Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

DDOS attack detection method based on software defined network

A software-defined network and attack detection technology, applied in electrical components, digital transmission systems, security communication devices, etc., can solve the problems of reduced detection accuracy, misjudgment of suspicious traffic, invalid detection, etc., to improve detection accuracy, reduce The effect of detecting delay and avoiding double counting

Active Publication Date: 2022-07-01
XIDIAN UNIV
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

But, (1) the one-level detection DDoS attack method in this invention only filters suspicious traffic by comparing the relation of source IP entropy value and its setting threshold value, can cause suspicious traffic to be misjudged as normal traffic filtering, thereby reduces detection Accuracy
(2) The second-level detection DDoS attack method in this invention adopts a method based on machine learning, and the training data set it adopts is the traffic in the experimental network and the normal traffic and attack traffic in the existing DARPA data set, and produces a DDoS attack by training If the detection function is used, the second-level detection can only detect DDoS attacks that conform to the function, and cannot detect strong concealment or new DDoS attacks, resulting in a decrease in detection accuracy.
(3) In this invention, the sliding window mechanism is adopted to calculate the entropy value, counting the five-element eigenvalues ​​of each current window will cause repeated counting of the five-element eigenvalues ​​of the data packet, and the amount of calculation is huge, resulting in a delay in detection. When large, DDoS attacks have already occurred, resulting in invalid detection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DDOS attack detection method based on software defined network
  • DDOS attack detection method based on software defined network
  • DDOS attack detection method based on software defined network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0031] Below in conjunction with accompanying drawing and specific embodiment, the present invention is described in further detail:

[0032] refer to figure 1 , the present invention comprises the steps:

[0033] Step 1) Build a distributed denial of service DDoS attack detection architecture based on software-defined network SDN:

[0034] A distributed denial of service DDoS attack detection architecture based on software-defined network SDN is constructed, including a control layer and a data layer; the control layer adopts an SDN controller including a packet capture module, a stream data processing module and a DDoS attack detection module, and the data The layer includes M OpenFlow switches S=[S 1 ,...,S m ,...,S M ], per OpenFlow switch S m Include OpenFlow flow table K m , K m Contains flow entry matching rules and R flow entries [k m1 ,k m2 ,...,k mr ,...,k mR ], each flow entry k mr Contains matching fields and processing instructions; where M≥1, S m rep...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention proposes a DDoS attack detection method based on a software-defined network, which is used to solve the technical problems of low accuracy and high delay when detecting DDoS attacks in an SDN network in the prior art. The implementation steps are: constructing a software-defined network DDoS attack detection architecture of the network, each OpenFlow switch S in the data layer m Receive data packets and forward them, the packet capture module in the SDN controller captures data packets and forwards them, the stream data processing module in the SDN controller obtains stream data sets, and the DDoS attack detection module in the SDN controller obtains DDoS attack detection result. The software-defined network-based DDoS attack detection framework and DDoS attack detection module adopted by the present invention detect DDoS attacks by combining entropy and network self-similarity, which can significantly improve the accuracy of DDoS attack detection and reduce time delay.

Description

technical field [0001] The invention belongs to the field of computer network security, and relates to a DDoS attack detection method, in particular to a distributed denial of service DDoS attack detection method based on a software-defined network SDN. Background technique [0002] With the rapid development of computer network technology, the destructive behavior of network attacks is also increasing. Among them, the DDoS (Distributed Denial of Service) attack has amazing destructive power and huge impact, and is a serious threat to network security. DDoS attacks refer to deliberately attacking the flaws in the implementation of network protocols or directly exhausting the resources of the attack target, so that the attack target cannot provide normal services or stop responding or even collapse completely. [0003] SDN (Software Defined Network) is a new type of network architecture. Its core technology is to separate control and forwarding. Control is realized by the co...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40
CPCH04L63/1425H04L63/1416H04L63/1458
Inventor 赵楠刘越张哲闻
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com