Journal of Computer Applications ›› 2022, Vol. 42 ›› Issue (4): 1301-1307.DOI: 10.11772/j.issn.1001-9081.2021061100
Special Issue: 网络空间安全
• Cyber security • Previous Articles Next Articles
Xiangju LIU, Xiaobao LU(), Xianjin FANG, Linsong SHANG
Received:
2021-06-25
Revised:
2021-09-13
Accepted:
2021-09-28
Online:
2021-10-18
Published:
2022-04-10
Contact:
Xiaobao LU
About author:
LIU Xiangju, born in 1978, M. S., associate professor. His research interests include Internet of things, software defined network, intelligent control.Supported by:
通讯作者:
路小宝
作者简介:
刘向举(1978—),男,黑龙江双城人,副教授,硕士,主要研究方向:物联网、软件定义网络、智能控制基金资助:
CLC Number:
Xiangju LIU, Xiaobao LU, Xianjin FANG, Linsong SHANG. Low-rate denial-of-service attack detection method under software defined network environment[J]. Journal of Computer Applications, 2022, 42(4): 1301-1307.
刘向举, 路小宝, 方贤进, 尚林松. 软件定义网络环境下的低速率拒绝服务攻击检测方法[J]. 《计算机应用》唯一官方网站, 2022, 42(4): 1301-1307.
Add to citation manager EndNote|Ris|BibTeX
URL: https://www.joca.cn/EN/10.11772/j.issn.1001-9081.2021061100
组号 | T/s | L/s | R/( |
---|---|---|---|
1 | 1 | 0.2 | 12 |
2 | 1 | 0.2 | 14 |
3 | 1 | 0.1 | 12 |
Tab. 1 Parameters of LDoS attack
组号 | T/s | L/s | R/( |
---|---|---|---|
1 | 1 | 0.2 | 12 |
2 | 1 | 0.2 | 14 |
3 | 1 | 0.1 | 12 |
h | IDR | IFAR | IMAR | ||||||
---|---|---|---|---|---|---|---|---|---|
1 | 2 | 3 | 1 | 2 | 3 | 1 | 2 | 3 | |
0.2 | 100.00 | 98.94 | 98.95 | 3.70 | 2.22 | 0.00 | 0.00 | 1.05 | 1.04 |
0.3 | 97.34 | 97.89 | 98.95 | 3.70 | 0.00 | 0.00 | 2.65 | 2.10 | 1.04 |
0.4 | 97.34 | 96.84 | 96.87 | 0.00 | 0.00 | 0.00 | 2.65 | 3.15 | 3.12 |
0.5 | 96.46 | 96.84 | 96.87 | 0.00 | 0.00 | 0.00 | 3.53 | 3.15 | 3.12 |
0.6 | 90.26 | 95.78 | 96.87 | 0.00 | 0.00 | 0.00 | 9.73 | 4.21 | 3.12 |
0.7 | 90.26 | 94.73 | 96.87 | 0.00 | 0.00 | 0.00 | 9.73 | 5.26 | 3.12 |
Tab. 2 Changes of three evaluation indexes with different h values
h | IDR | IFAR | IMAR | ||||||
---|---|---|---|---|---|---|---|---|---|
1 | 2 | 3 | 1 | 2 | 3 | 1 | 2 | 3 | |
0.2 | 100.00 | 98.94 | 98.95 | 3.70 | 2.22 | 0.00 | 0.00 | 1.05 | 1.04 |
0.3 | 97.34 | 97.89 | 98.95 | 3.70 | 0.00 | 0.00 | 2.65 | 2.10 | 1.04 |
0.4 | 97.34 | 96.84 | 96.87 | 0.00 | 0.00 | 0.00 | 2.65 | 3.15 | 3.12 |
0.5 | 96.46 | 96.84 | 96.87 | 0.00 | 0.00 | 0.00 | 3.53 | 3.15 | 3.12 |
0.6 | 90.26 | 95.78 | 96.87 | 0.00 | 0.00 | 0.00 | 9.73 | 4.21 | 3.12 |
0.7 | 90.26 | 94.73 | 96.87 | 0.00 | 0.00 | 0.00 | 9.73 | 5.26 | 3.12 |
组号 | IDR | IFAR | IMAR |
---|---|---|---|
1 | 97.34 | 0.00 | 2.65 |
2 | 98.94 | 4.44 | 1.05 |
3 | 96.87 | 1.61 | 3.12 |
Tab. 3 K-Means algorithm evaluation index(k=5)
组号 | IDR | IFAR | IMAR |
---|---|---|---|
1 | 97.34 | 0.00 | 2.65 |
2 | 98.94 | 4.44 | 1.05 |
3 | 96.87 | 1.61 | 3.12 |
算法 | IDR | IFAR | IMAR |
---|---|---|---|
K-Means算法 | 97.71 | 2.01 | 2.27 |
本文方法 | 99.29 | 1.97 | 0.69 |
Tab. 4 Comparative in proposed method and K-Means algorithm
算法 | IDR | IFAR | IMAR |
---|---|---|---|
K-Means算法 | 97.71 | 2.01 | 2.27 |
本文方法 | 99.29 | 1.97 | 0.69 |
检测方法 | IDR | IFAR | IMAR |
---|---|---|---|
CUSUM算法 | 96.00 | 8.00 | 4.00 |
MF-Adaboost算法 | 97.32 | 5.87 | 2.68 |
HSMM模型 | 98.00 | 4.00 | 2.00 |
双滑动窗口法 | 98.30 | 1.20 | ― |
本文方法 | 99.29 | 1.97 | 0.69 |
Tab. 5 Different detection methods comparison
检测方法 | IDR | IFAR | IMAR |
---|---|---|---|
CUSUM算法 | 96.00 | 8.00 | 4.00 |
MF-Adaboost算法 | 97.32 | 5.87 | 2.68 |
HSMM模型 | 98.00 | 4.00 | 2.00 |
双滑动窗口法 | 98.30 | 1.20 | ― |
本文方法 | 99.29 | 1.97 | 0.69 |
1 | HE Y X, LIU T, CAO Q, et al. A survey of low-rate denial-of-service attacks[J]. Journal of Frontiers of Computer Science and Technology, 2008, 2(1):1-19. |
2 | MONGELLI M, AIELLO M, CAMBIASO E.et al. Detection of DoS attacks through Fourier transform and mutual information[C]//Proceedings of the 2015 IEEE International Conference on Communications. Piscataway: IEEE, 2015:7204-7209. 10.1109/icc.2015.7249476 |
3 | 文坤,杨家海,张宾.低速率拒绝服务攻击研究与进展综述[J].软件学报,2014,25(3):591-605. 10.13328/j.cnki.jos.004520 |
WEN K, YANG J H, ZHANG B. Survey on research and progress of low-rate denial of service attacks[J]. Journal of Software, 2014, 25(3):591-605. 10.13328/j.cnki.jos.004520 | |
4 | KUZMANOVIC A, KNIGHTLY E W. Low-rate TCP-targeted denial of service attacks and counter strategies[J]. IEEE/ACM Transactions on Networking, 2006, 14(4):683-696. 10.1109/tnet.2006.880180 |
5 | 谢升旭,魏伟,邢长友,等.面向SDN拓扑发现的LDoS攻击防御技术研究[J].计算机工程与应用,2020,56(10):88-93. 10.1007/978-981-15-9031-3_8 |
XIE S X, WEI W, XING C Y, et al. Research on LDoS attack defense technology for SDN topology discovery[J].Computer Engineering and Applications, 2020, 56(10):88-93. 10.1007/978-981-15-9031-3_8 | |
6 | 张朝昆,崔勇,唐翯祎,等.软件定义网络(SDN)研究进展[J].软件学报,2015,26(1):62-81. 10.13328/j.cnki.jos.004701 |
ZHANG C K, CUI Y, TANG H Y, et al. State-of-the-art survey on software-defined networking (SDN) [J]. Journal of Software, 2015, 26(1):62-81. 10.13328/j.cnki.jos.004701 | |
7 | 岳猛,张才峰,吴志军.隐马尔科夫模型检测LDoS攻击方法的研究[J].信号处理,2015,31(11):1454-1460. 10.3969/j.issn.1003-0530.2015.11.010 |
YUE M, ZHANG C F, WU Z J. The research of detecting LDoS attacks based on hidden Markov model[J]. Journal of Signal Processing, 2015, 31(11):1454-1460. 10.3969/j.issn.1003-0530.2015.11.010 | |
8 | 何炎祥,曹强,刘陶,等.一种基于小波特征提取的低速率DoS检测方法[J].软件学报,2009,20(4):930-941. 10.3724/SP.J.1001.2009.03302 |
HE Y X, CAO Q, LIU T, et al. A low-rate DoS detection method based on feature extraction using wavelet transform[J]. Journal of Software, 2009, 20(4):930-941. 10.3724/SP.J.1001.2009.03302 | |
9 | 吴志军,曾化龙,岳猛. 基于时间窗统计的LDoS攻击检测方法的研究[J].通信学报,2010,31(12):55-62. 10.3969/j.issn.1000-436X.2010.12.007 |
WU Z J, ZENG H L, YUE M. Approach of detecting LDoS attack based on time window statistic [J]. Journal on Communications, 2010, 31(12):55-62. 10.3969/j.issn.1000-436X.2010.12.007 | |
10 | 苟峰,余谅,盛钟松.基于CUSUM算法的LDoS攻击检测方法[J].四川大学学报(自然科学版),2020,57(3):476-482. 10.3969/j.issn.0490-6756.2020.03.010 |
GOU F, YU L, SHENG Z S. Detecting low-rate DoS attacks based on cumulative sum algorithm [J]. Journal of Sichuan University(Natural Science Edition), 2020, 57(3):476-482. 10.3969/j.issn.0490-6756.2020.03.010 | |
11 | 吴志军,潘卿波,岳猛.基于ACK序号步长的LDoS攻击检测方法[J].通信学报,2018,39(7):139-147. 10.11959/j.issn.1000-436x.2018126 |
WU Z J, PAN Q B, YUE M. Detection method of LDoS attack based on ACK serial number step-length [J]. Journal on Communications, 2018, 39(7):139-147. 10.11959/j.issn.1000-436x.2018126 | |
12 | YUE M, LIU L, WU Z J, et al. Identifying LDoS attack traffic based on wavelet energy spectrum and combined neural network[J]. International Journal of Communication Systems, 2018, 31(2):e3449. 10.1002/dac.3449 |
13 | 吴志军,张景安,岳猛,等.基于联合特征的LDoS攻击检测方法[J].通信学报,2017,38(5):19-30. 10.11959/j.issn.1000-436x.2017075 |
WU Z J, ZHANG J A, YUE M, et al. Approach of detecting low-rate DoS attack based on combined features[J]. Journal on Communications, 2017, 38(5):19-30. 10.11959/j.issn.1000-436x.2017075 | |
14 | TANG D, TANG L, SHI W, et al. MF-CNN: a new approach for LDoS attack detection based on Multi-feature fusion and CNN[J]. Mobile Networks and Applications, 2021, 26:1705-1722. 10.1007/s11036-019-01506-1 |
15 | TANG D, MAN J P, TANG L, et al. WEDMS: an advanced mean shift clustering algorithm for LDoS attacks detection[J]. Ad Hoc Networks, 2020, 102: 102145. 10.1016/j.adhoc.2020.102145 |
16 | 陈兴蜀,滑强,王毅桐,等.云环境下SDN网络低速率DDoS攻击的研究[J].通信学报,2019,40(6):210-222. 10.11959/j.issn.1000-436x.2019120 |
CHEN X S, HUA Q, WANG Y T, et al. Research on low-rate DDoS attack of SDN network in cloud environment[J].Journal on Communications, 2019, 40 (6): 210-222. 10.11959/j.issn.1000-436x.2019120 | |
17 | 颜通,白志华,高镇,等.SDN环境下的LDoS攻击检测与防御技术[J].计算机科学与探索,2020,14(4):566-577. 10.3778/j.issn.1673-9418.1905043 |
YAN T, BAI Z H, GAO Z, et al. Detection and defense mechanism of LDoS attack in SDN environment[J]. Journal of Frontiers of Computer Science and Technology, 2020, 14(4):566-577. 10.3778/j.issn.1673-9418.1905043 | |
18 | 王文涛,王玲霞,黄烨.SDN环境下基于Renyi熵的低速率分布式拒绝攻击的检测[J].中南民族大学学报(自然科学版), 2017,36(3):131-136. 10.3969/j.issn.1672-4321.2017.03.027 |
WANG W T, WANG L X, HUA Y. Detection of low rate DDoS attacks based on Renyi entropy in SDN environment[J]. Journal of South-Central University for Nationalities (Natural Science Edition), 2017, 36 (3):131-136. 10.3969/j.issn.1672-4321.2017.03.027 | |
19 | 徐建峰,王利明,徐震.软件定义网络中资源消耗型攻击及防御综述[J].信息安全学报,2020,5(4):72-95. 10.1016/j.comnet.2019.107092 |
XU J F, WANG L M, XU Z. Survey on resource consumption attacks and defenses in software-defined networking[J].Journal of Cyber Security, 2020, 5(4):72-95. 10.1016/j.comnet.2019.107092 | |
20 | MAULIK K, RESNICK S. The self-similar and multifractal nature of a network traffic model[J]. Communications in Statistics Stochastic Models, 2003, 19(4):549-577. 10.1081/stm-120025404 |
21 | 刘向举,刘鹏程,徐辉,等.基于软件定义物联网的分布式拒绝服务攻击检测方法[J].计算机应用,2020,40(3):753-759. |
LIU X J, LIU P C, XU H, et al. Software defined internet of things based DDoS attack detection method[J]. Journal of Computer Applications, 2020, 40(3):753-759. | |
22 | TANG D, TANG L, DAI R, et al. MF-Adaboost: LDoS attack detection based on multi-features and improved Adaboost[J]. Future Generation Computer Systems, 2020, 106:347-359. 10.1016/j.future.2019.12.034 |
23 | 吴志军,李红军,刘亮,等.基于小波能谱熵和隐半马尔可夫模型的LDoS攻击检测[J].软件学报,2020,31(5):1549-1562. |
WU Z J, LI H J, LIU L, et al. Detection of LDoS attacks based on wavelet energy entropy and hidden semi-Markov models[J]. Journal of Software, 2020, 31(5):1549-1562. |
[1] | Zihao YAO, Yuanming LI, Ziqiang MA, Yang LI, Lianggen WEI. Multi-object cache side-channel attack detection model based on machine learning [J]. Journal of Computer Applications, 2024, 44(6): 1862-1871. |
[2] | Chenyang GE, Qinrang LIU, Xue PEI, Shuai WEI, Zhengbin ZHU. Efficient collaborative defense scheme against distributed denial of service attacks in software defined network [J]. Journal of Computer Applications, 2023, 43(8): 2477-2485. |
[3] | Yiting SUN, Yue GUO, Changjin LI, Hongjun ZHANG, Kang LIU, Junjiao Liu, Limin SUN. Intrusion detection method for control logic injection attack against programmable logic controller [J]. Journal of Computer Applications, 2023, 43(6): 1861-1869. |
[4] | Rongrong DAI, Honghui LI, Xueliang FU. Data center flow scheduling mechanism based on differential evolution and ant colony optimization algorithm [J]. Journal of Computer Applications, 2022, 42(12): 3863-3869. |
[5] | Hexiong CHEN, Yuwei LUO, Yunkai WEI, Wei GUO, Feilu HANG, Zhengxiong MAO, Zhenhong ZHANG, Yingjun HE, Zhenyu LUO, Linjiang XIE, Ning YANG. Blockchain-based data frame security verification mechanism in software defined network [J]. Journal of Computer Applications, 2022, 42(10): 3074-3083. |
[6] | XU Hongliang, YANG Guiqin, JIANG Zhanjun. Data center adaptive multi-path load balancing algorithm based on software defined network [J]. Journal of Computer Applications, 2021, 41(4): 1160-1164. |
[7] | Xiaohang MA, Lingxia LIAO, Zhi LI, Bin QIN, Han-chieh CHAO. Multi-objective optimization based on dynamic mixed flow entry timeouts in software defined network [J]. Journal of Computer Applications, 2021, 41(12): 3658-3665. |
[8] | ZHU Mengdi, SHU Yong’an. Verification of control-data plane consistency in software defined network [J]. Journal of Computer Applications, 2020, 40(6): 1751-1754. |
[9] | XIANG Xiong, TIAN Jian. P2P transmission scheduling optimization based on software defined network [J]. Journal of Computer Applications, 2020, 40(3): 777-782. |
[10] | ZHAO Jihong, WU Doudou, QU Hua, YIN Zhenyu. Survivable virtual network embedding guarantee mechanism based on software defined network [J]. Journal of Computer Applications, 2020, 40(3): 770-776. |
[11] | LIU Xiangju, LIU Pengcheng, XU Hui, ZHU Xiaojuan. Distributed denial of service attack detection method based on software defined Internet of things [J]. Journal of Computer Applications, 2020, 40(3): 753-759. |
[12] | CHI Yaping, MO Chongwei, YANG Yintan, CHEN Chunxia. Design and implementation of intrusion detection model for software defined network architecture [J]. Journal of Computer Applications, 2020, 40(1): 116-122. |
[13] | JIA Mengyao, WANG Xingwei, ZHANG Shuang, YI Bo, HUANG Min. Software defined network based fault tolerant routing mechanism for satellite networks [J]. Journal of Computer Applications, 2019, 39(6): 1772-1779. |
[14] | LI Zhaobin, LIU Zeyi, WEI Zhanzhen, HAN Yu. Software defined network path security based on Hash chain [J]. Journal of Computer Applications, 2019, 39(5): 1368-1373. |
[15] | ZOU Chengming, LIU Panwen, TANG Xing. Real-time defence against dynamic host configuration protocol flood attack in software defined network [J]. Journal of Computer Applications, 2019, 39(4): 1066-1072. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||