CN104158800A - Detection method of DDoS (Distributed Denial of Service) attack for software defined network (SDN) - Google Patents
Detection method of DDoS (Distributed Denial of Service) attack for software defined network (SDN) Download PDFInfo
- Publication number
- CN104158800A CN104158800A CN201410348507.6A CN201410348507A CN104158800A CN 104158800 A CN104158800 A CN 104158800A CN 201410348507 A CN201410348507 A CN 201410348507A CN 104158800 A CN104158800 A CN 104158800A
- Authority
- CN
- China
- Prior art keywords
- flow
- stream
- hexa
- atomic group
- ddos
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention provides a detection method suitable for realizing DDoS (Distributed Denial of Service) attack with a modularized concept in a software defined network (SDN) environment. The detection method comprises the following steps: selecting six key attributes such as Apf, Abf, Adf, PPf, GSf and GDP of network flow on an SDN controller to form a six-element group; realizing DDoS attack detection in the SDN environment by adopting a KNN (K-Nearest Neighbor) algorithm. Through the adoption of the method, the DDoS flow detection of a plurality of SDN exchangers in an efficient SDN environment can be realized, while the system false alarm rate is reduced.
Description
Technical field
The present invention is that one is applicable to software defined network (Software Defined Network, be abbreviated as SDN) in environment, on SDN controller, choose the determinant attribute of network traffics and adopt K arest neighbors (K-Nearest Neighbor, be abbreviated as KNN) algorithm realizes distributed denial of service attack in SDN environment (Distributed Denial ofService, is abbreviated as DDoS) attack detecting.This technology belongs to computer network field.
Background technology
In legacy network, control to flow and forwarding all depend on the network equipment and realize, and integrated and the tightly coupled operating system of traffic performance and specialized hardware in equipment, these operating systems and specialized hardware are all each producer oneself exploitation and design, lack flexibility and autgmentability, hindered further developing of network.The generation of SDN concept and correlation technique is just in order to overcome above shortcoming.
SDN is a kind of novel network architecture, and design concept is that the control plane of network is separated with data retransmission aspect, and realizes able to programmeization control.SDN framework is divided into three layers conventionally, and the superiors are application layer, comprises different business and application; Key-course is mainly responsible for the layout of deal with data resource, maintaining network topology, information state etc.; Infrastructure layer is responsible for the data processing based on stream table, forwards and state collection.In SDN, the network equipment is only responsible for simple data retransmission, can adopt general hardware; The operating system of being originally responsible for controlling will become independently network operating system, be responsible for the adaptation of different business characteristic by it, and communication between network operating system and traffic performance and hardware device can realize by programming.
Openflow technology has tentatively realized the thought of SDN, and Openflow technology is realized by Openflow switch and Openflow controller.Openflow switch is shown (flow table) by stream and is wrapped and search and forward, and is data retransmission plane; Openflow controller is responsible for the configuration of Openflow switch upper reaches table, is control plane.Controller is the core of Openflow technology, between controller and switch, can pass through Openflow agreement, realizes inquiry, interpolation, the deletion of switch stream table, the statistics of switch stream and bag etc.
Openflow controller has the control of network, can check the information of this network, so can be to ddos attack flow examinations and the processing of network.
Denial of Service attack (Denial of Service, is abbreviated as DoS) refer to one or more attack sources by data falsification, send illegal request and flood normal service, to such an extent as to legitimate request is left in the basket, and causes service quality to decline.This attack, conventionally by consume network bandwidth and host resource, makes network or main frame exceed peak load, thereby service cannot be normally provided.DDoS, refers to and utilizes distributed attack pattern, controls some main frames offensive attack simultaneously that can start Denial of Service attack on network, manufactures a large amount of packet target approach network or main frame, causes the paralysis of destination host or network.The threshold of ddos attack of today is very low, and assailant does not need to utilize any hacker's the support just can be by attacking software offensive attack, and more famous attack tool has Trinoo, TFN, Stacheldraht, TFN2K.
KNN algorithm is the classic algorithm in data mining, also be often used in classification, this algorithm is a given data set first, then for the example of new input, concentrate and find K the example the most contiguous with this example at training data, the majority of this K example belongs to certain class, just this input example is categorized in this class.
Summary of the invention
Technical problem: the detecting method of distributed denial of service attacking that the object of this invention is to provide a kind of software-oriented define grid, by choosing the determinant attribute in network traffics, compare with the result set of initial training, reach the object that detects ddos attack in software defined network, can realize the analysis of efficient flow determinant attribute and attack detecting by this method.
Technical scheme: method of the present invention adopts SDN controller stream table analysis and KNN algorithm, completes the detection of abnormal flow.When flow enters SDN switch, first check the stream table on switch, have occurrence to carry out corresponding action, such as forwarding operation; If there is no the list item of coupling, message is sent to SDN controller, generate stream table and send to switch by SDN controller.SDN controller can also obtain the stream table information on switch at any time, and by analysis stream table information, we can learn in this period of network whether suffer ddos attack.
The method comprises following concrete steps:
The detecting step of the distributed denial of service attack of software-oriented define grid is as follows:
1) stream table collection module regularly sends stream table to software defined network SDN switches all in network by software defined network SDN controller and obtains message and obtain stream table information, stream table information exchange is crossed safe lane and is sent to controller, and it is 3 seconds that the time interval of regularly obtaining is set;
2) one hexa-atomic group of the stream table information composition that characteristic extracting module analysis obtains, each switch has one hexa-atomic group, and by switch, ID carrys out identification; Hexa-atomic group that chooses comprises: the message in average each stream is counted Apf, the byte number Abf in average each stream, the duration Adf of average each stream list item, the ratio PPf of interactive stream, the speedup GSf of nonreciprocal stream, the speedup GDP of different port;
3) to decide the flow in this period be normal discharge or distributed denial of service attack ddos attack flow to hexa-atomic group in sort module analytical characteristic extraction module; Sort module is used KNN algorithm to carry out the classification of flow to hexa-atomic group in characteristic extracting module, first use respectively normal discharge and the DDoS flow of some groups to train sort module, several sample points are obtained, then obtain a nearest K neighbour to hexa-atomic group that detects flow, if DDoS flow point is more than normal discharge point in K neighbours, think that flow is DDoS flow, otherwise, think that this flow point is normal discharge; When new sample point is asked to nearest K neighbours, the distance metric of use is mahalanobis distance, i hexa-atomic group with individual hexa-atomic group of j between mahalanobis distance D
ijcalculate with following formula
Wherein, S trains the covariance matrix of hexa-atomic group early stage, and T represents transposition.
Beneficial effect: the inventive method adopts modular construction, comprehensively extracts the determinant attribute of SDN framework down-off, uses K nearest neighbor algorithm to the determinant attribute data analysis extracting, and has higher discrimination and the lower alert rate of mistake.
Brief description of the drawings
Fig. 1 is detection procedure.
Embodiment
The step that ddos attack based on SDN controller detects is as follows:
(1) stream table collection module regularly sends stream table to SDN switches all in network by SDN controller and obtains message and obtain stream table information, and stream table information exchange is crossed safe lane and sent to controller.
(2) one hexa-atomic group of the stream table information composition that characteristic extracting module analysis obtains.Each switch has one hexa-atomic group, and by switch, ID carrys out identification.
(3) to decide the flow in this period be normal discharge or ddos attack flow to hexa-atomic group in sort module analytical characteristic extraction module.
The time interval of further, regularly obtaining flow information, we were made as 3 seconds.
Further, hexa-atomic group that we choose comprises Apf (the message number in average each stream), Abf (byte number in average each stream), Adf (duration of average each stream list item), PPf (ratio of interactive stream), GSf (speedup of nonreciprocal stream), GDP (speedup of different port).
Further, our sort module is used KNN algorithm to carry out the classification of flow to hexa-atomic group in characteristic extracting module, we first use respectively normal discharge and the DDoS flow of some groups to train sort module, several points are obtained, then obtain a nearest K neighbour to hexa-atomic group that detects flow, if DDoS flow point is more than normal discharge point in K neighbours, we think that this flow is DDoS flow, otherwise we think that this flow point is normal discharge.
Further, we select mahalanobis distance K neighbours' distance metric standard, the mahalanobis distance D between i hexa-atomic group and j hexa-atomic group
ijcalculate with following formula
Wherein, S trains the covariance matrix of hexa-atomic group early stage, and T is transposition.
Fig. 1 is the handling process detecting, and is divided into three modules, is respectively stream table collection module, characteristic extracting module, sort module.Stream table collection module is responsible for the collection of SDN switch upper reaches table, and characteristic extracting module is responsible for analysis and the extraction work of convection current table determinant attribute, and the data that sort module is responsible for characteristic extracting module to provide are classified.
The detecting method of distributed denial of service attacking of software-oriented define grid, is included in following concrete steps:
(1) stream table collection module regularly sends stream table to SDN switches all in network by SDN controller and obtains message and obtain stream table information, and stream table information exchange is crossed safe lane and sent to controller, and we arrange the time interval of regularly obtaining is 3 seconds.
(2) one hexa-atomic group of the stream table information composition that characteristic extracting module analysis obtains.Each switch has one hexa-atomic group, and by switch, ID carrys out identification.Hexa-atomic group that we choose comprises Apf (the message number in average each stream), Abf (byte number in average each stream), Adf (duration of average each stream list item), PPf (ratio of interactive stream), GSf (speedup of nonreciprocal stream), GDP (speedup of different port).
Wherein, for Apf, Abf, ADf chooses, we utilize the concept of median, first carry out ascending sort according to message number, byte number and duration respectively by every in stream table, suppose that X is message number or byte number or the duration in each stream, n is the number of stream list item, and median md (X) is:
PPf is the important indicator of weighing interactive stream.Suppose to have stream 1 and stream 2, we are defined as follows interactive stream: the source IP address of stream 1 equates with the destination address of stream 3; Stream 1 destination address equals to flow 3 source address; Stream 1 is identical with the agreement that stream 3 uses.DDos attacks and uses IP spoofing can cause the ratio of nonreciprocal stream significantly to rise, and Pair_flow_num is the logarithm of interactive stream, and flow_num is the sum of stream.It is as follows that we calculate the formula of interactive stream ratio:
GSf refers to the speedup of nonreciprocal stream, and when DDos commence firing, the number of nonreciprocal stream can significantly increase, and interval is that we get the time delay that stream table is set, and it is as follows that we calculate the formula of speedup of nonreciprocal stream:
GDP refers to the speedup of different port, and when ddos attack, the selection of port is also random, so the speedup of port is also very large.
(3) to decide the flow in this period be normal discharge or ddos attack flow to hexa-atomic group in sort module analytical characteristic extraction module.Our sort module is used KNN algorithm to carry out the classification of flow to hexa-atomic group in characteristic extracting module, we first use respectively normal discharge and the DDoS flow of some groups to train sort module, several sample points are obtained, then obtain a nearest K neighbour to hexa-atomic group that detects flow, if DDoS flow point is more than normal discharge point in K neighbours, we think that flow is DDoS flow, otherwise we think that this flow point is normal discharge.When new sample point is asked to nearest K neighbours, the distance metric of use is mahalanobis distance, i hexa-atomic group with individual hexa-atomic group of j between mahalanobis distance D
ijcalculate with following formula:
Wherein, S trains the covariance matrix of hexa-atomic group early stage, and T represents transposition.
Claims (1)
1. a detecting method of distributed denial of service attacking for software-oriented define grid, is characterized in that the method comprises following concrete steps:
The detecting step of the distributed denial of service attack of software-oriented define grid is as follows:
1) stream table collection module regularly sends stream table to software defined network SDN switches all in network by software defined network SDN controller and obtains message and obtain stream table information, stream table information exchange is crossed safe lane and is sent to controller, and it is 3 seconds that the time interval of regularly obtaining is set;
2) one hexa-atomic group of the stream table information composition that characteristic extracting module analysis obtains, each switch has one hexa-atomic group, and by switch, ID carrys out identification; Hexa-atomic group that chooses comprises: the message in average each stream is counted Apf, the byte number Abf in average each stream, the duration Adf of average each stream list item, the ratio PPf of interactive stream, the speedup GSf of nonreciprocal stream, the speedup GDP of different port;
3) to decide the flow in this period be normal discharge or distributed denial of service attack ddos attack flow to hexa-atomic group in sort module analytical characteristic extraction module; Sort module is used KNN algorithm to carry out the classification of flow to hexa-atomic group in characteristic extracting module, first use respectively normal discharge and the DDoS flow of some groups to train sort module, several sample points are obtained, then obtain a nearest K neighbour to hexa-atomic group that detects flow, if DDoS flow point is more than normal discharge point in K neighbours, think that flow is DDoS flow, otherwise, think that this flow point is normal discharge; When new sample point is asked to nearest K neighbours, the distance metric of use is mahalanobis distance, i hexa-atomic group with individual hexa-atomic group of j between mahalanobis distance D
ijcalculate with following formula
Wherein, S trains the covariance matrix of hexa-atomic group early stage, and T represents transposition.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410348507.6A CN104158800A (en) | 2014-07-21 | 2014-07-21 | Detection method of DDoS (Distributed Denial of Service) attack for software defined network (SDN) |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410348507.6A CN104158800A (en) | 2014-07-21 | 2014-07-21 | Detection method of DDoS (Distributed Denial of Service) attack for software defined network (SDN) |
Publications (1)
Publication Number | Publication Date |
---|---|
CN104158800A true CN104158800A (en) | 2014-11-19 |
Family
ID=51884205
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410348507.6A Pending CN104158800A (en) | 2014-07-21 | 2014-07-21 | Detection method of DDoS (Distributed Denial of Service) attack for software defined network (SDN) |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104158800A (en) |
Cited By (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104394140A (en) * | 2014-11-21 | 2015-03-04 | 南京邮电大学 | Virtual network optimization method based on SDN |
CN104410643A (en) * | 2014-12-16 | 2015-03-11 | 上海斐讯数据通信技术有限公司 | Statistic-based anti-attack method of SDN (Soft Defined Network) controller |
CN104580222A (en) * | 2015-01-12 | 2015-04-29 | 山东大学 | DDoS attack distributed detection and response system and method based on information entropy |
CN105187437A (en) * | 2015-09-24 | 2015-12-23 | 广东顺德中山大学卡内基梅隆大学国际联合研究院 | Centralized detection system of SDN denial of service attack |
CN105337957A (en) * | 2015-09-24 | 2016-02-17 | 中山大学 | SDN network DDoS and DLDoS distributed space-time detection system |
CN106341335A (en) * | 2016-08-23 | 2017-01-18 | 上海斐讯数据通信技术有限公司 | Traffic control method and traffic control system based on SDN |
CN106341418A (en) * | 2016-10-08 | 2017-01-18 | 中国科学院信息工程研究所 | Domain name system (DNS) distributed reflection denial of service attack (DRDoS) detection and defense methods and systems |
CN106713307A (en) * | 2016-12-20 | 2017-05-24 | 中国科学院信息工程研究所 | Method and system for detecting consistency of flow tables in SDN (Software-defined Networking) |
CN107968785A (en) * | 2017-12-03 | 2018-04-27 | 浙江工商大学 | A kind of method of defending DDoS (Distributed Denial of Service) attacks in SDN data centers |
CN108123931A (en) * | 2017-11-29 | 2018-06-05 | 浙江工商大学 | Ddos attack defence installation and method in a kind of software defined network |
CN108183917A (en) * | 2018-01-16 | 2018-06-19 | 中国人民解放军国防科技大学 | DDoS attack cross-layer cooperative detection method based on software defined network |
CN108632269A (en) * | 2018-05-02 | 2018-10-09 | 南京邮电大学 | Detecting method of distributed denial of service attacking based on C4.5 decision Tree algorithms |
CN108769079A (en) * | 2018-07-09 | 2018-11-06 | 四川大学 | A kind of Web Intrusion Detection Techniques based on machine learning |
CN109005157A (en) * | 2018-07-09 | 2018-12-14 | 华中科技大学 | Ddos attack detection and defence method and system in a kind of software defined network |
CN109120627A (en) * | 2018-08-29 | 2019-01-01 | 重庆邮电大学 | A kind of 6LoWPAN network inbreak detection method based on improvement KNN |
CN110247893A (en) * | 2019-05-10 | 2019-09-17 | 中国联合网络通信集团有限公司 | A kind of data transmission method and SDN controller |
CN110365636A (en) * | 2019-05-23 | 2019-10-22 | 中国科学院信息工程研究所 | The method of discrimination and device of industry control honey jar attack data source |
CN111262832A (en) * | 2020-01-08 | 2020-06-09 | 北京工业大学 | DDoS attack discovery method for fusing trust and learning in cloud environment |
CN111294342A (en) * | 2020-01-17 | 2020-06-16 | 深圳供电局有限公司 | Method and system for detecting DDos attack in software defined network |
CN113268735A (en) * | 2021-04-30 | 2021-08-17 | 国网河北省电力有限公司信息通信分公司 | Distributed denial of service attack detection method, device, equipment and storage medium |
-
2014
- 2014-07-21 CN CN201410348507.6A patent/CN104158800A/en active Pending
Non-Patent Citations (3)
Title |
---|
RODRIGO BRAGA ET AL: "Lightweight DDoS Flooding Attack Detection Using NOX/OpenFlow", 《35TH ANNUAL IEEE CONFERENCE ON LOCAL COMPUTER NETWORKS》 * |
YANG LI ET AL: "A lightweight web server anomaly detection method based on transductive scheme and genetic algorithms", 《COMPUTER COMMUNICATIONS》 * |
张素莉等: "一种新颖的基于马氏距离的文本分类方法的研究", 《长春工程学院学报(自然科学版)》 * |
Cited By (32)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104394140A (en) * | 2014-11-21 | 2015-03-04 | 南京邮电大学 | Virtual network optimization method based on SDN |
CN104394140B (en) * | 2014-11-21 | 2018-03-06 | 南京邮电大学 | A kind of virtual network optimization method based on SDN |
CN104410643A (en) * | 2014-12-16 | 2015-03-11 | 上海斐讯数据通信技术有限公司 | Statistic-based anti-attack method of SDN (Soft Defined Network) controller |
CN104580222B (en) * | 2015-01-12 | 2018-01-05 | 山东大学 | Ddos attack Distributed Detection and response method based on comentropy |
CN104580222A (en) * | 2015-01-12 | 2015-04-29 | 山东大学 | DDoS attack distributed detection and response system and method based on information entropy |
CN105337957A (en) * | 2015-09-24 | 2016-02-17 | 中山大学 | SDN network DDoS and DLDoS distributed space-time detection system |
CN105337957B (en) * | 2015-09-24 | 2019-04-23 | 中山大学 | A kind of SDN network DDoS and DLDoS distribution space-time detection system |
CN105187437B (en) * | 2015-09-24 | 2018-06-26 | 广东顺德中山大学卡内基梅隆大学国际联合研究院 | A kind of centralized detecting system of SDN network Denial of Service attack |
CN105187437A (en) * | 2015-09-24 | 2015-12-23 | 广东顺德中山大学卡内基梅隆大学国际联合研究院 | Centralized detection system of SDN denial of service attack |
CN106341335A (en) * | 2016-08-23 | 2017-01-18 | 上海斐讯数据通信技术有限公司 | Traffic control method and traffic control system based on SDN |
CN106341418A (en) * | 2016-10-08 | 2017-01-18 | 中国科学院信息工程研究所 | Domain name system (DNS) distributed reflection denial of service attack (DRDoS) detection and defense methods and systems |
CN106341418B (en) * | 2016-10-08 | 2019-07-02 | 中国科学院信息工程研究所 | The detection of DNS distributed reflection type Denial of Service attack, defence method and system |
CN106713307A (en) * | 2016-12-20 | 2017-05-24 | 中国科学院信息工程研究所 | Method and system for detecting consistency of flow tables in SDN (Software-defined Networking) |
CN108123931A (en) * | 2017-11-29 | 2018-06-05 | 浙江工商大学 | Ddos attack defence installation and method in a kind of software defined network |
CN107968785A (en) * | 2017-12-03 | 2018-04-27 | 浙江工商大学 | A kind of method of defending DDoS (Distributed Denial of Service) attacks in SDN data centers |
CN108183917A (en) * | 2018-01-16 | 2018-06-19 | 中国人民解放军国防科技大学 | DDoS attack cross-layer cooperative detection method based on software defined network |
CN108632269A (en) * | 2018-05-02 | 2018-10-09 | 南京邮电大学 | Detecting method of distributed denial of service attacking based on C4.5 decision Tree algorithms |
CN108632269B (en) * | 2018-05-02 | 2020-06-02 | 南京邮电大学 | Distributed denial of service attack detection method based on C4.5 decision tree algorithm |
CN109005157A (en) * | 2018-07-09 | 2018-12-14 | 华中科技大学 | Ddos attack detection and defence method and system in a kind of software defined network |
CN108769079A (en) * | 2018-07-09 | 2018-11-06 | 四川大学 | A kind of Web Intrusion Detection Techniques based on machine learning |
CN109120627B (en) * | 2018-08-29 | 2021-07-13 | 重庆邮电大学 | 6LoWPAN network intrusion detection method based on improved KNN |
US20210266748A1 (en) * | 2018-08-29 | 2021-08-26 | Chongqing University Of Posts And Telecommunications | Improved KNN - Based 6LoWPAN Network Intrusion Detection Method |
CN109120627A (en) * | 2018-08-29 | 2019-01-01 | 重庆邮电大学 | A kind of 6LoWPAN network inbreak detection method based on improvement KNN |
WO2020042702A1 (en) * | 2018-08-29 | 2020-03-05 | 重庆邮电大学 | Improved knn-based 6lowpan network intrusion detection method |
CN110247893B (en) * | 2019-05-10 | 2021-07-13 | 中国联合网络通信集团有限公司 | Data transmission method and SDN controller |
CN110247893A (en) * | 2019-05-10 | 2019-09-17 | 中国联合网络通信集团有限公司 | A kind of data transmission method and SDN controller |
CN110365636B (en) * | 2019-05-23 | 2020-09-11 | 中国科学院信息工程研究所 | Method and device for judging attack data source of industrial control honeypot |
CN110365636A (en) * | 2019-05-23 | 2019-10-22 | 中国科学院信息工程研究所 | The method of discrimination and device of industry control honey jar attack data source |
CN111262832A (en) * | 2020-01-08 | 2020-06-09 | 北京工业大学 | DDoS attack discovery method for fusing trust and learning in cloud environment |
CN111262832B (en) * | 2020-01-08 | 2022-04-22 | 北京工业大学 | DDoS attack discovery method for fusing trust and learning in cloud environment |
CN111294342A (en) * | 2020-01-17 | 2020-06-16 | 深圳供电局有限公司 | Method and system for detecting DDos attack in software defined network |
CN113268735A (en) * | 2021-04-30 | 2021-08-17 | 国网河北省电力有限公司信息通信分公司 | Distributed denial of service attack detection method, device, equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104158800A (en) | Detection method of DDoS (Distributed Denial of Service) attack for software defined network (SDN) | |
Song et al. | Toward a more practical unsupervised anomaly detection system | |
Deepa et al. | Detection of DDoS attack on SDN control plane using hybrid machine learning techniques | |
Niyaz et al. | A deep learning based DDoS detection system in software-defined networking (SDN) | |
CN104506507B (en) | A kind of sweet net safety protective system and method for SDN | |
CN109005157B (en) | DDoS attack detection and defense method and system in software defined network | |
CN107231384B (en) | DDoS attack detection and defense method and system for 5g network slices | |
Hsieh et al. | Detection DDoS attacks based on neural-network using Apache Spark | |
KR101703446B1 (en) | Network capable of detection DoS attacks and Method for controlling thereof, Gateway and Managing server comprising the network | |
CN111181901B (en) | Abnormal flow detection device and abnormal flow detection method thereof | |
Lee et al. | Detection of DDoS attacks using optimized traffic matrix | |
CN101282340B (en) | Method and apparatus for processing network attack | |
Zhang et al. | Real-time distributed-random-forest-based network intrusion detection system using Apache spark | |
CN103607399A (en) | Special IP network safety monitor system and method based on hidden network | |
CN105956473B (en) | Malicious code detecting method based on SDN network | |
CN102801738A (en) | Distributed DoS (Denial of Service) detection method and system on basis of summary matrices | |
Khashab et al. | DDoS attack detection and mitigation in SDN using machine learning | |
CN106302450A (en) | A kind of based on the malice detection method of address and device in DDOS attack | |
CN111294342A (en) | Method and system for detecting DDos attack in software defined network | |
Ma et al. | DDoS detection for 6G Internet of Things: Spatial-temporal trust model and new architecture | |
CN109450876B (en) | DDos identification method and system based on multi-dimensional state transition matrix characteristics | |
CN113162939A (en) | Detection and defense system for DDoS (distributed denial of service) attack under SDN (software defined network) based on improved k-nearest neighbor algorithm | |
Nguyen | A scheme for building a dataset for intrusion detection systems | |
Chen et al. | A wireless multi-step attack pattern recognition method for WLAN | |
Zhao-hui et al. | Research on DDoS attack detection in software defined network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20141119 |
|
WD01 | Invention patent application deemed withdrawn after publication |