Journal of Computer Applications ›› 2020, Vol. 40 ›› Issue (3): 753-759.DOI: 10.11772/j.issn.1001-9081.2019091611

• Cyber security • Previous Articles     Next Articles

Distributed denial of service attack detection method based on software defined Internet of things

LIU Xiangju, LIU Pengcheng, XU Hui, ZHU Xiaojuan   

  1. College of Computer Science and Engineering, Anhui University of Science and Technology, Huainan Anhui 232001, China
  • Received:2019-09-23 Revised:2019-10-22 Online:2020-03-10 Published:2017-07-20
  • Supported by:
    This work is partially supported by the National Natural Science Foundation of China (51504010, 61404001), the Key Natural Science Research Project of Anhui Provincial Universities (KJ2014ZD12), the Huainan Science and Technology Project (2013A4011).


刘向举, 刘鹏程, 徐辉, 朱晓娟   

  1. 安徽理工大学 计算机科学与工程学院, 安徽 淮南 232001
  • 通讯作者: 刘鹏程
  • 作者简介:刘向举(1978-),男,黑龙江双城人,副教授,硕士,主要研究方向:物联网、智能控制;刘鹏程(1995-),男,安徽阜阳人,硕士研究生,主要研究方向:物联网、软件定义网络;徐辉(1979-),男,安徽淮南人,副教授,博士,主要研究方向:嵌入式系统综合与测试、高可靠性集成电路设计与容错;朱晓娟(1978-),女,安徽淮南人,副教授,博士,主要研究方向:无线传感器网络。
  • 基金资助:

Abstract: Due to the large number, wide distribution and complex environments of Internet of Things (IoT) devices, IoT is more vulnerable to DDoS (Distributed Denial of Service) attacks than traditional networks. Concerning this problem, a Distributed Denial of Service (DDoS) attack detection method based on Equal Length of Value Range K-means (ELVR-Kmeans) algorithm in Software Defined IoT (SD-IoT) architecture was proposed. Firstly, the centralized control characteristic of the SD-IoT controller was used to extract the flow tables of the OpenFlow switch to analyze the DDoS attack traffic characteristics in SD-IoT environment and extract the seven-tuple features related to the DDoS attack traffic. Secondly, the obtained flow tables were classified by the ELVR-Kmeans algorithm to detect whether a DDoS attack had occurred. Finally, the simulation experiment environment was built to test the detection rate, accuracy and error rate of the method. The simulation results show that the proposed method can effectively detect DDoS attacks in SD-IoT environment with detection rate and accuracy of 96.43% and 98.71% respectively, and error rate of 1.29%.

Key words: Software Defined Internet of Things (SD-IoT), Distributed Denial of Service (DDoS) attack, Equal Length of Value Range K-means (ELVR-Kmeans) algorithm, seven-tuple feature, attack detection

摘要: 由于物联网(IoT)设备众多、分布广泛且所处环境复杂,相较于传统网络更容易遭受分布式拒绝服务(DDoS)攻击,针对这一问题提出了一种在软件定义物联网(SD-IoT)架构下基于均分取值区间长度-K均值(ELVR-Kmeans)算法的DDoS攻击检测方法。首先,利用SD-IoT控制器的集中控制特性通过获取OpenFlow交换机的流表,分析SD-IoT环境下DDoS攻击流量的特性,提取出与DDoS攻击相关的七元组特征;然后,使用ELVR-Kmeans算法对所获取的流表进行分类,以检测是否有DDoS攻击发生;最后,搭建仿真实验环境,对该方法的检测率、准确率和错误率进行测试。实验结果表明,该方法能够较好地检测SD-IoT环境中的DDoS攻击,检测率和准确率分别达到96.43%和98.71%,错误率为1.29%。

关键词: 软件定义物联网, 分布式拒绝服务攻击, 均分取值区间长度-K均值算法, 七元组特征, 攻击检测

CLC Number: