Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A ddos ​​attack detection system based on software defined network

A software-defined network and attack detection technology, which is applied in transmission systems, electrical components, computer components, etc., can solve problems such as controller burden and attack detection delay, and achieve the effects of reducing burden, improving response speed, and improving accuracy

Active Publication Date: 2021-08-31
SHANDONG UNIV
View PDF1 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] At present, the SDN-based DDoS attack detection scheme mainly obtains the flow table information of the switches in the entire network periodically through the controller, and runs anomaly detection algorithms based on statistics and machine learning to detect abnormal attacks. The expansion of the network scale will bring a greater burden to the controller, resulting in delays in attack detection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A ddos ​​attack detection system based on software defined network
  • A ddos ​​attack detection system based on software defined network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0030] In order to describe the technical content of the present invention more clearly, the present invention will be further described below in conjunction with the accompanying drawings.

[0031] The invention designs a DDoS attack detection system based on software-defined network. The invention combines the information entropy early warning of the data plane with the SVM detection of the control plane, and designs a DDoS attack detection system based on the software-defined network. Aiming at the problems of slow response time of DDoS attack detection and heavy burden on the controller in the software-defined network, the system calculates the relevant entropy value through the programmable OpenFlow border switch for early warning, and if abnormality is found, it will alert the controller and limit the flow rate of the relevant port , and use the SVM algorithm to detect the abnormal flow, and guide the switch to discard it, thus improving the response speed of the system ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a DDoS attack detection method based on a software-defined network, and belongs to the technical field of software-defined network security defense. The detection system includes an attacking host, a victim host, an OpenFlow switch layer, and an SDN control layer. This method divides the detection process into two parts. First, the flow information passing through the border switch is counted on the switch at the edge of the network. According to the information entropy theory, the destination IP address and the degree of dispersion of single flow distribution are calculated. Alert, limit the flow rate of the relevant port, and start the SVM detection of the controller. By extracting the deep characteristics of the flow, it can detect the abnormal flow more accurately and guide the switch to discard it. The system combines the detection of the data plane and the control plane, improves the response time of the detection, reduces the burden of the controller, and has practical application value.

Description

technical field [0001] The invention belongs to the technical field of network security, in particular to the technical field of software-defined network security defense. Background technique [0002] With the development of cloud computing, big data and other emerging technologies, the network traffic is constantly increasing, and the traditional network architecture with IP as the core is difficult to meet the requirements of network scalability, management and flexibility. Software Defined Network (Software Defined Network, SDN) is a new type of network architecture, which was born in the research project of Stanford University in the United States. Its core idea is the separation of numerical control, concentrating the control functions of the network on the controller, and endowing the network with programmability. Guide the data forwarding of the bottom switch, thereby improving the flexibility and scalability of the network, and making it more convenient for the mana...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06G06K9/62
CPCH04L63/1416H04L63/1458H04L63/1425G06F18/2411
Inventor 刘琚张吉成于山山姚仕聪王磊王京
Owner SHANDONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com