Ldos attack detection and mitigation method based on fgd-fm in sdn

An attack detection and algorithm technology, which is applied in digital transmission systems, secure communication devices, electrical components, etc., can solve the problems of inability to detect and mitigate LDoS attacks, and achieve LDoS attack mitigation, good real-time performance, low false alarm rate and leakage The effect of rate of return

Active Publication Date: 2022-05-13
HUNAN UNIV
View PDF8 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The research on the detection and mitigation of LDoS attacks in SDN mainly has the following problems: there are many studies on detecting and mitigating traditional DoS attacks using SDN, but few studies on LDoS attacks, and the methods for traditional DoS attacks cannot effectively detect and mitigate LDoS attacks. ease

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Ldos attack detection and mitigation method based on fgd-fm in sdn
  • Ldos attack detection and mitigation method based on fgd-fm in sdn
  • Ldos attack detection and mitigation method based on fgd-fm in sdn

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] The LDoS attack detection and mitigation method based on FGD-FM in SDN is mainly divided into the following steps: data collection, attack detection and attack mitigation.

[0027] 1. Data collection. Fixed sampling time Time CW and the sampling interval Δt, the API of the control plane is called periodically based on the sampling interval within the sampling time to obtain the traffic sequence of the switch.

[0028] 2. Attack detection. Using the FGD method to implement fine-grained detection of LDoS attacks, the steps are as follows:

[0029] Step 2.1: Use the Needleman-Wunsch algorithm to collect the UDP (User Datagram Protocol, User Datagram Protocol) traffic sequence A=a 1 ,a 2 ,...,a n Each benchmark comparison vector B=b in the benchmark comparison matrix 1 ,b 2 ,...,b m Perform sequence comparison, and the period corresponding to the vector with the largest similarity score is the period Time of the LDoS attack DU .

[0030] (1) Define the similarity ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an LDoS attack detection and mitigation method based on FGD-FM in SDN, belonging to the field of computer network security. This method calls the API of the SDN control plane to obtain the traffic sequence of the switch, uses the FGD method to detect the LDoS attack, and uses the FM method to mitigate the LDoS attack based on the detection result. The FGD method combines sequence alignment algorithms with machine learning to accurately detect every attack burst. The FM method analyzes the port traffic sequence, locates the attacked port by calculating the suspicious score of each port, and installs flow rules on the switch to discard the attack traffic from the attacker. The method disclosed in the present invention can realize fine-grained LDoS attack detection, has higher accuracy, lower false alarm rate and false negative rate, lower complexity and better real-time performance, and can effectively filter out Attack traffic and ensure the transmission of benign traffic.

Description

technical field [0001] The invention belongs to the field of computer network security, and in particular relates to an FGD-FM-based LDoS attack detection and mitigation method in SDN. Background technique [0002] With the rapid development of the Internet, the security problems faced by the Internet have become more and more complex and serious. DoS (Denial of Service, denial of service) attack is one of the most common security threats, it prevents the target server from providing normal services to legitimate users, and causes huge damage to network performance. [0003] LDoS (Low-rate Denial of Service) attack is a variant of DoS attack proposed by Kuzmanovic and Knightly at the SIGCOMM conference in 2003. It uses the congestion control mechanism of TCP (Transmission Control Protocol) to periodically send short-term high-speed bursts, and adjusts the attack cycle to repeatedly trigger the RTO (Retransmission Timeout, retransmission over time) mechanism to achieve the a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40H04L67/10
CPCH04L63/1416H04L67/10
Inventor 汤澹王曦茵张斯琦施玮陈静文王小彩
Owner HUNAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap