Two-stage DDoS attack detection and defense method in software defined network

A software-defined network and attack detection technology, applied in the field of network security, can solve the problems of switches discarding normal data packets, less overhead, exhaustion of controller resources, etc., and achieve good classification effects, load reduction, and high real-time effects

Active Publication Date: 2022-05-17
HUAZHONG UNIV OF SCI & TECH
View PDF6 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Current research often ignores the problem of controller resource exhaustion caused by cyber attacks
[0006]2. In the SDN network environment, due to the particularity of the controller, in addition to DDoS attacks, other malicious attacks such as Probe attacks and R2L attacks will also cause a large number of data packets Uploaded to the controller, causing a unique DDoS attack on the controller under the SDN network, threatening the security of the controller
Attacks involved in current research work do not take into account the diversity of attack types in SDN networks
[000...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Two-stage DDoS attack detection and defense method in software defined network
  • Two-stage DDoS attack detection and defense method in software defined network
  • Two-stage DDoS attack detection and defense method in software defined network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0054] A two-level DDoS attack detection and defense method in a software-defined network, such as figure 1 shown, including the following steps:

[0055] S1. Collect switch flow table data, and extract direct features and derived features;

[0056] Specifically, every preset period (in this embodiment, the preset period is 5 seconds), the flow table information of the switch is collected through the northbound interface of the controller, and the flow table data collection flow chart based on the northbound interface is as follows figure 2 As shown, and extract the direct features of the flow table and the derived features of the flow table, and then perform missing value processing, One-Hot encoding, and data standardization preprocessing operations on the extracted features, specifically:

[0057] The collected flow table data types include normal traffic types and three types of attack traffic types: DDoS attack type, Probe attack type, and R2L attack type;

[0058] The...

Embodiment 2

[0084] The present invention provides a two-level DDoS attack detection and defense system in a software-defined network, including:

[0085] The collection and extraction module is used to collect switch flow table data, and extract direct features and derived features;

[0086] The first-level detection module is used to calculate the direct feature and the derived feature by using a statistical algorithm. If an attack is detected, perform the operation of the first-level defense module; otherwise, end the operation;

[0087] The first-level defense module is used to encapsulate the detected attack port to generate a coarse-grained flow table defense rule, and discard the data packet on the attack port to protect the security of the controller;

[0088] The secondary detection module is used to calculate the direct feature and the derived feature by using a classification algorithm to determine the type of attack;

[0089] The secondary defense module is configured to gener...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a two-stage DDoS (Distributed Denial of Service) attack detection and defense method in a software defined network, which is characterized in that switch flow table data is acquired based on a northbound interface of a controller, direct features and derived features are extracted, a two-stage attack detection algorithm is designed by adopting an SPRT (Sequential Probability Ratio Test) and a Light Gradient Boosting Machine (Lightweight GBM) for attack detection, and the two-stage DDoS attack detection and defense method is applied to the software defined network. The SPRT first-level attack detection algorithm is used for quickly positioning an attack port in the early stage of an attack, the LightGBM second-level attack detection algorithm is used for specifically classifying the attack, attack defense filters attack traffic in real time by issuing a flow table rule, and a coarse-grained rule is used for quickly responding to the attack, so that the safety of a controller is protected; and the fine-grained rule is used for defending against a specific type of attack to prevent filtering of normal communication traffic, so that the security of the SDN network can be effectively protected when the DDoS attack occurs.

Description

technical field [0001] The invention belongs to the network security field of network attack detection and defense, and more specifically relates to a two-stage DDoS attack detection and defense method in a software-defined network. Background technique [0002] In traditional networks, network devices integrate a control plane with routing decision-making functions and a data plane for forwarding network traffic, and network operators need to independently configure traffic policies on each network device. In recent years, with the rapid development of the Internet, the traditional network structure has made the deployment and management of the traditional network more and more complicated and difficult. A more flexible and open network architecture is urgently needed, and the concept of SDN came into being. SDN is a new type of network architecture, including application plane, control plane and data plane. The biggest difference between SDN and traditional networks is th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L9/40G06K9/62
CPCH04L63/1458H04L63/1416H04L63/1425H04L63/0227G06F18/24323
Inventor 于俊清李自尊
Owner HUAZHONG UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap