计算机科学 ›› 2022, Vol. 49 ›› Issue (6A): 555-561.doi: 10.11896/jsjkx.210800095

• 信息安全 • 上一篇    下一篇

基于Renyi熵和BiGRU算法实现SDN环境下的DDoS攻击检测方法

杨亚红, 王海瑞   

  1. 昆明理工大学 昆明 650504
  • 出版日期:2022-06-10 发布日期:2022-06-08
  • 通讯作者: 杨亚红(1874186414@qq.com)

DDoS Attack Detection Method in SDN Environment Based on Renyi Entropy and BiGRU Algorithm

YANG Ya-hong, WANG Hai-rui   

  1. Kunming University of Science and Technology,Kunming 650504,China
  • Online:2022-06-10 Published:2022-06-08
  • About author:YANG Ya-hong,born in 1993,postgra-duate.Her main research interest is cyber security.

摘要: 基于双向的门控循环单元(Bidirectional Gated Recurrent Unit,BiGRU)网络能够解决传统RNN模型存在的梯度消失或梯度爆炸问题,文中提出了一种基于Renyi熵和BiGRU算法实现SDN(Software Defined Network)环境下的DDoS攻击检测方法,首先应用Renyi熵进行异常流量检测,检测划分为正常、异常两种结果,检测为异常的流量将应用BiGRU(bi-gatedrecurrentunit,BiGRU)算法进行攻击检测;然后利用交换机收集流表信息,提取了6个特征向量作为攻击检测的特征向量,最后通过Mininet 模拟SDN的网络拓扑结构,基于控制器OpenDaylight完成检测。实验结果表明:相比SVM和BPNN神经网络检测算法,所提检测方案的检测准确率和识别率更高,有较好的综合检测能力。

关键词: 分布式拒绝服务攻击, 攻击检测BiGRU算法, 软件自定义网络

Abstract: Based on the bidirectional gated recurrent unit,BiGRU network can solve the gradient disappearance or gradient explosion problem of the traditional RNN model,a DDoS attack detection method in SDN environment based on Renyi entropy and bigru algorithm is proposed.First of all,the abnormal flow detection is carried out by Renyi entropy,and the detection is divided into normal and abnormal results.Traffic detected as abnormal will be detected using the BiGRU algorithm.Then,the switch is used to collect flow meter information,6 feature vectors are extracted as the characteristic vectors of attack detection.Finally,the network topology of the SDN is simulated by Minet,which is based on the controller OpenDaylight.The experimental results show that compared with SVM and BPNN neural network detection algorithm,the proposed detection scheme has improved detection accuracy,higher recognition rate and better comprehensive detection capability.

Key words: Attack detection, BiGRU algorithm, Distributed denial of service attack, Software custom network

中图分类号: 

  • TP393
[1] HUAWEI:Special Report on Botnets and DDoS Attacks in 2013[EB/OL].https://wenku.baidu.com/view/be2c30aa700abb68a982fb80.html.
[2] POLAT H,POLAT O,CETIN A.Detecting DDoS Attacks in Software-Defined Networks Through Feature Selection Methods and Machine Learning Models[J].Sustainability,2020,12(3):1035.
[3] MOUSAVI S MST-HILAIRE M.Early detection of DDoS attacks against sdn controllers[C]//Proceedings of the 2015 International Conference on Computing,Networking and Communications(ICNC).IEEE,Garden Grove,CA,USA,2015:77-81.
[4] ALBAHAR M A.Recurrent Neural Network Model Based on a New RegularizationTechnique for Real-Time Intrusion Detection in SDN Environments[J].Security and Communication Networks,2019(11):1-9.
[5] DONG P,DU X,ZHANG H,et al.A detection method for a novel DDoS attack against SDN controllers by vast new low-traffic flows[C]//2016 IEEE International Conference on Communications(ICC).IEEE,2016:1-6.
[6] OENA A.A DDoS attack behavior detection method based on deep learning[J].arXiv:1601.04033,2016.
[7] MCKEOWN N,ANDERSON T,BALAKRISHNAN H,et al.OpenFlow:enabling innovation in campus networks[J].ACM SIGCOMM Computer Communicatiion Review,2008,38(2):69-74.
[8] ZYCZKOWSKI K.Renyiextrapolation of Shannonentropy[J].Physics,2003,10(3):297-310.
[9] KE X.Application Research of Hybrid Model of HMM andDNN in L_DDoS Attack Detection[D].Wuhan:South-Central University for Nationalities, 2019.
[10] YAN R,ZHENG Q,PENG W.Multi-scaleentropy and Renyicrossentropy based traffic anomaly detection[C]//IEEE.InternationalConferenceon Communication Systems(ICCS).Singapore:IEEE,2008:554-558.
[11] CHEN Z Z.Human posture prediction based on gated recurrent neural network[D].Shenyang:Shenyang University of Techno-logy,2020.
[12] ZHANG Q Q.Research on SDN-based DDoS Attack Detection Technology[J].Software Guide,2019,18(7):205-208.
[13] LIU Z P,HE Y P,WANG W S,et al.DDoS attack detection scheme in SDN environment[J].Journal of Wuhan University(Science Edition),2019(2):71-77.
[14] ZHANG L,WANG J S.DDoS attack detection model based on information entropy and DNN in SDN[J].Computer Research and Development,2019(5):5-14.
[1] 危美林,张明清,唐 俊,孔红山.
基于MAS的复杂网络安全形式化建模
Formal Modeling of Complex Network Security Based on MAS
计算机科学, 2015, 42(3): 102-105. https://doi.org/10.11896/j.issn.1002-137X.2015.03.021
[2] 张洪豪,王劲松,黄玮,赵祥麟.
面向未来互联网的基于Capabilities的DDoS防御体系研究
Capabilities-based DDoS Defense Architecture for Future Internet
计算机科学, 2014, 41(7): 210-215. https://doi.org/10.11896/j.issn.1002-137X.2014.07.044
[3] 黎忠文,吴成宾,许晓晨.
基于Linux高速报文捕获平台的DDoS入侵检测系统的研究
Research on DDoS Intrusion Detection System Based on Linux High Speed Packet Capturing Platform
计算机科学, 2014, 41(4): 159-162.
[4] 王睿.
一种基于回溯的Web上应用层DDOS检测防范机制
Mechanism of Detecting and Preventing Application Layer DDOS Attack Based on Traceback
计算机科学, 2013, 40(Z11): 175-177.
[5] 徐图 何大可.
深度检测DDoS攻击

计算机科学, 2008, 35(12): 94-97.
[6] 罗光春 卢显良.
一种针对DDoS攻击的新型防护机制研究

计算机科学, 2006, 33(3): 101-104.
[7] 黄勤 廖伟 刘益良 李楠 杨洁.
一种针对SYN-Flooding攻击的防范方法

计算机科学, 2005, 32(10): 84-86.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!