Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

DDoS attack detection method in an SDN environment based on a Renyi entropy and a BiGRU algorithm

A technology of attack detection and algorithm, applied in the field of DDoS attack detection and network information security, can solve the problem of long training time

Active Publication Date: 2021-09-10
KUNMING UNIV OF SCI & TECH
View PDF0 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Ashraf et al. proposed a DDoS attack detection research based on a deep learning hybrid model in SDN. This model combines the characteristics of the DNN model and the CNN neural network model, reduces the number of neurons and network parameters, and prevents the parameters in the CNN algorithm. The overfitting problem caused by too many, although the accuracy of DDoS detection is improved, but the training time is too long

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DDoS attack detection method in an SDN environment based on a Renyi entropy and a BiGRU algorithm
  • DDoS attack detection method in an SDN environment based on a Renyi entropy and a BiGRU algorithm
  • DDoS attack detection method in an SDN environment based on a Renyi entropy and a BiGRU algorithm

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0075] Embodiment 1: as figure 1 As shown, a DDoS attack detection method in an SDN environment based on Renyi entropy and BiGRU algorithm, first collects flow table information data, then performs feature extraction and data preprocessing, further trains the BiGRU model, and finally performs anomaly detection judgment and attack Detection and judgment.

[0076] The specific steps are:

[0077] (1) Collect flow table information data. The flow table data includes normal traffic data and abnormal traffic data. Python scripts are used to generate traffic data in real time. The normal traffic training samples are generated by the normal network access of the source host, and the DDoS attack tool Hping3 or other tools are used to generate abnormal traffic.

[0078] (2) Feature extraction and data preprocessing. Perform preprocessing on the data collected in step 1), and perform normalization processing on the data when calculating features with large weights. If the input algor...

Embodiment 2

[0097] Embodiment 2: Adopt the method as shown in embodiment 1 in the present embodiment to carry out the DDoS attack detection under the SDN environment, concrete implementation steps are as follows:

[0098] Use the Mininet simulation platform, OpenvSwitch switch and Floodlight controller to build the SDN simulation environment, the SDN network topology model diagram is as follows figure 2 shown.

[0099] Use the TensorFlow open source deep learning framework to complete the training of the BiGRU detection model. The training flow chart is as follows: image 3 As shown, the activation function and loss function are used for optimization during training, and the function diagrams are respectively Figure 4 and Figure 5 shown.

[0100] Deploy the attack detection module at the application layer in the SDN architecture, and then simulate normal network background traffic and DDoS attack traffic for detection. The Renyi entropy curve of normal traffic and DDoS abnormal traf...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a DDoS attack detection method in an SDN environment based on a Renyi entropy and a BiGRU algorithm, and belongs to the technical field of network information security. Firstly, an OpenFlow switch is utilized to collect flow table information, six feature vectors are extracted from the collected data to serve as feature vectors of attack detection, then Renyi entropy is applied to carry out abnormal flow detection, and detection is divided into a normal result and an abnormal result. And if the flow is detected to be abnormal, attack detection is carried out on the traffic by applying a BiGRU (Bi-gated recurrent unit, BiGRU) algorithm. According to the invention, the Renyi entropy comprises multiple types of entropies, so that more complex conditions can be dealt with in the initial detection process. According to the invention, the BiGRU model is applied to solve the problem of gradient disappearance or gradient explosion of a traditional RNN along with increase of the sequence length, and bidirectional propagation is achieved; the output layer has complete past and future information of each point in the input sequence; the training parameters are few, the convergence time is short, and the detection rate of the DDoS attack in the SDN network is improved.

Description

technical field [0001] The invention relates to a DDoS attack detection method in an SDN environment based on Renyi entropy and a BiGRU algorithm, which belongs to the category of network information security. Background technique [0002] Distributed denial of service attack (DDoS) is one of the main threats facing the Internet. How to quickly and accurately detect and effectively defend against DDoS attacks has always been a research hotspot in the field of network information security. In recent years, DDoS attacks have intensified, and both the controlled host and the attack target are increasingly showing a large-scale and diversified trend. Frequent DDoS attacks have caused significant economic losses to the whole society. Defense technology against DDoS attacks has gradually attracted widespread attention from academia and industry, and has become a research hotspot in the field of network security. [0003] The DDoS detection and defense work under the traditional ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06K9/62G06N3/04G06N3/08
CPCG06F21/56G06N3/084G06N3/048G06N3/045G06F18/211G06F18/2415Y02D30/50
Inventor 王海瑞杨亚红
Owner KUNMING UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com