A DDoS attack detection and defense method and system in a software-defined network

A software-defined network and attack detection technology, which is applied in the field of network security to achieve the effect of reducing load and high detection accuracy

Active Publication Date: 2018-12-14
HUAZHONG UNIV OF SCI & TECH
View PDF7 Cites 46 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, this method must consider how to reasonably evaluate the relationship between the three feature quantities to detect DDoS attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A DDoS attack detection and defense method and system in a software-defined network
  • A DDoS attack detection and defense method and system in a software-defined network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0034] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0035] figure 1 It is a flowchart of a DDoS attack detection and defense method in a software-defined network provided by the present invention. Such as figure 1 As shown, the method includes the following steps:

[0036] S1. Collect the packet_in data packets sent to the controller on the switch;

[0037] S2. adopt the sliding window mechanism to extract the source IP, source port, destination IP, destination port and protocol type five-element feature of the data packet in each window, and calculate the entropy value of the five-element feature of each window;

[0038] S3. judge whether the s...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a DDoS attack detection and defense method and system in a software-defined network. The method comprises:the quintuple features of source IP, source port, destination IP, destination port and protocol type are extracted and the quintuple feature entropy is calculated; whether the IP entropy value of the window source exceeds the threshold value is judged, if yes, it is determined that the window source IP entropy value is suspicious traffic, otherwise, the window traffic is filtered; machine learning is used to judge whether the suspicious traffic exists attack, if yes, it is judged as attack traffic, otherwise, the suspicious traffic is filtered; the switch port with the largest IP entropy value in the attack traffic is marked as a suspicious port, which is repeatedly detected as a suspicious port and is judged as an attack port; defense rules are issued to the switch where the attack port is located and attack traffic is filtered from the forwarding layer. The invention combines quintuple characteristic entropy value and machine learning algorithm to detect DDoS attack, locates and takes defensive measures in time, filters a large amount of malicious traffic from the forwarding layer, and protects the controller and the switch.

Description

technical field [0001] The invention belongs to the field of network security, and more specifically relates to a DDoS attack detection and defense method and system in a software-defined network. Background technique [0002] Software Defined Network (Software Defined Network, SDN) is a new type of network architecture, which has the characteristics of separation of control and forwarding, centralized control and programmability. Its centralized control feature provides great convenience for software programming, but it also brings a series of security problems. The SDN controller centrally manages network resources. Once the controller fails at a single point, the entire network will face the risk of paralysis. [0003] Among various network security issues, DDoS (Distributed Denial of Service, Distributed Denial of Service) attack is a distributed, large-scale coordinated network attack method, which is easy to launch, difficult to defend, and extremely easy to damage th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1458
Inventor 于俊清余畅李冬
Owner HUAZHONG UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap