计算机科学

计算机科学 ›› 2024, Vol. 51 ›› Issue (11): 389-399.doi: 10.11896/jsjkx.230900028

• 信息安全 • 上一篇    下一篇

SDN中基于统计与集成自编码器的DDoS攻击检测模型

李春江1, 尹少平1, 池浩田1, 杨静1,3, 耿海军1,2,3   

  1. 1 山西大学自动化与软件学院 太原 030006
    2 山西大学计算机与信息技术学院 太原 030006
    3 山西大学大数据科学与产业研究院 太原 030006
  • 收稿日期:2023-09-04 修回日期:2024-03-03 出版日期:2024-11-15 发布日期:2024-11-06
  • 通讯作者: 耿海军(genghaijun@sxu.edu.cn)
  • 作者简介:(chunjiangli18@163.com)
  • 基金资助:
    山西省应用基础研究计划(20210302123444);山西省高等学校科技创新项目(2022L002);中国高校产学研创新基金项目(2021FNA02009);国家自然科学基金(61702315);山西省重点研发计划(201903D421003,202202020101004);国家重点研发计划(2018YFB1800401)

DDoS Attack Detection Model Based on Statistics and Ensemble Autoencoders in SDN

LI Chunjiang1, YIN Shaoping1, CHI Haotian1, YANG Jing1,3, GENG Haijun1,2,3   

  1. 1 School of Automation and Software Engineering,Shanxi University,Taiyuan 030006,China
    2 School of Computer and Information Technology,Shanxi University,Taiyuan 030006,China
    3 Industry of Big Data Science and Industry,Shanxi University,Taiyuan 030006,China
  • Received:2023-09-04 Revised:2024-03-03 Online:2024-11-15 Published:2024-11-06
  • About author:LI Chunjiang,born in 1998,master candidate.His main research interests include anomaly traffic detection and software defined networking.
    GENG Haijun,born in 1983,Ph.D,associate professor.His main research intere-sts include network architecture and routing algorithm.
  • Supported by:
    Fundamental Research Program of Shanxi Province(20210302123444),Scientific and Technological Innovation Programs of Higher Education Institutions in Shanxi(2022L002),Ministry of Education(CN) Industry-University-Research Innovation Fund(2021FNA02009),National Natural Science Foundation of China(61702315),Key Research and Development Program of Shanxi Province(201903D421003,202202020101004) and National Key Research and Development Program of China(2018YFB1800401).

PDF (PC)

226

摘要: 软件定义网络(Software-defined Networking,SDN)是一种提供细颗粒集中网络管理服务的新型网络体系结构,主要有控制与转发分离、集中控制和开放接口基本特征。SDN由于控制层的集中管理逻辑,控制器被攻击者作为理想的分布式拒绝服务攻击(Distributed Denial-of-Service,DDoS)目标。然而,传统的基于统计的DDoS攻击检测算法常存在误报率高、阈值固定等问题;基于机器学习模型的检测算法常存在计算资源消耗大、泛化性差等问题。为此,文中提出了一种基于统计特征与集成自编码器的DDoS攻击双层检测模型。基于统计的方法提取Rényi熵特征,设置动态阈值判断可疑流量;基于集成自编码器算法对可疑流量进行更精确的DDoS攻击判断。双层检测模型不仅提升了检测效果,解决了误报率高的问题,同时还有效地缩短了检测时间,从而减少了计算资源的消耗。实验结果表明,该模型在不同网络环境下都有较高的准确率,不同数据集检测的F1值最低都达到了98.5%以上,表现出了很强的泛化性。

关键词: 软件定义网络, 分布式拒绝服务攻击, Rényi熵, 动态阈值, 自编码器

Abstract: Software-defined networking(SDN) is a novel network architecture that provides fine-grained centralized network management services.It is characterized by control and forwarding separation,centralized control,and open interface characteristics.Due to the centralized management logic of the control layer,controllers have becom the prime targets for distributed denial-of-service(DDoS)attacks.Traditional statistics-based DDoS attack detection algorithms often have problems such as high false-positive rates and fixed thresholds,while detection algorithms based on machine learning models are often involved in substantial computational resource consumption and poor generalization.To address these challenges,this study proposes a two-tier DDoS attack detection model based on statistical features and ensemble autoencoders.The statistics-based method extracts Rényi entropy features and sets a dynamic threshold to judge suspicious traffic.The ensemble autoencoder algorithm is then applied for a more accurate DDoS attack judgment of suspicious traffic.The double-layered model not only enhances detection performance and solves the problem of high false alarm rates,but also effectively shortens the detection time,thereby reducing the consumption of computational resources.Experimental results show that the model achieves high accuracy in different network environments,with the lowest F1 score on various datasets is more than 98.5%,demonstrating a strong generalization capability.

Key words: Software-defined networking, Distributed denial-of-service(DDoS), Rényi entropy, Dynamic threshold, Autoencoder

中图分类号: 

  • TP393
[1] KREUTZ D,RAMOS F M V,VERISSIMO P E,et al.Software-defined networking:A comprehensive survey[J].Proceedings of the IEEE,2014,103(1):14-76.
[2] FEAMSTER N,REXFORD J,ZEGURA E.The road to SDN:an intellectual history of programmable networks[J].ACM SIGCOMM Computer Communication Review,2014,44(2):87-98.
[3] ORDONEZ-LUCENA J,AMEIGEIRAS P,LOPEZ D,et al.Network slicing for 5G with SDN/NFV:Concepts,architectures,and challenges[J].IEEE Communications Magazine,2017,55(5):80-87.
[4] YANG M,LI Y,JIN D,et al.OpenRAN:a software-defined ran architecture via virtualization[J].ACM SIGCOMM computer communication review,2013,43(4):549-550.
[5] TRIVISONNO R,GUERZONI R,VAISHNAVI I,et al.SDN-based 5G mobile networks:architecture,functions,procedures and backward compatibility[J].Transactions on Emerging Telecommunications Technologies,2015,26(1):82-92.
[6] LI D,CHEN G H,REN F Y,et al.Data Center Network Research Progress and Trends[J].Chinese Journal of Computers,2014,37(2):259-274.
[7] SON J,BUYYA R.A taxonomy of software-defined networking(SDN)-enabled cloud computing[J].ACMComputing Surveys(CSUR),2018,51(3):1-36.
[8] WANG M M,LIU J W,CHEN J,et al.Software Defined Networking:Security Model,Threats and Mechanism[J].Journal of Software,2016,27(4):970-987.
[9] DEB R,ROY S.A comprehensive survey of vulnerability and information security in SDN[J].Computer Networks,2022,206:108802.
[10] BAWANY N Z,SHAMSI J A,SALAH K.DDoS attack detection and mitigation using SDN:methods,practices,and solutions[J].Arabian Journal for Science and Engineering,2017,42:425-441.
[11] LIU Z,JIN H,HU Y C,et al.Practical proactive DDoS-attack mitigation via endpoint-driven in-network traffic control[J].IEEE/ACM Transactions on Networking,2018,26(4):1948-1961.
[12] BHATIA S,BEHAL S,AHMED I.Distributed denial of service attacks and defense mechanisms:current landscape and future directions[J].Versatile Cybersecurity,2018:55-97.
[13] KAUR S,KUMAR K,AGGARWAL N,et al.A comprehensive survey of DDoS defense solutions in SDN:Taxonomy,research challenges,and future directions[J].Computers & Security,2021,110:102423.
[14] REVATHI M,RAMALINGAM V V,AMUTHA B.A machine learning based detection and mitigation of the DDOS attack by using SDN controller framework[J].Wireless Personal Communications,2022,127(3):2417-2441.
[15] TAYFOUR O E,MARSONO M N.Collaborative detection and mitigation of DDoS in software-defined networks[J].The Journal of Supercomputing,2021,77:13166-13190.
[16] NOORIBAKHSH M,MOLLAMOTALEBI M.A review on statistical approaches for anomaly detection in DDoS attacks[J].Information Security Journal:A Global Perspective,2020,29(3):118-133.
[17] JIA K,WANG J N,LIU F.DDoS detection and mitigationFramework in SDN[J].Journal of Cyber Security,2021,6(1):17-31
[18] WANG R,JIA Z,JU L.An entropy-based distributed DDoS detection mechanism in software-defined networking[C]//2015 IEEE Trustcom/BigDataSE/ISPA.IEEE,2015,1:310-317.
[19] LIU Z,HU C,SHAN C.Riemannian manifold on stream data:Fourier transform and entropy-based DDoS attacks detection method[J].Computers & Security,2021,109:102392.
[20] FOULADI R F,ERMI O,ANARIM E.A DDoS attack detection and countermeasure scheme based on DWT and auto-encoder neural network for SDN[J].Computer Networks,2022,214:109140.
[21] ZHAO P,ZHAO W T,FU Z J,et al.SDN self-protection system based on Renyi entropy[J].Chinese Journal of Network and Information Security,2021,7(3):85-94.
[22] SWAMI R,DAVE M,RANGA V.Defending DDoS against software defined networks using entropy[C]//2019 4th International Conference on Internet of Things:Smart Innovation and Usages(IoT-SIU).IEEE,2019:1-5.
[23] MIRSKY Y,DOITSHMAN T,ELOVICI Y,et al.Kitsune:anensemble of autoencoders for online network intrusion detection[J].arXiv:1802.09089,2018.
[24] CHETOUANE A,KAROUI K.A survey of machine learning methods for DDoS threats detection against SDN[C]//Distributed Computing for Emerging Smart Networks:Third International Workshop,DiCES-N 2022,Bizerte,Tunisia.Springer International Publishing,2022:99-127.
[25] TSOBDJOU L D,PIERRE S,QUINTERO A.An online entropy-based DDoS flooding attack detection system with dynamic threshold[J].IEEE Transactions on Network and Service Ma-nagement,2022,19(2):1679-1689.
[26] AHALAWAT A,BABU K S,TURUK A K,et al.A low-rate DDoS detection and mitigation for SDN using Rényi Entropy with Packet Drop[J].Journal of Information Security and Applications,2022,68:103212.
[27] FOULADI R F,ERMI O,ANARIM E.A DDoS attack detection and defense scheme using time-series analysis for SDN[J].Journal of Information Security and Applications,2020,54:102587.
[28] ISA M M,MHAMDI L.Hybrid Deep Autoencoder with Random Forest in Native SDN Intrusion Detection Environment[C]//ICC 2022-IEEE International Conference on Communications.IEEE,2022:1698-1703.
[29] TAN L,PAN Y,WU J,et al.A new framework for DDoS attack detection and defense in SDN environment[J].IEEE Access,2020,8:161908-161919.
[30] WANG L,LIU Y.A DDoS attack detection method based on information entropy and deep learning in SDN[C]//2020 IEEE 4th Information Technology,Networking,Electronic and Automation Control Conference(ITNEC).IEEE,2020,1:1084-1088.
[31] ZHANG L,WANG J S.DDoS Attack Detection Model Based on Information Entropy and DNN in SDN[J].Journal of Computer Research and Development,2019,56(5):909-918.
[32] WANG T,GUO Z,CHEN H,et al.BWManager:Mitigating denial of service attacks in software-defined networks through bandwidth prediction[J].IEEE Transactions on Network and Service Management,2018,15(4):1235-1248.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发