DDoS attack and shanyong event detection method based on stream

A technology of event detection and event, applied in the field of computer security, can solve problems such as increased difficulty and achieve the effect of improving detection accuracy

Active Publication Date: 2019-01-11
NANJING UNIV OF POSTS & TELECOMM
View PDF7 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This situation makes it more difficult to distinguish between DDoS and flash flooding events

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DDoS attack and shanyong event detection method based on stream
  • DDoS attack and shanyong event detection method based on stream
  • DDoS attack and shanyong event detection method based on stream

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0031] In order to demonstrate the purpose and advantages of the present invention more intuitively and clearly, the present invention will be described in detail below in conjunction with the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are part of the embodiments of the present invention, not all of them. . Based on the implementation manners in the present invention, all other implementation manners obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

[0032] refer to figure 1 , this embodiment proposes a flow-based DDoS attack and flash event detection method in SDN, the applied flow detection method combines Shannon entropy and generalized entropy improved Entropy and streaming multidimensional features, methods include:

[0033]First, build a topology on the Mininet platform, including SDN controllers, OpenFlow switches, source ho...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention relates to a DDoS attack and shanyong event detection method based on stream. The applied stream detection method combines [phi]-entropy improved based on shannon entropy and general entropy and the stream multi-dimensional features. The method comprises the steps of: analyzing multiple types of DDoS attack and shanyong event features, and making multiple types of DDoS attackand shanyong event flow, wherein the made flow can generate particular flow table data of an SDN in the SDN; introducing the [phi]-entropy improved based on shannon entropy and general entropy to increase the information distance between different data to facilitate discovering of attack behaviors as soon as possible; obtaining the multi-dimensional data of the flow table in a switch, such as a protocol type, the flow survival time, the shannon entropy and the general entropy of source / target IPs and the [phi]-entropy, performing feature extraction; classifying different types of DDoS attackflows, the shanyong event flow and the normal flow, namely multi-classification, comparing the detection accuracy of the classification methods such as the SVM and the KNN; and regulating the value ofan adjustable parameter [Alpha] of the [phi]-entropy, and combining an optimum classifier to obtain an optimal multi-classification accuracy. The DDoS attack and shanyong event detection method basedon stream employs the particular flow table function of the SDN and combines the [phi]-entropy to timely detect attacks when the attacks generate and reduce the false alarm rate of the shanyong event.

Description

technical field [0001] The invention discloses a flow-based DDoS (Distributed Denial of Service) attack and flash crowd event detection method in SDN (Software Defined Network), and belongs to the technical field of computer security. Background technique [0002] With the development of SDN, its security is getting more and more attention. Due to the centralized management and programmable features of SDN, attackers can easily exploit its security vulnerabilities to carry out DDoS attacks. Since the SDN is managed globally by the centralized controller, the switch will forward the unmatched data packets in the flow table to the controller by default, and then the controller sends the flow rule to the switch of the IP. If an attacker sends a large number of packets from multiple IPs, these packets will be forwarded to the controller. This traffic would then consume all available resources of the controller and make access unavailable for legitimate users. In addition, an ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L12/851H04L12/741H04L45/74
CPCH04L45/745H04L47/2441H04L63/1416H04L63/1458
Inventor 孙国梓姜文醍李华康谷宇任丹妮
Owner NANJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap