A flow-based ddos ​​attack and flash event detection method

A technology of event detection and events, applied in the direction of electrical components, digital transmission systems, safety communication devices, etc., can solve problems such as increased difficulty, and achieve the effect of improving detection accuracy

Active Publication Date: 2022-02-11
NANJING UNIV OF POSTS & TELECOMM
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This situation makes it more difficult to distinguish between DDoS and flash flooding events

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A flow-based ddos ​​attack and flash event detection method
  • A flow-based ddos ​​attack and flash event detection method
  • A flow-based ddos ​​attack and flash event detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0031] In order to demonstrate the purpose and advantages of the present invention more intuitively and clearly, the present invention will be described in detail below in conjunction with the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are part of the embodiments of the present invention, not all of them. . Based on the implementation manners in the present invention, all other implementation manners obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

[0032] refer to figure 1 , this embodiment proposes a flow-based DDoS attack and flash event detection method in SDN, the applied flow detection method combines Shannon entropy and generalized entropy improved Entropy and streaming multidimensional features, methods include:

[0033]First, build a topology on the Mininet platform, including SDN controllers, OpenFlow switches, source ho...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention relates to a flow-based DDoS attack and flash event detection method. The applied flow detection method combines Shannon entropy, generalized entropy improved entropy and flow multidimensional features. The method includes: analyzing various types of DDoS According to the characteristics of attack and flash event, create multiple types of DDoS attack and flash event traffic; the created traffic will generate SDN unique flow table information in the SDN network; introduce improved ‑entropy based on Shannon entropy and generalized entropy to increase The information distance between different data is conducive to early detection of attack behavior; by obtaining multi-dimensional data of the flow table in the switch, such as protocol type, flow lifetime, Shannon entropy of source / destination IP, generalized entropy, entropy, etc., feature extraction ; Classify different types of DDoS attack traffic, flash event traffic and normal traffic, that is, multi-classification, and compare the detection accuracy of classification methods such as SVM and KNN; adjust the value of the adjustable parameter α of entropy, and combine the optimal classifier Get the best multi-classification accuracy. The present invention utilizes the unique flow table function of the SDN network and combines entropy to detect attacks in time and reduce the false alarm rate of flash crowding events.

Description

technical field [0001] The invention discloses a flow-based DDoS (Distributed Denial of Service) attack and flash crowd event detection method in SDN (Software Defined Network), and belongs to the technical field of computer security. Background technique [0002] With the development of SDN, its security is getting more and more attention. Due to the centralized management and programmable features of SDN, attackers can easily exploit its security vulnerabilities to carry out DDoS attacks. Since the SDN is managed globally by the centralized controller, the switch will forward the unmatched data packets in the flow table to the controller by default, and then the controller sends the flow rule to the switch of the IP. If an attacker sends a large number of packets from multiple IPs, these packets will be forwarded to the controller. This traffic would then consume all available resources of the controller and make access unavailable for legitimate users. In addition, an ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40H04L47/2441H04L45/745H04L45/74
CPCH04L45/745H04L47/2441H04L63/1416H04L63/1458
Inventor 孙国梓姜文醍李华康谷宇任丹妮
Owner NANJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap