《计算机应用》唯一官方网站 ›› 2022, Vol. 42 ›› Issue (4): 1301-1307.DOI: 10.11772/j.issn.1001-9081.2021061100

• 网络空间安全 • 上一篇    

软件定义网络环境下的低速率拒绝服务攻击检测方法

刘向举, 路小宝(), 方贤进, 尚林松   

  1. 安徽理工大学 计算机科学与工程学院,安徽 淮南 232001
  • 收稿日期:2021-06-25 修回日期:2021-09-13 接受日期:2021-09-28 发布日期:2021-10-18 出版日期:2022-04-10
  • 通讯作者: 路小宝
  • 作者简介:刘向举(1978—),男,黑龙江双城人,副教授,硕士,主要研究方向:物联网、软件定义网络、智能控制
    方贤进(1970—),男,安徽舒城人,教授,博士,主要研究方向:网络与信息安全、智能计算
    尚林松(1996—),男,安徽淮南人,硕士研究生,主要研究方向:软件定义网络、可编程数据平面。
  • 基金资助:
    国家自然科学基金资助项目(61572034);安徽省科技重大专项(18030901025)

Low-rate denial-of-service attack detection method under software defined network environment

Xiangju LIU, Xiaobao LU(), Xianjin FANG, Linsong SHANG   

  1. School of Computer Science and Engineering,Anhui University of Science and Technology,Huainan Anhui 232001,China
  • Received:2021-06-25 Revised:2021-09-13 Accepted:2021-09-28 Online:2021-10-18 Published:2022-04-10
  • Contact: Xiaobao LU
  • About author:LIU Xiangju, born in 1978, M. S., associate professor. His research interests include Internet of things, software defined network, intelligent control.
    FANG Xianjin, born in 1970, Ph. D., professor. His research interests include network and information security, intelligent computing.
    SHANG Linsong, born in 1996, M. S. candidate. His research interests include software defined network, programmable data plane.
  • Supported by:
    National Natural Science Foundation of China(61572034);Anhui Province Science and Technology Major Special Project(18030901025)

摘要:

低速率拒绝服务(LDoS)攻击是一种拒绝服务(DoS)攻击改进形式,因其攻击平均速率低、隐蔽性强,使得检测LDoS攻击成为难点。针对上述难点,提出了一种在软件定义网络(SDN)的架构下,基于加权均值漂移-K均值算法(WMS-Kmeans)的LDoS攻击检测方法。首先,通过获取OpenFlow交换机的流表信息,分析并提取出SDN环境下LDoS攻击流量的六元组特征;然后,利用平均绝对值百分比误差作为均值漂移聚类中欧氏距离的权值,以此产生的簇心作为K-Means的初始中心对流表进行聚类,从而实现LDoS攻击的检测。实验结果表明:在SDN环境下,所提方法对LDoS攻击具有较好的检测性能,平均检测率达到99.29%,平均误警率和平均漏警率分别为1.97%和0.69%。

关键词: 软件定义网络, 低速率拒绝服务攻击, 加权均值漂移-K均值算法, 攻击检测

Abstract:

Low-rate Denial of Service (LDoS) attack is an improved form of Denial of Service (DoS) attack, which is difficult to detect due to its low average attack rate and strong concealment. To solve the above difficulty, a LDoS attack detection method based on Weighted Mean-Shift K-Means algorithm (WMS-Kmeans) under the architecture of Software-Defined Network (SDN) was proposed. Firstly, by obtaining the flow table information of OpenFlow switch, the six-tuple characteristics of LDoS attack traffic in SDN environment were analyzed and extracted. Then, the percentage error of average absolute value was used as the weight of the Euclidean distance in the mean shift clustering, and the resulting cluster center was used as the initial center of K-Means to cluster the flow table, so as to realize the detection of LDoS attacks. The experimental results show that the proposed method has high detection performance against LDoS attacks in the SDN environment, with an average detection rate of 99.29%, an average false alarm rate of 1.97% and an average missing alarm rate of 0.69%.

Key words: Software Defined Network (SDN), Low-rate Denial of Service (LDoS) attack, Weighted Mean-Shift K-Means (WMS-Kmeans) algorithm, attack detection

中图分类号: