第11 卷 第22 期 Vol.11 No.22 2018 年 11 月 November 2018 基于 SDN 的 DDoS 攻击检测技术研究 赵智勇,辛 阳 * (北京邮电大学网络空间安全学院,北京 100876) 摘要:软件定义网络(software defined network,SDN)是一种新型的网络架构,其核心优点是转发与控制相 分离,并且用户可以自定义控制器。分布式拒绝服务(distributed denial of service,DDoS)攻击是目前互联网 正面临的主要威胁之一。由于 SDN 的这种架构会导致其对 DDoS 攻击存在单点失效的危机,因此本文提出一 种基于熵值计算的 DDoS 攻击异常检测算法。该算法能够有效利用控制器集中控制的特点。其主要流程是在 SDN 的环境下利用在控制器上接收到的 Packet-in 数据包,然后取出数据包中的目的 IP 字段进行 Renyi 熵的计 算,并通过实验设定相应的阈值进而判断是否受到了 DDoS 攻击。最后,利用 POX 控制器和 Mininet 仿真器 构建一个实验仿真平台,并通过实验验证该检测方法的可行性和性能。 关键词:计算机科学技术基础学科;软件定义网络;分布式拒绝服务攻击;Renyi 熵;异常检测 中图分类号:TP399 文献标识码:A 文章编号:1674-2850(2018)22-2270-09 Research on DDoS attack detection technology based on SDN ZHAO Zhiyong, XIN Yang (School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100876, China) Abstract: Software defined network (SDN) is a new network architecture. Its core advantage is the separation between forwarding and control, and users can customize the controller. At present, distributed denial of service (DDoS) attack is one of the major threats to the Internet. Because of the architecture of SDN can cause a single point failure to DDoS attack, this paper proposes a DDoS attack anomaly detection method based on entropy algorithm. The algorithm can effectively utilize the characteristics of controller centralized control. The main process is to use the Packet-in packet received on the controller under the environment of SDN, then to take out the IP field in the packet for the calculation of the Renyi entropy, and to set the corresponding threshold by the experiment to judge whether or not it has been attacked by DDoS. Finally, an experimental simulation platform is built by using POX controller and Mininet simulator. The feasibility and detection capability of the detection method are verified by experiments. Key words: basic subject of computer science and technology; software defined network; distributed denial of service attack; Renyi entropy; anomaly detection 0 引言 传统的网络体系架构对现代互联网的发展做出了不可磨灭的贡献,然而当前云计算、大数据和物联 网的快速发展也对传统的网络体系提出了挑战。因此,SDN [1] 应运而生。它是一种新型的网络架构,意 在摒弃传统的渐进叠加和向前兼容的原则以重塑互联网,其核心理念是将传统 IP 网络的路由控制和数据 转发进行分离,使控制更加集中化,通过给用户提供软件可编程的方式以实现对网络流量的灵活控制。 作者简介:赵智勇(1994—),男,硕士研究生,主要研究方向:网络安全、云计算 通信联系人:辛阳,副教授,主要研究方向:网络信息安全、云计算大数据安全和灾备安全. E-mail: [email protected]
9
Embed
Research on DDoS attack detection technology based on SDN · DDoS攻击针对SDN控制平面的可行性;在数据平面上利用了快填充隐蔽流DDoS攻击和针对该类DDoS
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
第11卷 第22期 Vol.11 No.22 2018 年 11 月 November 2018
基于 SDN 的 DDoS 攻击检测技术研究 赵智勇,辛 阳*
(北京邮电大学网络空间安全学院,北京 100876)
摘要:软件定义网络(software defined network,SDN)是一种新型的网络架构,其核心优点是转发与控制相
分离,并且用户可以自定义控制器。分布式拒绝服务(distributed denial of service,DDoS)攻击是目前互联网
正面临的主要威胁之一。由于 SDN 的这种架构会导致其对 DDoS 攻击存在单点失效的危机,因此本文提出一
Research on DDoS attack detection technology based on SDN ZHAO Zhiyong, XIN Yang
(School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100876, China)
Abstract: Software defined network (SDN) is a new network architecture. Its core advantage is the separation between forwarding and control, and users can customize the controller. At present, distributed denial of service (DDoS) attack is one of the major threats to the Internet. Because of the architecture of SDN can cause a single point failure to DDoS attack, this paper proposes a DDoS attack anomaly detection method based on entropy algorithm. The algorithm can effectively utilize the characteristics of controller centralized control. The main process is to use the Packet-in packet received on the controller under the environment of SDN, then to take out the IP field in the packet for the calculation of the Renyi entropy, and to set the corresponding threshold by the experiment to judge whether or not it has been attacked by DDoS. Finally, an experimental simulation platform is built by using POX controller and Mininet simulator. The feasibility and detection capability of the detection method are verified by experiments. Key words: basic subject of computer science and technology; software defined network; distributed denial of service attack; Renyi entropy; anomaly detection