DDoS attack detection and defense based on hybrid deep learning model in SDN

被引：0

作者：

Li C. ^{[1
]}

Wu Y. ^{[1
]}

Qian Z. ^{[1
]}

Sun Z. ^{[1
]}

Wang W. ^{[1
]}

机构：

[1] School of Information and Electronic Engineering, Zhejiang Gongshang University, Hangzhou

来源：

| 2018年 / Editorial Board of Journal on Communications卷 / 39期

基金：

国家重点研发计划;

关键词：

Attack detection; Deep learning; Distributed denial of service; Software defined network;

D O I：

10.11959/j.issn.1000-436x.2018128

中图分类号：

学科分类号：

摘要：

Software defined network (SDN) is a new kind of network technology, and the security problems are the hot topics in SDN field, such as SDN control channel security, forged service deployment and external distributed denial of service (DDoS) attacks. Aiming at DDoS attack problem of security in SDN, a DDoS attack detection method called DCNN-DSAE based on deep learning hybrid model in SDN was proposed. In this method, when a deep learning model was constructed, the input feature included 21 different types of fields extracted from the data plane and 5 extra self-designed features of distinguishing flow types. The experimental results show that the method has high accuracy, it's better than the traditional support vector machine (SVM) and deep neural network (DNN) and other machine learning methods. At the same time, the proposed method can also shorten the processing time of classification detection. The detection model is deployed in SDN controller, and the new security policy is sent to the OpenFlow switch to achieve the defense against specific DDoS attack. © 2018, Editorial Board of Journal on Communications. All right reserved.

引用

页码：176 / 187

页数：11

共 21 条

[1] Yan Q., Yu F.R., Gong Q., Et al., Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: a survey, some research issues, and challenges, IEEE Communications Surveys & Tutorials, 18, 1, pp. 602-622, (2016)
[2] 2017-2018 global application & network security report, (2018)
[3] [State of the Internet]/security Q42017 executive summary, (2017)
[4] Voellmy A., Wang J., Scalable software defined network controllers, ACM SIGCOMM Computer Communication Review, 42, 4, pp. 289-290, (2012)
[5] Peng T., Leckie C., Ramamohanarao K., Survey of network-based defense mechanisms countering the DoS and DDoS problems, ACM Computing Surveys, 39, 1, (2007)
[6] Mirkovic J., Martin J., Reiher P., A taxonomy of DDoS attacks and DDoS defense mechanisms, ACM SIGCOMM Computer Communication Review, 34, 2, pp. 39-53, (2001)
[7] Li D., Li J., Huang J., Et al., Recent advances in deep learning for speech research at Microsoft, 2013 IEEE International Conference on Acoustics, Speech and Signal Processing, pp. 8604-8608, (2013)
[8] Yu K., Large-scale deep learning at Baidu, 22nd ACM International Conference on Information & Knowledge Management, pp. 2211-2212, (2013)
[9] Yang Y.W., Yang J.Y., Sun Y.M., Defense study and implementation mechanism of distributed denial of service attack, Computer Engineering and Design, 25, 5, pp. 657-660, (2004)
[10] Meng J.T., Feng D.G., Xue R., Et al., Distributed denial of service attacks: principle and defense, Journal of the Graduate School of the Chinese Academy of Sciences, 21, 1, pp. 90-94, (2004)

← 1 2 3 →