机病毒防治技术国家工程实验室(天津理工大学) 天津 300457) (天津市智能计算及软件新技术重点实验室(天津理工大学) 天津 300384) (zl_blue87@163.com)
• 出版日期: 2019-05-01
• 基金资助:
国家重点研发计划项目(2018YFC0831405)；天津市自然科学基金项目(18JCZDJC30700)；赛尔网络下一代互联网创新项目(NGII20160121)

### DDoS Attack Detection Model Based on Information Entropy and DNN in SDN

Zhang Long, Wang Jinsong

1. (School of Computer Science and Engineering, Tianjin University of Technology, Tianjin 300384) (National Engineering Laboratory for Computer Virus Prevention and Control Technology (Tianjin University of Technology), Tianjin 300457) (Tianjin Key Laboratory of Intelligence Computing and Novel Software Technology (Tianjin University of Technology), Tianjin 300384)
• Online: 2019-05-01

Abstract: The software defined networking (SDN) decouples the data layer and the control layer of the network, but the controller is in danger of “single node invalidation ”. Attackers launch DDoS attacks to disable the controller and threaten the safety of networks. This paper presents a DDoS detection model based on entropy and deep neural network (DNN), which includes the initial detection module based on entropy-based detection method and the further detection module based on DNN. The initial detection module finds out the suspicious traffic in the network preliminarily by calculating the entropy of source and destination IP address, and then the suspected abnormal traffic with DNN-based DDoS detection module confirms the anomaly traffic. Experiments show that this model has higher recognition rate and accuracy rate than the traditional detection algorithm based on entropy or machine learning. At the same time, the model can shorten the detection time and improve the efficiency of resource utilization.