SDN中基于统计与集成自编码器的DDoS攻击检测模型

扫码查看

原文链接

万方数据
维普

中文摘要：软件定义网络(Software-defined Networking,SDN)是一种提供细颗粒集中网络管理服务的新型网络体系结构,主要有控制与转发分离、集中控制和开放接口基本特征.SDN由于控制层的集中管理逻辑,控制器被攻击者作为理想的分布式拒绝服务攻击(Distributed Denial-of-Service,DDoS)目标.然而,传统的基于统计的DDoS攻击检测算法常存在误报率高、阈值固定等问题;基于机器学习模型的检测算法常存在计算资源消耗大、泛化性差等问题.为此,文中提出了一种基于统计特征与集成自编码器的DDoS攻击双层检测模型.基于统计的方法提取Rényi熵特征,设置动态阈值判断可疑流量;基于集成自编码器算法对可疑流量进行更精确的DDoS攻击判断.双层检测模型不仅提升了检测效果,解决了误报率高的问题,同时还有效地缩短了检测时间,从而减少了计算资源的消耗.实验结果表明,该模型在不同网络环境下都有较高的准确率,不同数据集检测的F1值最低都达到了 98.5％以上,表现出了很强的泛化性.

外文标题：DDoS Attack Detection Model Based on Statistics and Ensemble Autoencoders in SDN

外文摘要：Software-defined networking(SDN)is a novel network architecture that provides fine-grained centralized network management services.It is characterized by control and forwarding separation,centralized control,and open interface characteris-tics.Due to the centralized management logic of the control layer,controllers have becom the prime targets for distributed denial-of-service(DDoS)attacks.Traditional statistics-based DDoS attack detection algorithms often have problems such as high false-positive rates and fixed thresholds,while detection algorithms based on machine learning models are often involved in substantial computational resource consumption and poor generalization.To address these challenges,this study proposes a two-tier DDoS at-tack detection model based on statistical features and ensemble autoencoders.The statistics-based method extracts Rényi entropy features and sets a dynamic threshold to judge suspicious traffic.The ensemble autoencoder algorithm is then applied for a more accurate DDoS attack judgment of suspicious traffic.The double-layered model not only enhances detection performance and solves the problem of high false alarm rates,but also effectively shortens the detection time,thereby reducing the consumption of computational resources.Experimental results show that the model achieves high accuracy in different network environments,with the lowest F1 score on various datasets is more than 98.5％,demonstrating a strong generalization capability.

外文关键词：

Software-defined networkingDistributed denial-of-service(DDoS)Rényi entropyDynamic thresholdAutoencoder

作者：

李春江、尹少平、池浩田、杨静、耿海军

展开 >

作者单位：

山西大学自动化与软件学院太原 030006

山西大学大数据科学与产业研究院太原 030006

山西大学计算机与信息技术学院太原 030006

关键词：

软件定义网络分布式拒绝服务攻击 Rényi熵动态阈值自编码器

基金：

山西省应用基础研究计划山西省高等学校科技创新项目中国高校产学研创新基金项目国家自然科学基金山西省重点研发计划山西省重点研发计划国家重点研发计划

项目编号：

202103021234442022L0022021FNA0200961702315201903D4210032022020201010042018YFB1800401

出版年：

2024

DOI：

10.11896/jsjkx.230900028

计算机科学

重庆西南信息有限公司（原科技部西南信息中心）

计算机科学

CSTPCD北大核心

影响因子：0.944

ISSN：1002-137X

年,卷(期)：2024.51(11)