云环境下SDN的流量异常检测性能分析

doi:10.3969/j.issn.1006-2475.2015.10.020

计算机与现代化

云环境下SDN的流量异常检测性能分析

(1.中国科学院新疆理化技术研究所，新疆乌鲁木齐 830011; 2.中国科学院大学，北京 100049; 3.核工业理化工程研究院，天津 300180)

收稿日期:2015-05-13 出版日期:2015-10-10 发布日期:2015-10-10
作者简介:马超(1989-)，男，山西阳泉人，中国科学院新疆理化技术研究所硕士研究生，研究方向：SDN，网络安全; 程力(1973-)，男，安徽安庆人，研究员，博士，CCF会员，研究方向：云计算，大数据分析，生物信息学; 孔玲玲（1988-），女，核工业理化工程研究院工程师，研究方向：工业工程。
基金资助:
新疆维吾尔自治区青年科技创新人才培养工程基金资助项目(2014721033)

Performance Analysis of Traffic Anomaly Detection in Cloud-based Software-defined Network

(1. The Xinjiang Technical Institute of Physics & Chemistry, Chinese Academy of Sciences, Urumqi 830011, China;
2. University of Chinese Academy of Sciences, Beijing 100049, China;
3. Research Institute of Physical and Chemical Engineering of Nuclear Industry, Tianjin 300180, China)

Received:2015-05-13 Online:2015-10-10 Published:2015-10-10

摘要/Abstract

摘要： 随着复杂的混合云网络逐渐成为云计算发展的瓶颈，软件定义网络(SDN)技术近年来成为学术界和工业界关注的热点。在网络安全领域，对于应用SDN来解决网络攻击的研究尚处于起步阶段，SDN是否能够高效检测来自内部的网络攻击尚无定论。针对该问题，在分析SDN技术框架的基础上，设计基于OpenStack的云环境实验方案。在传统云环境网络和SDN环境下同时测试2种流量异常检测算法，模拟Flood攻击和端口扫描攻击，分析SDN在检测攻击时的精确度和资源使用率。结果表明，在云环境下利用SDN检测内部威胁时比传统网络环境占用更少的物理内存而不影响精确度，但直接在SDN控制器上部署安全应用的方式也存在性能瓶颈。

关键词: 软件定义网络, 云平台, 流量异常检测, 网络安全, 性能分析

Abstract: The increasing complexity of hybrid cloud networks becomes a bottleneck of cloud computing. As a potential solution, SDN has gained great attentions from both industry and academia, especially in the network security domain. Research on utilizing SDN in network attack detection is still in its inception phase. Specifically, it has not been evaluated whether SDN can efficiently detect internal network attacks in a cloud environment. In this research we implement both SDN and traditional network infrastructures based on OpenStack platform. We simulate both flood and port-scan attacks and utilize two types of traffic anomaly detection algorithms. Experiment results indicate that the SDN method shows better performance in memory usage without degrading its accuracy, while it also suffers performance bottleneck when directly deployed into SDN controllers.

Key words: software defined network (SDN), cloud platform, traffic anomaly detection, network security, performance analysis

中图分类号:

TP393

马超1,2，程力1，孔玲玲3. 云环境下SDN的流量异常检测性能分析[J]. 计算机与现代化, doi: 10.3969/j.issn.1006-2475.2015.10.020.

MA Chao1,2, CHENG Li1, KONG Ling-ling3. Performance Analysis of Traffic Anomaly Detection in Cloud-based Software-defined Network[J]. Computer and Modernization, doi: 10.3969/j.issn.1006-2475.2015.10.020.

参考文献

[1] Kreutz D, Ramos F M V, Verissimo P. Towards secure and dependable software-defined networks[C]// Proceedings of the 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking. 2013:55-60.

[2] Modi C, Patel D, Borisaniya B, et al. A survey on security issues and solutions at different layers of cloud computing[J]. The Journal of Supercomputing, 2013,63(2):561-592.

[3] Deshpande P, Aggarwal A, Sharma S C, et al. Distributed port-scan attack in cloud environment[C]// Proceedings of the 5th International Conference on Computational Aspects of Social Networks (CASoN). 2013:27-31.

[4] Wang Bing, Zheng Yao, Lou Wenjing, et al. DDoS attack protection in the era of cloud computing and software-defined networking[C]// Proceedings of the 22nd IEEE International Conference on Network Protocols (ICNP). 2014:624-629.

[5] Modi C, Patel D, Borisaniya B, et al. A survey of intrusion detection techniques in cloud[J]. Journal of Network and Computer Applications, 2013,36(1):42-57.

[6] Dotcenko S, Vladyko A, Letenko I. A fuzzy logic-based information security management for software-defined networks[C]// Proceedings of the 16th International Conference on Advanced Communication Technology (ICACT). 2014:167-171.

[7] Lim S, Ha J, Kim H, et al. A SDN-oriented DDoS blocking scheme for botnet-based attacks[C]// Proceedings of the 6th International Conference on Ubiquitous and Future Networks (ICUFN). 2014:63-68.

[8] Collings J, Liu Jun. An openFlow-based prototype of SDN-oriented stateful hardware firewalls[C]// Proceedings of the 22nd IEEE International Conference on Network Protocols (ICNP). 2014:525-528.

[9] Suh M, Park S H, Lee B, et al. Building firewall over the software-defined network controller[C]// Proceedings of the 16th International Conference on Advanced Communication Technology (ICACT). 2014:744-748.

[10] Gelberger A, Yemini N, Giladi R. Performance analysis of software-defined networking (SDN)[C]// Proceedings of the 21st IEEE International Symposium on Modeling, Analysis & Simulation of Computer and Telecommunication Systems (MASCOTS). 2013:389-393.

[11] Tsugawa M, Matsunaga A, Fortes J A B. Cloud computing security: What changes with software-defined networking?[M]// Secure Cloud Computing. New York: Springer, 2014:77-93.

[12] McKeown N, Anderson T, Balakrishnan H, et al. OpenFlow: Enabling innovation in campus networks[J]. Computer Communication Review, 2008,38(2):69-74.

[13] Vaughan-Nichols S J. OpenFlow: The next generation of the network?[J]. Computer, 2011,44(8):13-15.

[14] Chang R K C. Defending against flooding-based distributed denial-of-service attacks: A tutorial[J]. IEEE Communications Magazine, 2002,40(10):42-51.

[15] Peng Tao, Leckie C, Ramamohanarao K. Survey of network-based defense mechanisms countering the DoS and DDoS problems[J]. ACM Computing Surveys, 2007,39(1): Article 3.

[16] Darwish M, Ouda A, Capretz L F. Cloud-based DDoS attacks and defenses[C]// Proceedings of the 2013 International Conference on Information Society (i-Society). 2013: 67-71.

[17] Liu Huan. A new form of DOS attack in a cloud and its avoidance mechanism[C]// Proceedings of the 2nd ACM Workshop on Cloud Computing Security. 2010:65-76.

[18] Bhuyan M H, Bhattacharyya D K, Kalita J K. Surveying port scans and their detection methodologies[J]. The Computer Journal, 2011,54(10):1565-1581.

[19] Akbarabadi A, Zamani M, Farahmandian S, et al. An Overview on Methods to Detect Port Scanning Attacks in Cloud Computing[DB/OL]. http://www.wseas.us/e-library/conferences/2013/CambridgeUK/AISE/AISE-30.pdf, 2013-12-22.

[20] Riquet D, Grimaud G, Hauspie M. Large-scale coordinated attacks: Impact on the cloud security[C]// Proceedings of the 6th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS). 2012:558-563.

[21] Schechter S E, Jung J, Berger A W. Fast detection of scanning worm infections[C]// Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection. 2004:59-81.

[22] Twycross J, Williamson M M. Implementing and testing a virus throttle[C]// Proceedings of the 12th USENIX Security Symposium. 2003:285-294.

[23] Mehdi S A, Khalid J, Khayam S A. Revisiting traffic anomaly detection using software defined networking[C]// Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection. 2011:161-180.

[24] McHugh J. The 1998 Lincoln laboratory IDS evaluation[C]// Proceedings of the 3rd International Workshop on Recent Advances in Intrusion Detection. 2000:145-161.

[25] Curtis A R, Mogul J C, Tourrilhes J, et al. DevoFlow: Scaling flow management for high-performance networks[C]// Proceedings of the 2011 ACM SIGCOMM Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications. 2011:254-265.

[26] Sekar V, Egi N, Ratnasamy S, et al. Design and implementation of a consolidated middlebox architecture[C]// Proceedings of the 9th USENIX Symposium on Networked Systems Design and Implementation. 2012:323-336.

云环境下SDN的流量异常检测性能分析

Performance Analysis of Traffic Anomaly Detection in Cloud-based Software-defined Network

可视化

被引次数

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

本文评价

[1]	王重阳, 庄毅. 基于SDN和改进CSA算法的多作业集群的负载均衡算法[J]. 计算机与现代化, 2023, 0(11): 28-35.
[2]	陈晨, 庄毅, 高增. QoE驱动的SDN网络高可用传输框架[J]. 计算机与现代化, 2023, 0(11): 62-68.
[3]	姜厚海, 庄毅, 曹子宁. 一种基于流聚合与拥塞避免的SDN快速故障恢复方案[J]. 计算机与现代化, 2023, 0(10): 77-83.
[4]	张楠, 李温静, 刘彩, 谢可, 马世乾, 肖钧浩, 邹枫. 基于多源数据的电力作业人员实时行为安全预警[J]. 计算机与现代化, 2023, 0(10): 84-91.
[5]	王宏杰, 徐胜超. 基于希尔伯特相似度的云平台异常传输数据聚类方法[J]. 计算机与现代化, 2023, 0(09): 27-31.
[6]	姜厚海, 庄毅, 曹子宁. 一种基于改进BDD的SDN可靠性评估算法[J]. 计算机与现代化, 2023, 0(09): 64-69.
[7]	雷依翰, 曹利峰, 韩孟达, 韩雪. 软件定义天地一体化网络安全切换架构与方法[J]. 计算机与现代化, 2023, 0(08): 119-126.
[8]	杨骏, 王劲林, 倪宏, 盛益强, . 工控网络异常检测中基于灵敏度的动态迁移算法[J]. 计算机与现代化, 2023, 0(05): 46-51.
[9]	毛明扬, 徐胜超. 一种新的复杂网络安全主动防御模型[J]. 计算机与现代化, 2023, 0(04): 118-122.
[10]	潘裕庆, 张苏宁, 冯仁君, 景栋盛. 结合粒子群优化和LightGBM的入侵检测方法[J]. 计算机与现代化, 2023, 0(04): 123-126.
[11]	高枫, 庄毅, 刘骁. 一种基于路径跟踪反馈的SDN网络可信传输方案[J]. 计算机与现代化, 2022, 0(12): 102-110.
[12]	包春晖, 庄毅, 郭黎烨. 面向服务传输的SDN移动网络脆弱性评估模型[J]. 计算机与现代化, 2022, 0(11): 43-51.
[13]	储苏红, 刘磊, . POF协议解析器[J]. 计算机与现代化, 2022, 0(09): 93-98.
[14]	凌致远, 陈晓, 宋磊, . 基于匹配动作表模型的可编程数据平面流表归并[J]. 计算机与现代化, 2022, 0(07): 74-78.
[15]	吴水明, 吉志远, 王震宇, 景栋盛. 基于Dueling-DDQN的电力信息网络入侵检测算法[J]. 计算机与现代化, 2021, 0(12): 43-47.