CN108632269A - Detecting method of distributed denial of service attacking based on C4.5 decision Tree algorithms - Google Patents

Detecting method of distributed denial of service attacking based on C4.5 decision Tree algorithms Download PDF

Info

Publication number
CN108632269A
CN108632269A CN201810412986.1A CN201810412986A CN108632269A CN 108632269 A CN108632269 A CN 108632269A CN 201810412986 A CN201810412986 A CN 201810412986A CN 108632269 A CN108632269 A CN 108632269A
Authority
CN
China
Prior art keywords
attribute
decision tree
information
gain
attack
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810412986.1A
Other languages
Chinese (zh)
Other versions
CN108632269B (en
Inventor
刘俊杰
王珺
王梦林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Post and Telecommunication University
Nanjing University of Posts and Telecommunications
Original Assignee
Nanjing Post and Telecommunication University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Post and Telecommunication University filed Critical Nanjing Post and Telecommunication University
Priority to CN201810412986.1A priority Critical patent/CN108632269B/en
Publication of CN108632269A publication Critical patent/CN108632269A/en
Application granted granted Critical
Publication of CN108632269B publication Critical patent/CN108632269B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses the detecting method of distributed denial of service attacking based on C4.5 decision Tree algorithms under a kind of software defined network environment, including step:The flow table information returned by OpenFlow interchangers is collected by OpenFlow agreements;The parameter that can analyze network flow changes in distribution in the flow table information with the relevant field information of ddos attack and being converted to is extracted as attribute, forms the training set of a decision tree;Classified to flow using C4.5 decision Tree algorithms, and according to the sub-category calculating classification information entropy of training set data;Successively the gain of conditional entropy, information of computation attribute, the comentropy of attribute and attribute information gain-ratio;It selects the maximum attribute of information gain-ratio to regard the root node of decision tree, the maximum attribute of information gain-ratio is then chosen in remaining attribute as node of divergence, and repeat the above steps to formation decision tree;Sort operation is carried out to new network flow using finally formed decision tree, detects whether that there are ddos attacks;The present invention more acurrate can detect ddos attack.

Description

Detecting method of distributed denial of service attacking based on C4.5 decision Tree algorithms
Technical field
It is the Denial of Service attack detection side under a kind of software definition environment the present invention relates to computer communication technology field Method more particularly to a kind of detecting method of distributed denial of service attacking based on C4.5 decision Tree algorithms.
Background technology
Currently, the network equipment quantity for being connected to internet is not only the surge of mobile device just in accelerated growth, it is emerging The development of technology is but also the quantity of the network equipment increases rapidly.Correspondingly, the continuous expansion of network size will cause more multiple Miscellaneous network brings more challenges.But existing network technology can not realize the system to become increasingly complex in this way with facility. In order to design the future network that can meet these fast-developing demands, it has been proposed that many methods, software defined network are exactly A wherein important solution.
The feature that software defined network protrudes is the decoupling of data plane and control plane in the network equipment.In traditional network In, position that router is forwarded by routing algorithm determination data packet.In software defined network, decision and forwarding capability are point It opens, decision process is provided by controller, and data forwarding transfers to switch processes.It is soft to simplify the network equipment and centralized management Part defines the most practical characteristic of network.Although software defined network is all advantageous at many aspects, there are many challenges to need We pay close attention to.Also very limited in the research of the secure context of software defined network, its loophole is derived from its two characteristics:Pass through The centralization of network intelligence in software control network and controller.These functions can lead to some trust problems and single point of management Failure.For trust problem, can be solved using mandate and authentication mechanism, and the availability by damaging controller can cause Single point of management fails, and distributed denial of service attack is exactly one of most common mode of problems.Denial of Service attack is in fact Exactly refuse system resource being used for validated user and reduces system availability.Fundamental mechanism is exactly to send great quantities of spare to target Network flow, so that it is cannot respond to real service request.If attacker uses multiple sources, it is known as distributed refusal clothes Business attack, this is more troublesome than refusal service.Software defined network framework is in a disadvantage in face of distributed denial of service attack It is exactly that interchanger is excessively passive, all data packets with unknown flow rate are sent to controller by them, due to the center of controller Management characteristic, if controller is saturated because of attack traffic, distributed denial of service attack will cause catastrophic effect.
The method for having existed the distributed denial of service attack that some inspection softwares define under network environment now, such as Say that the information by handling data packet, the calculating based on entropy judge whether to be attacked.Also by data packet flow Constantly monitoring, finds potential victim and attacker;The detection success rate of these methods is relatively low and the frequency ratio of false alarm It is higher.
Invention content
It is a primary object of the present invention to solve shortcoming and defect existing in the prior art, one kind is provided and is determined based on C4.5 The detecting method of distributed denial of service attacking of plan tree algorithm can get higher detection success rate and lower by the method False alarm rate, specific technical solution are as follows:
A kind of detecting method of distributed denial of service attacking based on C4.5 decision Tree algorithms is software defined network environment Under to a kind of detection method of distributed denial of service attack, the described method comprises the following steps:
S1:The flow table information returned by OpenFlow interchangers is collected by OpenFlow agreements;
S2:Network flow point can be analyzed with the relevant field information of ddos attack and being converted to by extracting in the flow table information The parameter of cloth variation forms the training set of a decision tree as attribute;
S3:Classified to network flow using C4.5 decision Tree algorithms, and according to the sub-category calculating class of training set data Other comentropy;
S4:Successively the gain of conditional entropy, information of computation attribute, the comentropy of attribute and attribute information gain-ratio;
S5:It selects the maximum attribute of information gain-ratio to regard the root node of decision tree, letter is then chosen in remaining attribute The maximum attribute of ratio of profit increase is ceased as node of divergence, and is repeated step S3 and S4 and formed decision tree;
S6:Sort operation is carried out to new network flow using the decision tree formed in step S5, detects whether exist Ddos attack.
Further improvement of the present invention is that the attribute includes stream packet number mean value ANPPF, convection current ratio PCF, port speedup PGS and source IP speedup SGS, the conditional entropy of the attribute are used to indicate that various classifications to occur not true under conditions of certain attribute It is the sum of fixed, pass through formula
It calculates, wherein Ax represents each attribute, presses Training set is divided into D1, the n subset of D2 ..., Dn by attribute, and n is the different situations number under attribute Ax, | Di | it is total for sample Number | D | the sample number of lower every case, Info (Di) they are the comentropies of each subset.
Further improvement of the present invention is that the stream packet number mean value ANPPF is for judging whether that illegal IP is attacked It hits;The convection current ratio PCF can be used for indicating the friendship when attacking the data packet that phase victim replys and being unable to reach Botnet Mutual state;During network receives attack significant change can occur for the port speedup PGS and source IP speedup SGS, can be used for sentencing It is disconnected to whether there is illegal attack.
Further improvement of the present invention is, the network flow includes normal discharge and attack traffic, and the institute of the two It states classification information entropy and passes through formulaIt is calculated.
Further improvement of the present invention is that the comentropy of the attribute is used to indicate the attribute with the presence or absence of division Situation passes through formulaIt is calculated;The increasing of described information Benefit passes through formula Gain (Ax)=Info (D)-Info (Ax) be calculated;Described information ratio of profit increase is to original simple use information A kind of supplement of gain passes through Formulas I GR (Ax)=Gain (Ax)/H(Ax) be calculated.
The detecting method of distributed denial of service attacking based on C4.5 decision Tree algorithms of the present invention, passes through first OpenFlow agreements obtain OpenFlow interchangers return flow table information, then extract flow table information in ddos attack phase Close and convert it into the parameter that can analyze network flow changes in distribution as attribute so that attribute formation decision tree training Collection;It is then based on the classification of C4.5 decision Tree algorithms sorter network flows, and calculates separately the classification information entropy of network flow, belong to The conditional entropy of property, the gain of flow table information, in the information of attribute and information gain-ratio is to obtain decision tree, finally by decision Tree reaches to classify to new data set and detects whether that there are ddos attacks;Compared with prior art, the present invention can be more accurate It really detects and whether there is ddos attack in network, and the accuracy rate detected is more accurate.
Description of the drawings
Fig. 1 is the flow diagram of attack detection method of the present invention;
Fig. 2 is the block schematic illustration that invention software defines network;
Fig. 3 is the flow diagram of the attack detection method through the invention.
Specific implementation mode
In order to enable those skilled in the art to better understand the solution of the present invention, below in conjunction in the embodiment of the present invention Attached drawing, technical scheme in the embodiment of the invention is clearly and completely described.Obviously, described embodiment is only A part of the embodiment of the present invention gives presently preferred embodiments of the present invention instead of all the embodiments in attached drawing.The present invention can To realize in many different forms, however it is not limited to embodiment described herein, on the contrary, provide the mesh of these embodiments Be to make the disclosure of the present invention more thorough and comprehensive.Based on the embodiments of the present invention, the common skill in this field The every other embodiment that art personnel are obtained without creative efforts belongs to the model that the present invention protects It encloses.
Refering to fig. 1, in embodiments of the present invention, a kind of distributed denial of service based on C4.5 decision Tree algorithms is provided Attack detection method is a kind of detection method to distributed denial of service attack under software defined network environment;Referring to Fig.2, The software defined network environment includes that network application, software defined network controller and data plane, network application pass through soft Part defines network-control, and it carries out data interaction, software defined network controller and network application and data plane with data plane Between connected respectively by specific interface, in addition, in data plane include several node devices;Refering to Fig. 3, the method Traffic statistics are carried out to the flow table of collection first, corresponding feature is extracted according to flow table statistics, according to feature detected according to According to, be then based on the foundation of detection to carry out new classification to follow-up new flow, and classification results to the end;Specifically , method is described in detail below:
S1:The flow table information returned by OpenFlow interchangers is collected by OpenFlow agreements;
In the present invention, by OpenFlow agreements, from software defined network controller regularly to all software definitions The network switch sends flow table and obtains message to obtain the flow table information of OpenFlow interchangers return, specifically, the setting time Between be divided into 5 seconds, with controller setting recent miss stream erasing time be consistent, in this way can more comprehensively, completely Collect flow table information.
S2:Network flow point can be analyzed with the relevant field information of ddos attack and being converted to by extracting in the flow table information The parameter of cloth variation forms the training set of a decision tree as attribute;
Generally in order to form decision tree, it is necessary first to form a training set, in the present invention, pass through OpenFlow agreements It collects after obtaining the flow table information of OpenFlow interchangers return, the present invention can extract relevant with ddos attack in flow table information Field information, and field information is converted to the parameter that can be used for analyzing network flow distribution situation and forms correlation as attribute Training set;Specifically, attribute includes stream packet number mean value ANNPF, convection current ratio PCF, port speedup PGS and source IP speedup SGS;Its In, flow packet number mean valueIn formula PacketsNumi is the number of data packet in i-th stream in intervals, and FlowNum is stream in this time interval Total number;Convection current ratio PCF=2 × Pair/FlowNum, Pair is the logarithm of interactive stream, port speedup PGS=in formula PortsNum/interval, PortsNum is the quantity of different port in intervals in formula, and interval is between the time Every;Source IP speedup SGS=sIPNum/interval, sIPNum refers to the number of source IP address in formula, calculates each attribute phase Corresponding value size, to form the training set of decision tree;Assuming that training set is D, then can be built according to training set D opposite The decision tree answered;Specifically see step S3 subsequent operations.
In embodiments of the present invention, it is because attacker is not conformed to by being continuously randomly generated usually using stream packet number mean value Method IP is attacked, so the formation speed of stream can significantly improve, and the data packet number of every stream is reduced;Use convection current Than being to show this interaction with convection current ratio because the data packet that victim replys during attack can not reach Botnet State;It is because they can occur significantly to change during attack using port speedup and source IP speedup;Pass through each middle attribute The decision tree that the training set of composition is formed can judge to whether there is in network flow by being superimposed a variety of different bases for estimation The presence of ddos attack.
S3:Classified to network flow using C4.5 decision Tree algorithms, and according to the sub-category calculating class of training set data Other comentropy;And S4:The information of the gain of conditional entropy, information of computation attribute, the comentropy of attribute and attribute increases successively Beneficial rate;
In the present invention, decision tree in order to obtain, needs the root node for finding out decision tree and node of divergence, especially by such as Under type obtains:
First, by C4.5 decision Tree algorithms by net flow assorted, in embodiment, normal discharge and attack stream can be divided into Two classes are measured, the comentropy of each traffic classes are then calculated according to training set data D, especially by formulaIt is calculated;In formula | Ci | it is normal or attack The sample number of flow, | C | it is total sample number;Then the condition of four attributes is calculated according to the classification under attribute value respectively Entropy, especially by formulaIt is calculated;Ax represents each in formula Training set is divided into D1, the n subset of D2 ..., Dn by a attribute by attribute, and n is the different situations number under attribute Ax, than Such as saying can be divided into according to the size of attribute value in high, neutralization low three, | Di | be total sample number | D | the sample of lower every case Number, Info (Di) is the comentropy of each subset;Conditional entropy can be used for indicating that various classifications occur under conditions of certain attribute It is the sum of uncertain;And the gain of information then passes through formula Gain (Ax)=Info (D)-Info (Ax) be calculated;Each attribute Comentropy passes through formulaIt is calculated, each attribute It can be used as division measure information in comentropy, can be used to consider the quantity information and size letter that certain attribute carries out Split type branch Breath, is more conducive to the promotion that ddos attack judges accuracy in this way;And the information gain-ratio of each attribute passes through formula IGR (Ax)=Gain (Ax)/H(Ax) be calculated, it is a kind of supplement to original simple use information gain;In summary, pass through In conjunction with calculate the comentropy of network flow classification, the conditional entropy of each attribute, the gain of flow table information, each attribute comentropy with And the flow table information gain-ratio of each attribute, the feature in network flow can be stated very well, to realize to being in network flow It is no to be judged and predicted there are ddos attack.
S5:It selects the maximum attribute of information gain-ratio to regard the root node of decision tree, letter is then chosen in remaining attribute The maximum attribute of ratio of profit increase is ceased as node of divergence, and is repeated step S3 and S4 and formed decision tree;
In the present invention, by the attribute for the maximum information ratio of profit increase being calculated in step S3 and S4 as the root of decision tree Node using the maximum attribute of information gain-ratio in remaining attribute as node of divergence, and is repeated several times step S3 and S4, finds out Information gain-ratio size, respectively as the root node and node of divergence of decision tree, is ultimately formed in first and deputy attribute Decision tree.
S6:Sort operation is carried out to new network flow using the decision tree formed in step S5, detects whether exist Ddos attack.
In embodiment, after decision tree is formed, then decision tree can be used to carry out sort operation to network flow, to real Now to the detection of ddos attack, the accurate detection detected to ddos attack in network flow is realized, and adopted in time after detecting Corresponding counter-measure is taken, the safe operation of network is protected.
The detecting method of distributed denial of service attacking based on C4.5 decision Tree algorithms of the present invention, passes through first OpenFlow agreements obtain OpenFlow interchangers return flow table information, then extract flow table information in ddos attack phase Close and convert it into the parameter that can analyze network flow changes in distribution as attribute so that attribute formation decision tree training Collection;It is then based on the classification of C4.5 decision Tree algorithms sorter network flows, and calculates separately the classification information entropy of network flow, belong to The conditional entropy of property, the gain of flow table information, in the information of attribute and information gain-ratio is to obtain decision tree, finally by decision Tree reaches to classify to new data set and detects whether that there are ddos attacks;Compared with prior art, the present invention can be more accurate It really detects and whether there is ddos attack in network, and the accuracy rate detected is more accurate.
The foregoing is merely a prefered embodiment of the invention, the scope of the claims of the present invention is not intended to limit, although with reference to aforementioned reality Applying example, invention is explained in detail, still can be to aforementioned each tool for those skilled in the art comes Technical solution recorded in body embodiment is modified, or carries out equivalence replacement to which part technical characteristic.Every profit The equivalent structure made of description of the invention and accompanying drawing content is directly or indirectly used in other related technical areas, Similarly within scope of patent protection of the present invention.

Claims (5)

1. based on the detecting method of distributed denial of service attacking of C4.5 decision Tree algorithms, be under software defined network environment to point A kind of detection method of cloth Denial of Service attack, which is characterized in that the described method comprises the following steps:
S1:The flow table information returned by OpenFlow interchangers is collected by OpenFlow agreements;
S2:Network flow distribution can be analyzed in the flow table information with the relevant field information of ddos attack and being converted to by, which extracting, becomes The parameter of change forms the training set of a decision tree as attribute;
S3:Classified to network flow using C4.5 decision Tree algorithms, and is believed according to the sub-category calculating classification of training set data Cease entropy;
S4:Successively the gain of conditional entropy, information of computation attribute, the comentropy of attribute and attribute information gain-ratio;
S5:The maximum attribute of information gain-ratio is selected to regard the root node of decision tree, then choosing information in remaining attribute increases The beneficial maximum attribute of rate repeats step S3 and S4 and forms decision tree as node of divergence;
S6:Sort operation is carried out to new network flow using the decision tree formed in step S5, detects whether that there are DDoS to attack It hits.
2. the detecting method of distributed denial of service attacking according to claim 1 based on C4.5 decision Tree algorithms, special Sign is that the attribute includes stream packet number mean value ANPPF, convection current ratio PCF, port speedup PGS and source IP speedup SGS, the category Property conditional entropy to be used to indicate that various classifications to occur under conditions of certain attribute the sum of uncertain, pass through formulaIt calculates, wherein Ax represents each attribute, will be instructed by attribute Practicing collection and is divided into D1, the n subset of D2 ..., Dn, n is the different situations number under attribute Ax, | Di | be total sample number | D | under The sample number of every case, Info (Di) are the comentropies of each subset.
3. the detecting method of distributed denial of service attacking according to claim 2 based on C4.5 decision Tree algorithms, special Sign is that the stream packet number mean value ANPPF is for judging whether illegal IP attack;The convection current ratio PCF can be used for Indicate the interaction mode when attacking the data packet that phase victim replys and being unable to reach Botnet;The port speedup PGS and During network receives attack significant change can occur for source IP speedup SGS, can be used for judging whether illegal attack.
4. the detecting method of distributed denial of service attacking according to claim 1 based on C4.5 decision Tree algorithms, special Sign is that the network flow includes normal discharge and attack traffic, and the classification information entropy of the two passes through formulaIt is calculated.
5. the detecting method of distributed denial of service attacking according to claim 1 based on C4.5 decision Tree algorithms, special Sign is that the comentropy of the attribute passes through formula for indicating the case where attribute is with the presence or absence of divisionIt is calculated;The gain of described information passes through formula Gain(Ax)=Info (D)-Info (Ax) be calculated;Described information ratio of profit increase is one to original simple use information gain Kind supplement, passes through Formulas I GR (Ax)=Gain (Ax)/H(Ax) be calculated.
CN201810412986.1A 2018-05-02 2018-05-02 Distributed denial of service attack detection method based on C4.5 decision tree algorithm Active CN108632269B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810412986.1A CN108632269B (en) 2018-05-02 2018-05-02 Distributed denial of service attack detection method based on C4.5 decision tree algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810412986.1A CN108632269B (en) 2018-05-02 2018-05-02 Distributed denial of service attack detection method based on C4.5 decision tree algorithm

Publications (2)

Publication Number Publication Date
CN108632269A true CN108632269A (en) 2018-10-09
CN108632269B CN108632269B (en) 2020-06-02

Family

ID=63695244

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810412986.1A Active CN108632269B (en) 2018-05-02 2018-05-02 Distributed denial of service attack detection method based on C4.5 decision tree algorithm

Country Status (1)

Country Link
CN (1) CN108632269B (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109831428A (en) * 2019-01-29 2019-05-31 内蒙古大学 SDN network attack detecting and the method and apparatus of defence
CN110796331A (en) * 2019-09-11 2020-02-14 国网浙江省电力有限公司杭州供电公司 Power business collaborative classification method and system based on C4.5 decision tree algorithm
CN111800419A (en) * 2020-07-06 2020-10-20 东北大学 DDoS attack detection system and method in SDN environment
CN112861093A (en) * 2021-04-25 2021-05-28 上海派拉软件股份有限公司 Verification method, device and equipment for access data and storage medium
CN112966741A (en) * 2021-03-05 2021-06-15 北京理工大学 Federal learning image classification method capable of defending Byzantine attack
CN113741402A (en) * 2021-09-23 2021-12-03 广东电网有限责任公司 Equipment control method and device, computer equipment and storage medium
CN113807701A (en) * 2021-09-18 2021-12-17 国网福建省电力有限公司 Power supply service quality analysis method based on information entropy decision tree algorithm
CN114513470A (en) * 2020-10-23 2022-05-17 中国移动通信集团河北有限公司 Network flow control method, device, equipment and computer readable storage medium
CN114757398A (en) * 2022-03-25 2022-07-15 西南科技大学 Minimum usage deployment method and system for iron tower inclination sensor nodes
CN114880318A (en) * 2022-06-09 2022-08-09 杭州比智科技有限公司 Method and system for realizing automatic data management based on data standard
CN117527369A (en) * 2023-11-13 2024-02-06 无锡商业职业技术学院 Hash function-based android malicious attack monitoring method and system

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102035698A (en) * 2011-01-06 2011-04-27 西北工业大学 HTTP tunnel detection method based on decision tree classification algorithm
CN102054002A (en) * 2009-10-28 2011-05-11 中国移动通信集团公司 Method and device for generating decision tree in data mining system
CN102227121A (en) * 2011-06-21 2011-10-26 中国科学院软件研究所 Distributed buffer memory strategy adaptive switching method based on machine learning and system thereof
CN102271090A (en) * 2011-09-06 2011-12-07 电子科技大学 Transport-layer-characteristic-based traffic classification method and device
CN104158800A (en) * 2014-07-21 2014-11-19 南京邮电大学 Detection method of DDoS (Distributed Denial of Service) attack for software defined network (SDN)
CN105208037A (en) * 2015-10-10 2015-12-30 中国人民解放军信息工程大学 DoS/DDoS attack detecting and filtering method based on light-weight intrusion detection
CN108289104A (en) * 2018-02-05 2018-07-17 重庆邮电大学 A kind of industry SDN network ddos attack detection with alleviate method

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102054002A (en) * 2009-10-28 2011-05-11 中国移动通信集团公司 Method and device for generating decision tree in data mining system
CN102035698A (en) * 2011-01-06 2011-04-27 西北工业大学 HTTP tunnel detection method based on decision tree classification algorithm
CN102227121A (en) * 2011-06-21 2011-10-26 中国科学院软件研究所 Distributed buffer memory strategy adaptive switching method based on machine learning and system thereof
CN102271090A (en) * 2011-09-06 2011-12-07 电子科技大学 Transport-layer-characteristic-based traffic classification method and device
CN104158800A (en) * 2014-07-21 2014-11-19 南京邮电大学 Detection method of DDoS (Distributed Denial of Service) attack for software defined network (SDN)
CN105208037A (en) * 2015-10-10 2015-12-30 中国人民解放军信息工程大学 DoS/DDoS attack detecting and filtering method based on light-weight intrusion detection
CN108289104A (en) * 2018-02-05 2018-07-17 重庆邮电大学 A kind of industry SDN network ddos attack detection with alleviate method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
徐鹏等: "基于C4.5决策树的流量分类方法", 《软件学报》 *

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109831428B (en) * 2019-01-29 2021-04-20 内蒙古大学 SDN network attack detection and defense method and device
CN109831428A (en) * 2019-01-29 2019-05-31 内蒙古大学 SDN network attack detecting and the method and apparatus of defence
CN110796331A (en) * 2019-09-11 2020-02-14 国网浙江省电力有限公司杭州供电公司 Power business collaborative classification method and system based on C4.5 decision tree algorithm
CN111800419A (en) * 2020-07-06 2020-10-20 东北大学 DDoS attack detection system and method in SDN environment
CN111800419B (en) * 2020-07-06 2021-06-15 东北大学 DDoS attack detection system and method in SDN environment
CN114513470A (en) * 2020-10-23 2022-05-17 中国移动通信集团河北有限公司 Network flow control method, device, equipment and computer readable storage medium
CN114513470B (en) * 2020-10-23 2023-08-15 中国移动通信集团河北有限公司 Network flow control method, device, equipment and computer readable storage medium
CN112966741A (en) * 2021-03-05 2021-06-15 北京理工大学 Federal learning image classification method capable of defending Byzantine attack
CN112966741B (en) * 2021-03-05 2022-08-02 北京理工大学 Federal learning image classification method capable of defending Byzantine attack
CN112861093A (en) * 2021-04-25 2021-05-28 上海派拉软件股份有限公司 Verification method, device and equipment for access data and storage medium
CN112861093B (en) * 2021-04-25 2021-09-10 上海派拉软件股份有限公司 Verification method, device and equipment for access data and storage medium
CN113807701A (en) * 2021-09-18 2021-12-17 国网福建省电力有限公司 Power supply service quality analysis method based on information entropy decision tree algorithm
CN113741402A (en) * 2021-09-23 2021-12-03 广东电网有限责任公司 Equipment control method and device, computer equipment and storage medium
CN114757398A (en) * 2022-03-25 2022-07-15 西南科技大学 Minimum usage deployment method and system for iron tower inclination sensor nodes
CN114880318A (en) * 2022-06-09 2022-08-09 杭州比智科技有限公司 Method and system for realizing automatic data management based on data standard
CN117527369A (en) * 2023-11-13 2024-02-06 无锡商业职业技术学院 Hash function-based android malicious attack monitoring method and system
CN117527369B (en) * 2023-11-13 2024-06-04 无锡商业职业技术学院 Hash function-based android malicious attack monitoring method and system

Also Published As

Publication number Publication date
CN108632269B (en) 2020-06-02

Similar Documents

Publication Publication Date Title
CN108632269A (en) Detecting method of distributed denial of service attacking based on C4.5 decision Tree algorithms
CN107231384B (en) DDoS attack detection and defense method and system for 5g network slices
Xu et al. Efficient DDoS detection based on K-FKNN in software defined networks
CN106899435B (en) A kind of complex attack recognition methods towards wireless invasive detection system
CN105553998B (en) A kind of network attack method for detecting abnormality
Da Silva et al. Identification and selection of flow features for accurate traffic classification in SDN
US20020161763A1 (en) Method for classifying data using clustering and classification algorithm supervised
CN105871832A (en) Network application encrypted traffic recognition method and device based on protocol attributes
Jalili et al. Detection of distributed denial of service attacks using statistical pre-processor and unsupervised neural networks
CN111817982A (en) Encrypted flow identification method for category imbalance
CN109218321A (en) A kind of network inbreak detection method and system
CN106686264A (en) Method and system for fraud call screening and analyzing
KR20210115991A (en) Method and apparatus for detecting network anomaly using analyzing time-series data
CN108833376A (en) Software-oriented defines the DoS attack detection method of network
CN109194608B (en) DDoS attack and flash congestion event detection method based on flow
CN113037567B (en) Simulation method of network attack behavior simulation system for power grid enterprise
CN110430224A (en) A kind of communication network anomaly detection method based on random block models
CN111294342A (en) Method and system for detecting DDos attack in software defined network
Ma et al. DDoS detection for 6G Internet of Things: Spatial-temporal trust model and new architecture
Zhao Network intrusion detection system model based on data mining
CN110213280A (en) Ddos attack detection method based on LDMDBF under a kind of SDN environment
Xu et al. [Retracted] DDoS Detection Using a Cloud‐Edge Collaboration Method Based on Entropy‐Measuring SOM and KD‐Tree in SDN
CN115842667A (en) Internet of things DDoS detection system based on hybrid strategy
Perona et al. Service-independent payload analysis to improve intrusion detection in network traffic
CN118138310A (en) Encryption flow identification system based on machine learning

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant