摘 要:SDN 环境下,针对基于信息熵值的 DDoS 攻击检测方法一般采用固定阈值,无法较好适应网络环境动态变化而导致高误报率的问题,基于此提出了一种对传统信息熵的改进方法,在使用信息熵的基础上运用指数加权移动平均算法设定动态阈值,减小了固定阈值对检测正确率的影响。仿真实验表明该方法较传统信息熵值检测方法提高了检测准确率,同时降低了误报率和检测时间。
关键词:SDN;DDoS;信息熵;动态阈值
中图分类号:TP393.08 文献标识码:A 文章编号:2096-4706(2019)21-0129-03
Improvement of DDoS Attack Detection Method Based on Information Entropy in SDN Environment
ZHAO Beibei
(Xi’an Polytechnic University,Xi’an 710048,China)
Abstract:In the software definition network(SDN) environment,the method of DDoS attack detection based on the information entropy value generally adopts the fixed threshold value,can not adapt to the dynamic change of the network environment and leads to the problem of high error rate,and provides an improved method for the traditional information entropy. Based on the information entropy,the dynamic threshold is set by using the index-weighted moving average algorithm,and the influence of the fixed threshold on the detection accuracy is reduced. The simulation experiment shows that the method improves the detection accuracy compared with the traditional information entropy value detection method,and simultaneously reduces the error rate and the detection time.
Keywords:SDN;DDoS;information entropy;dynamic threshold
参考文献:
[1] 陈豪杰,贾创辉,邵维专 .SDN 环境下 DDoS 攻击检测研究进展 [J]. 现代计算机(专业版),2019(5):47-51.
[2] KREUTZ D,RAMOS F M V,VERISSIMO P,et al. Software-defined networking:A comprehensive survey [J]. Proceedings of the IEEE,2015,103(1):14-76.
[3] 张朝昆,崔勇,唐翯翯,等 . 软件定义网络(SDN)研究进展 [J]. 软件学报,2015,26(1):62-81.
[4] 王晓瑞,庄雷,胡颖,等 .SDN 环境下基于 BP 神经网络的 DDoS 攻击检测方法 [J]. 计算机应用研究,2018,35(3):911-915.
[5] BEHAL S,SALUJA K K,SACHDEVA M. D-FACE:An anomaly based distributed approach for early detection of DDoS attacks and flash events [J]. Journal of Network and Computer Applications,2018,111:49-63.
[6] ZHOU L,JIANG H,ZHOU X. A Survey of Traceback Based on Probabilistic Packet Marking Under DDoS Attacks [J]. Journal of Physics:Conference Series,2019,1213:1-5.
[7] Mousavi S M,St-Hilaire M. Early detection of DDoS attacks against software defined network controllers [J]. Journal of Network and Systems Management,2017,26(3):573-591.
[8] WANG R,JIA Z,JU L. An entropy-based distributed DDoS detection mechanism in software-defined networking [C]//2015 IEEE Trustcom/BigDataSE/ISPA,August 20-22,2015,Helsinki,Finland. IEEE,2015,1:310-317.
[9] KOTANI D,OKABE Y. A packet-in message filtering mechanism for protection of control plane in OpenFlow switches [J]. IEICE TRANSACTIONS on Information and Systems,2016,99(3):695-707.
[10] MOHAMMADI R,JAVIDAN R,CONTI M. Slicots:An sdn-based lightweight countermeasure for tcp syn flooding attacks [J]. IEEE Transactions on Network and Service Management,2017,14(2):487-497.
[11] 李蕊,张路桥,李海峰,等 . 基于熵的网络异常流量检测研究综述 [J]. 计算机系统应用,2017,26(6):36-39.
[12] 韩子铮 .SDN 中一种基于熵值检测 DDoS 攻击的方法 [J].信息技术,2017(1):63-66.
作者简介:赵贝贝(1994-),女,汉族,陕西咸阳人,硕士研究生,研究方向:网络安全。