一级黄色片免费播放|中国黄色视频播放片|日本三级a|可以直接考播黄片影视免费一级毛片

高級(jí)搜索

留言板

尊敬的讀者、作者、審稿人, 關(guān)于本刊的投稿、審稿、編輯和出版的任何問(wèn)題, 您可以本頁(yè)添加留言。我們將盡快給您答復(fù)。謝謝您的支持!

姓名
郵箱
手機(jī)號(hào)碼
標(biāo)題
留言?xún)?nèi)容
驗(yàn)證碼

基于對(duì)象特征的軟件定義網(wǎng)絡(luò)分布式拒絕服務(wù)攻擊檢測(cè)方法

姚琳元 董平 張宏科

姚琳元, 董平, 張宏科. 基于對(duì)象特征的軟件定義網(wǎng)絡(luò)分布式拒絕服務(wù)攻擊檢測(cè)方法[J]. 電子與信息學(xué)報(bào), 2017, 39(2): 381-388. doi: 10.11999/JEIT160370
引用本文: 姚琳元, 董平, 張宏科. 基于對(duì)象特征的軟件定義網(wǎng)絡(luò)分布式拒絕服務(wù)攻擊檢測(cè)方法[J]. 電子與信息學(xué)報(bào), 2017, 39(2): 381-388. doi: 10.11999/JEIT160370
YAO Linyuan, DONG Ping, ZHANG Hongke. Distributed Denial of Service Attack Detection Based on Object Character in Software Defined Network[J]. Journal of Electronics & Information Technology, 2017, 39(2): 381-388. doi: 10.11999/JEIT160370
Citation: YAO Linyuan, DONG Ping, ZHANG Hongke. Distributed Denial of Service Attack Detection Based on Object Character in Software Defined Network[J]. Journal of Electronics & Information Technology, 2017, 39(2): 381-388. doi: 10.11999/JEIT160370

基于對(duì)象特征的軟件定義網(wǎng)絡(luò)分布式拒絕服務(wù)攻擊檢測(cè)方法

doi: 10.11999/JEIT160370
基金項(xiàng)目: 

國(guó)家973重點(diǎn)基礎(chǔ)研究發(fā)展計(jì)劃(2013CB329100),國(guó)家863高技術(shù)研究發(fā)展計(jì)劃(2015AA016103),國(guó)家自然科學(xué)基金(61301081),國(guó)家電網(wǎng)公司科技項(xiàng)目([2016]377)

Distributed Denial of Service Attack Detection Based on Object Character in Software Defined Network

Funds: 

The National Key Basic Research Program of China (2013CB329100), The National High Technology Research and Development Program 863 (2015AA016103), The National Natural Science Foundation of China (61301081), SGRIXTJSFW ([2016]377)

  • 摘要: 軟件定義網(wǎng)絡(luò)(SDN)受到分布式拒絕服務(wù)(DDoS)攻擊時(shí),攻擊方會(huì)發(fā)送大量數(shù)據(jù)包,產(chǎn)生大量新的終端標(biāo)識(shí)占用網(wǎng)絡(luò)連接資源,影響網(wǎng)絡(luò)正常運(yùn)轉(zhuǎn)。為準(zhǔn)確發(fā)現(xiàn)受攻擊對(duì)象,檢測(cè)被占用資源,利用GHSOM技術(shù),該文提出基于對(duì)象特征的DDoS攻擊檢測(cè)方法。首先,結(jié)合SDN網(wǎng)絡(luò)及攻擊特點(diǎn),提出基于目的地址的檢測(cè)7元組,并以此作為判斷目標(biāo)地址是否受到DDoS攻擊的檢測(cè)元素;然后,采用模塊化設(shè)計(jì),將GHSOM算法應(yīng)用于SDN網(wǎng)絡(luò)DDoS攻擊的分析檢測(cè)中,并在OpenDayLight的仿真平臺(tái)上完成了仿真實(shí)驗(yàn)。實(shí)驗(yàn)結(jié)果顯示,該文提出的檢測(cè)7元組可有效檢測(cè)目標(biāo)對(duì)象是否受到DDoS攻擊。
    Abstract: During the Distributed Denial of Service (DDoS) attack happening in Software Defined Network (SDN) network, the attackers send a large number of data packets. Large quantities of new terminal identifiers are generated. Accordingly, the network connection resources are occupied, obstructing the normal operation of the network. To detect the attacked target accurately, and release the occupied resources, a DDoS attack detection method based on object features with the GHSOM technology is provided. First, the seven-tuple is proposed for detection to determine whether the target address is under attack by DDoS. Then, a simulation platform is built, which is based on the OpenDayLight controller. GHSOM algorithm is applied to the network. Simulation experiments are performed to validate the feasibility of the detection method. The results show that the seven-tuple for detection can effectively confirm whether the target object is under a DDoS attack.
    • HTML全文
  • BENSON T, AKELLA A, and MALTZ D A. Unraveling the Complexity of Network Management[C]. 6th USENIX Symposium on Networked Systems Design and Implementation, Boston, MA, USA, 2009: 335-348.
    KREUTZ D, RAMOS F M V, ESTEVES VERISSIMO P, et al. Software-defined networking: A comprehensive survey[J]. Proceedings of the IEEE, 2015, 103(1): 14-76. doi: 10.1109/ jproc.2014.2371999.
    MCKEOWN N. How SDN will shape networking[C]. Open Networking Summit, Palo Alto, CA, USA, 2011: 56-61.
    SHENKER S, CASADO M, KOPONEN T, et al. The future of networking, and the past of protocols[C]. Open Networking Summit, Palo Alto, CA, USA, 2011: 24-29.
    KANDOI R and ANTIKAINEN M. Denial-of-service attacks in OpenFlow SDN networks[C]. 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM), Ottawa, BC, Canada, 2015: 1322-1326. doi: 10.1109/inm.2015.7140489.
    SHIN S, YEGNESWARAN V, PORRAS P, et al. Avant- guard: Scalable and vigilant switch flow management in software-defined networks[C]. Proceedings of the 2013 ACM SIGSAC Conference on Computer Communications Security, Berlin, Germany, 2013: 413-424. doi: 10.1145/ 2508859.2516684.
    ASHRAF J and LATIF S. Handling intrusion and DDoS attacks in software defined networks using machine learning techniques[C]. IEEE 2014 National Software Engineering Conference (NSEC), Event-Karachi, Pakistan, 2014: 55-60. doi: 10. 1109/nsec.2014.6998241.
    楊雅輝, 姜電波, 沈晴霓, 等. 基于改進(jìn)的GHSOM的入侵檢測(cè)研究[J]. 通信學(xué)報(bào), 2011, 32(1): 121-126. doi: 10.3969/j. issn.1000-436X.2011.01.016.
    YANG Yahui, JIANG Dianbo, SHEN Qingni, et al. Research on intrusion detection based on an improved GHSOM[J]. Journal on Communications, 2011, 32(1): 121-126. doi: 10. 3969/j.issn.1000-436X.2011.01.016.
    BRAGA R, MOTA E, and PASSITO A. Lightweight DDoS flooding attack detection using NOX/OpenFlow[C]. IEEE 2010 35th Conference on Local Computer Networks (LCN), Denver, Colorado, USA, 2010: 408-415. doi: 10.1109/lcn. 2010.5735752.
    MOUSAVI S M and ST-HILAIRE M. Early detection of DDoS attacks against SDN controllers[C]. IEEE 2015 International Conference on Computing, Networking and Communications (ICNC), Anaheim, California, USA, 2015: 77-81. doi: 10.1109/iccnc.2015.7069319.
    GIOTIS K, ARGYROPOULOS C, ANDROULIDAKIS G, et al. Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments[J]. Computer Networks, 2014, 6(2): 122-136. doi: 10.1016/j.bjp.2013.10.014.
    PORRAS P, SHIN S, YEGNESWARAN V, et al. A security enforcement kernel for OpenFlow networks[C]. Proceedings of the First Workshop on Hot Topics in Software Defined Networks, Helsinki, Finland, 2012: 121-126. doi: 10.1145/ 2342441.2342466.
    MIHAI-GABRIEL I and VICTOR-VALERIU P. Achieving DDoS resiliency in a software defined network by intelligent risk assessment based on neural networks and danger theory[C]. IEEE 2014 15th International Symposium on Computational Intelligence and Informatics (CINTI), Budapest, Hungary, 2014: 319-324. doi: 10.1109/CINTI. 2014.7028696.
    RAUBER A, MERKL D, and DITTENBACH M. The growing hierarchical self-organizing map: exploratory analysis of high-dimensional data[J]. IEEE Transactions on Neural Networks, 2002, 13(6): 1331-1341. doi: 10.1109/tnn. 2002.804221.
    HUANG S Y and HUANG Y. Network forensic analysis using growing hierarchical SOM[C]. IEEE 2013 13th International Conference on Data Mining Workshops (ICDMW), Brisbane, Australia, 2013: 536-543. doi: 10.1109/icdmw.2013.66.
    html, 2016.
    鮑旭華, 洪海, 曹志華. 破壞之王: DDoS攻擊與防范深度剖析[M]. 北京: 機(jī)械工業(yè)出版社, 2014: 20-76.
    BAO Xuhua, HONG Hai, AND CAO Zhihua. The King of Destruction: DDoS Attact and Defense Depth Analysis[M]. Beijing: China Machine Press, 2014: 20-76.
    BORGNAT P, DEWAELE G, FUKUDA K, et al. Seven years and one day: Sketching the evolution of internet traffic[C]. IEEE 2009 INFOCOM, Rio de Janeiro, Brazil, 2009: 711-719. doi: 10.1109/infcom.2009.5061979.
  • 加載中
計(jì)量
  • 文章訪問(wèn)數(shù):  1405
  • HTML全文瀏覽量:  167
  • PDF下載量:  508
  • 被引次數(shù): 0
出版歷程
  • 收稿日期:  2016-04-18
  • 修回日期:  2016-10-19
  • 刊出日期:  2017-02-19

目錄

    /

    返回文章
    返回