基于SDN的DDoS攻击防御系统

计算机与现代化 ›› 2021, Vol. 0 ›› Issue (02): 117-121.

基于SDN的DDoS攻击防御系统

(1.中国石油化工股份有限公司胜利油田分公司物探研究院,山东东营257022；
2.中国石油大学（华东）计算机科学与技术学院，山东青岛266580)

出版日期:2021-03-01 发布日期:2021-03-01
作者简介:王文蔚(1977—),男,江苏淮安人,高级工程师,硕士,研究方向:网络安全,计算机网络和应用,E-mail: wangwenwei028.slyt@sinopec.com；肖军弼(1968—),男,副教授,硕士生导师,研究方向:软件定义网络，计算机网络和应用程序以及网络性能及其优化,E-mail: junbixiao@163.com；程鹏(1994—),男,山东潍坊人,硕士研究生,研究方向:SDN架构下数据中心流量调度,E-mail: chengpeng_wf@126.com；张悦(1997—),女,山东烟台人,本科生,E-mail: 1607010206@s.upc.edu.cn。
基金资助:
油田IPv6工业互联网升级与管理关键技术研究（YKJ1903）；赛尔网络下一代互联网技术创新项目（NGII20190116）

SDN-based DDoS Attack Defense System

(1. Geophysical Prospecting Research Institute of China Petroleum & Chemical Corporation Shengli Oilfield Branch, Dongying 257022,
China； 2. College of Computer Science and Technology, China University of Petroleum（East China), Qingdao 266580, China)

Online:2021-03-01 Published:2021-03-01

摘要/Abstract

摘要： 软件定义网络（SDN）是一种新兴网络架构，通过将转发层和控制层分离，实现网络的集中管控。控制器作为SDN网络的核心，容易成为被攻击的目标，分布式拒绝服务（DDoS）攻击是SDN网络面临的最具威胁的攻击之一。针对这一问题，本文提出一种基于机器学习的DDoS攻击检测模型。首先基于信息熵监控交换机端口流量来判断是否存在异常流量，检测到异常后提取流量特征，使用SVM+K-Means的复合算法检测DDoS攻击，最后控制器下发丢弃流表处理攻击流量。实验结果表明，本文算法在误报率、检测率和准确率指标上均优于SVM算法和K-Means算法。

关键词: 分布式拒绝服务, 软件定义网络；熵；支持向量机； K均值

Abstract: Software Defined Network (SDN) is an emerging network architecture. By separating the forwarding layer and the control layer, centralized management and control of the network is achieved. As the core of the SDN network, the controller is easy to be the target of attacks. Distributed Denial of Service (DDoS) attack is one of the most threatening attacks faced by SDN networks. In response to this problem, this paper proposes a DDoS attack detection model based on machine learning. First, the method monitors the switch port traffic based on information entropy to determine whether there is abnormal traffic. After detecting anomalies, it extracts the flow characteristics and uses the SVM + K-Means composite algorithm to detect DDoS attacks. Finally, the controller delivers a drop flow table to deal with attack traffic. Experimental results show that the algorithm proposed in this paper is superior to SVM algorithm and K-Means algorithm in the indicators of false alarm rate, detection rate and accuracy.

Key words: DDoS(Distributed Denial of Service), SDN(Software Defined Network), entropy, SVM, K-Means

王文蔚, 肖军弼, 程鹏, 张悦. 基于SDN的DDoS攻击防御系统[J]. 计算机与现代化, 2021, 0(02): 117-121.

WANG Wen-wei, XIAO Jun-bi, CHENG Peng, ZHANG Yue. SDN-based DDoS Attack Defense System[J]. Computer and Modernization, 2021, 0(02): 117-121.

参考文献［23］

［1］	NUNES B A A, MENDONCA M, NGUYEN X N, et al. A survey of software-defined networking: Past, present, and future of programmable networks［J］. IEEE Communications Surveys and Tutorials, 2014,16(3):1617-1634.
［2］	左青云,陈鸣,赵广松,等. 基于OpenFlow的SDN技术研究［J］. 软件学报, 2013,24(5):1078-1097.
［3］	KIRKPATRICK K. Software-defined networking［J］. Communications of the ACM, 2013,56(9):16-19.
［4］	ZHOU L N, JIANG H, ZHOU X L. A survey of traceback based on probabilistic packet marking under DDoS attacks［J］. Journal of Physics Conference Series, 2019,1213(5):052057.
［5］	LUKASEDER T, HUNT A, STEHLE C, et al. An extensible Host-agnostic framework for SDN-assisted DDoS-mitigation［C］// 2017 IEEE 42nd Conference on Local Computer Networks. 2017,1:619-622.
［6］	BEHAL S, KUMAR K, SACHDEVA M. D-FACE: An anomaly based distributed approach for early detection of DDoS attacks and flash events［J］. Journal of Network & Computer Applications, 2018,111:49-63.
［7］	HOSSEINI S, AZIZI M. The hybrid technique for DDoS detection with supervised learning algorithms［J］. Computer Networks, 2019,158:35-45.
［8］	YE J， CHENG X Y， JIAN Z, et al. A DDoS attack detection method based on SVM in software defined network［J］. Security and Communication Networks, 2018(4):1-8.
［9］	SHANG G, ZHE P, BIN X, et al. FloodDefender: Protecting data and control plane resources under SDN-aimed DoS attacks［C］// IEEE INFOCOM 2017-IEEE Conference on Computer Communications. 2017:1-9.
［10］	GIOTIS K, ARGYROPOULOS C, ANDROULIDAKIS G, et al. Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments［J］. Computer Networks, 2014,62:122-136.
［11］	GUO R, YIN H, WANG D Q, et al. Research on the active DDoS filtering algorithm based on IP flow［J］. International Journal of Communications Network & System Sciences, 2009,2(7):628-632.
［12］	MOUSAVI S M, ST-HILAIRE M. Early detection of DDoS attacks against software defined network controllers［J］. Journal of Network and Systems Management, 2018,26(3):573-591.
［13］	ROBINSON R R, THOMAS C. Ranking of machine learning algorithms based on the performance in classifying DDoS attacks［C］// 2015 IEEE Recent Advances in Intelligent Computational Systems. 2015, DOI:10.1109/RAICS.2015.7488411.
［14］	梅梦喆. SDN中基于多维条件熵的DDoS攻击检测与防护研究［D］. 南昌:南昌航空大学, 2016.
［15］	孙国友. 云环境SDN/OpenFlow网络中安全可靠的网络控制方法研究［D］. 合肥:中国科学技术大学, 2017.
［16］	肖甫,马俊青,黄洵松,等. SDN环境下基于KNN的DDoS攻击检测方法［J］. 南京邮电大学学报(自然科学版), 2015,35(1):84-88.
［17］	LIU J, LAI Y X, ZHANG S X. FL-GUARD: A detection and defense system for DDoS attack in SDN［C］// Proceedings of 2017 International Conference on Cryptography, Security and Privacy. 2017:107-111.
［18］	THAPNGAM T, YU S, ZHOU W L, et al. Discriminating DDoS attack traffic from flash crowd through packet arrival patterns［C］// 2011 IEEE Conference on Computer Communications Workshops. 2011:952-957
［19］	CHEN Z, JIANG F, CHENG Y J, et al. XGBoost classifier for DDoS attack detection and analysis in SDN-based cloud［C］// IEEE International Conference on Big Data & Smart Computing. 2018:251-256.
［20］	李蕊,张路桥,李海峰,等. 基于熵的网络异常流量检测研究综述［J］. 计算机系统应用, 2017,26(6):36-39.
［21］	DONG S J, XU X Y, CHEN R X. Application of fuzzy C-means method and classification model of optimized K-nearest neighbor for fault diagnosis of bearing［J］. Journal of the Brazilian Society of Mechanical Sciences and Engineering, 2016,38:2255-2263.
［22］	MEHR S Y, RAMAMURTHY B. An SVM based DDoS attack detection method for Ryu SDN controller［C］// Proceedings of the 15th International Conference on Emerging Networking Experiments and Technologies. 2019:72-73.
［23］	GU Y H, LI K Y, GUO Z Y, et al. Semi-supervised K-means DDoS detection method using hybrid feature selection algorithm［J］. IEEE Access, 2019,7:351-365.