Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

DDoS attack detection method based on SDN

An attack detection and purpose technology, applied in the field of software-defined network, can solve the problems that are difficult to be precise and large in number

Pending Publication Date: 2021-06-18
KUNMING UNIV OF SCI & TECH
View PDF6 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

DDoS attack detection based on machine learning: high accuracy, but most of the machine learning-based ones are simply one of the machine learning for training
DDoS attack detection based on statistical analysis: Obtain network traffic data for statistical distribution processing, only distribute IP addresses, but DDoS has many IP addresses for camouflage, and the number is huge, it is difficult to be accurate

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DDoS attack detection method based on SDN
  • DDoS attack detection method based on SDN
  • DDoS attack detection method based on SDN

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0052] Embodiment 1: a kind of DDoS attack detection method based on SDN, comprises the following steps:

[0053] 1) Count the flow entries in the SDN and preprocess them.

[0054] 2) Feature extraction.

[0055] 3) Preliminary model training.

[0056]4) Select 3-4 optimal models as the base model, and then train.

[0057] 5) Attack detection and judgment.

[0058] Further, said step 1) includes the following steps:

[0059] Count the matching field and counter information in the flow entry, protocol, srcIP, dstIP, srcPort, dstPort, pCount represent the matching protocol type, source address, destination address, source port, destination port, and the number of data packets of the flow entry in turn. Assuming that the OpenFlow switch is extracted with a cycle T, the total number of different flow entries is N, and the set is flowSet={(protocol,srcIPi,dstIP,srcPorti,dstPort,pCount,i=l,2,...N }, the DDoS attack detection algorithm needs to periodically extract the flow entry...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a DDoS attack detection method based on an SDN, belonging to the field of software defined networks. Normal and attack flow tables are collected in the SDN, and then the flow tables are processed; logistic regression, a support vector machine, K nearest neighbor, a decision tree, a random forest, integrated learning bagging, stochastic gradient, integrated learning Gradient and a limit gradient boosting tree are used for training the collected flow tables, and all optimal hyper-parameter models are put together; a function is called to calculate each index value, each value is put into a data model, an optimal parameter model is selected as a base model, and prediction results of the optimal model are integrated as a model; the collected flow tables are trained and predicted; the final integrated learning prediction result is obviously higher than the previous individual prediction result of each model; and finally, the trained integrated model is put into a controller, so that DDoS attack can be effectively detected, and effective defense can be carried out when an attack arrives.

Description

technical field [0001] The invention relates to an SDN-based DDoS attack detection method, which belongs to the field of software-defined networks. Background technique [0002] Software Defined Networking (SDN) is a new type of network architecture proposed by Stanford University in the United States. Compared with traditional networks, SDN realizes the separation of the data layer and the control layer. Distributed denial of service attacks (distributed denial of service attacks, DDoS) has been one of the main threats to Internet security. After multiple puppet hosts are controlled by the attacker, they send a large number of attack data packets to the victim host, consuming the resources of the target host and making the target host unable to provide services for legitimate users normally. DDoS attacks are simple to launch and highly harmful, making it difficult to be accurately and quickly detected and defended against. [0003] Due to the characteristics of the SDN ne...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06G06N5/00G06N20/00G06N20/10G06N20/20
CPCH04L63/1458G06N20/00G06N20/10G06N20/20G06N5/01
Inventor 张三妞张智斌谢汶锦李红莉徐玄骥
Owner KUNMING UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com