DoS attack detection method oriented to software defined network

A software-defined network, software-oriented technology, applied in the direction of electrical components, transmission systems, etc., can solve the problems of slow convergence speed and long training time of SOM algorithm, and achieve the effect of real-time and accurate detection

Active Publication Date: 2018-11-16
PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
View PDF4 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The detection method based on the self-organizing map (Self-organizing Maps, SOM) neural network uses the SOM neural ne

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DoS attack detection method oriented to software defined network
  • DoS attack detection method oriented to software defined network
  • DoS attack detection method oriented to software defined network

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0051] Example one:

[0052] Such as figure 1 As shown, a software-defined network-oriented DoS attack detection method of the present invention includes the following steps:

[0053] Step S101: Use the three statistical attributes of single-stream scale SSF, stream address growth rate AGS, and flow table matching rate RSM as the DoS attack detection characteristics of the software-defined network, and mark historical traffic of the collected DoS attacks of the software-defined network Data feature extraction and calculation;

[0054] Step S102: Use a linear function standardization method and a mutation progression method to standardize and normalize the historical flow data after feature extraction and calculation, to obtain standardized and normalized historical flow data;

[0055] Step S103: Use standardized and normalized historical traffic data as a training data set, and use a conditional random field algorithm to construct a software-defined network DoS attack traffic classif...

Example Embodiment

[0057] Embodiment two:

[0058] Such as figure 2 As shown, another software-defined network-oriented DoS attack detection method of the present invention includes the following steps:

[0059] Step S201: Add a mark to the collected historical traffic data of the DoS attack of the software-defined network, and mark it as 0 when it is normal, and mark it as 1 when it is abnormal.

[0060] Step S202: Use the three strongly representative statistical attributes of single-stream scale SSF, stream address growth rate AGS, and stream table matching rate RSM as the detection characteristics of the software-defined network DoS attack, and the collected software-defined network DoS attack Feature extraction and calculation of marked historical traffic data;

[0061] The SSF (Size of a Single Flow) describes the size of each data flow entering the SDN network, including two attribute parameters: the number of flow packets and the number of flow bytes, the average number of flow packets ANPF (a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to the technical field of software defined networks, and especially relates to a DoS attack detection method oriented to a software defined network. The method comprises the following steps: taking Size of a Single Flow SSF, flow Address Growing Speed AGS and ratio of successful matching of flow table RSM as DoS attack detection features of the software defined network, and carrying out feature extraction and calculation on collected historical flow data; performing standardization and normalization processing on the historical flow data after being subjected to the feature extraction and calculation by using a linear function standardized method and a catastrophe progression method; taking the standardized and normalized historical flow data as a training data set, and constructing a DoS attack flow classification model of the software defined network by utilizing a conditional random fields CRF algorithm; and classifying real-time monitoring flow data of the DoSattack of the software defined network by using the generated classification module, and judging whether an abnormality exists. The DoS attack detection method oriented to the software defined network provided by the invention can classify the monitoring flow in real time and judge whether the abnormality exists, thereby performing attack detection.

Description

technical field [0001] The invention relates to the technical field of software-defined networks, in particular to a DoS attack detection method oriented to software-defined networks. Background technique [0002] As a software-based network architecture and technology, software-defined network (Software Defined Network, SDN) has a loosely coupled control plane and data plane, supports centralized network status control, and realizes the transparency of underlying network facilities to upper-layer applications. Through its flexible software programming capabilities, it can greatly improve the automatic management and control capabilities of the network, and effectively solve the problems faced by current network systems such as limited resource expansion, poor networking flexibility, and difficulty in quickly meeting business needs. In recent years, driven by the needs of emerging services represented by cloud computing and big data, technology development and business innov...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1425H04L63/1458
Inventor 郭毅许新忠张连成辜苛峻燕菊维钟华
Owner PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap