CN113904842A - Method for detecting DDoS attack in IPv6 network based on condition generation countermeasure network under SDN - Google Patents

Method for detecting DDoS attack in IPv6 network based on condition generation countermeasure network under SDN Download PDF

Info

Publication number
CN113904842A
CN113904842A CN202111167988.7A CN202111167988A CN113904842A CN 113904842 A CN113904842 A CN 113904842A CN 202111167988 A CN202111167988 A CN 202111167988A CN 113904842 A CN113904842 A CN 113904842A
Authority
CN
China
Prior art keywords
data
generator
network
flow
discriminator
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111167988.7A
Other languages
Chinese (zh)
Inventor
王小雨
刘川
梁仲华
李建伟
罗丹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Global Energy Interconnection Research Institute
China Academy of Information and Communications Technology CAICT
State Grid Beijing Electric Power Co Ltd
State Grid Shanghai Electric Power Co Ltd
Original Assignee
Global Energy Interconnection Research Institute
China Academy of Information and Communications Technology CAICT
State Grid Beijing Electric Power Co Ltd
State Grid Shanghai Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Global Energy Interconnection Research Institute, China Academy of Information and Communications Technology CAICT, State Grid Beijing Electric Power Co Ltd, State Grid Shanghai Electric Power Co Ltd filed Critical Global Energy Interconnection Research Institute
Priority to CN202111167988.7A priority Critical patent/CN113904842A/en
Publication of CN113904842A publication Critical patent/CN113904842A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/044Recurrent networks, e.g. Hopfield networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/048Activation functions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Evolutionary Computation (AREA)
  • Artificial Intelligence (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Signal Processing (AREA)
  • Biophysics (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • Molecular Biology (AREA)
  • General Health & Medical Sciences (AREA)
  • Computational Linguistics (AREA)
  • Biomedical Technology (AREA)
  • Health & Medical Sciences (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Evolutionary Biology (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a DDoS attack detection method in an IPv6 network for generating an antagonistic network based on conditions under an SDN, which comprises the steps of firstly obtaining flow data characteristics such as flow average packet number, flow packet average bit, port acceleration, flow growth rate, source IP acceleration, flow type and the like when the IPv6 network is normal and under attack, generating an antagonistic network model according to the provided conditions to train the obtained data characteristics to obtain a neural network model for detecting whether the IPv6 network is attacked by DDoS, and detecting network flow data to be detected according to the obtained neural network model to judge whether the IPv6 network is attacked by DDoS. The invention has the beneficial effects that: the method for detecting the DDoS attack in the IPv6 network based on the condition generation countermeasure network has the advantages of high accuracy, low system overhead and wide applicable environment when the network attack detection is carried out.

Description

Method for detecting DDoS attack in IPv6 network based on condition generation countermeasure network under SDN
Technical Field
The invention relates to the technical field of intrusion detection, in particular to a DDoS attack detection method in an IPv6 network based on condition generation counternetwork under SDN.
Background
For DDoS attack detection in an SDN network, a series of studies and achievements exist at present. For example, a DDoS attack detection method based on KNN selects and constructs a flow characteristic set matrix, performs normal sample training and abnormal sample training, and distinguishes abnormal flow from normal flow through a classification algorithm KNN. The method has good detection rate and low false alarm rate, but the method increases the load of the SDN controller and occupies a certain bandwidth. And a DDoS attack detection method based on a deep learning mixed model. The input features of the detection model are flow table features and self-defined features, and then the flow is classified through a trained deep learning model. In addition, six-tuple extracted from flow table items is used as a feature vector to be combined with an SVM to detect DDoS attack, the algorithm has a certain detection effect, but the simulated normal flow in the experiment is not comprehensive enough and has some contingencies.
Disclosure of Invention
In order to solve the problems, the invention provides a DDoS attack detection method in an IPv6 network for generating a countermeasure network based on conditions under an SDN.
The technical scheme of the invention is as follows: a DDoS attack detection method in an IPv6 network for generating a countermeasure network based on conditions under an SDN is characterized in that: the method comprises the following steps:
the method comprises the following steps: acquiring flow data of the IPv6 network in normal and attacked states by a NetFlow-based mode:
step two: carrying out data processing on the acquired data; preserving the characteristics of flow average packet number, flow packet average bit, port acceleration rate, flow growth rate, source IP acceleration rate and flow type data;
step three: providing a DDoS network attack detection algorithm in an IPv6 network for generating a countermeasure network based on conditions;
step four: generating a model parameter of the countermeasure network according to the proposed algorithm construction condition, and generating a training model;
step five: training the flow data obtained in the second step according to the proposed training model to obtain the trained neural network parameters of the generator;
step six: inputting IPv6 network traffic data to be detected and the processed data traffic in the second step into the generator in the fifth step, and judging whether the IPv6 network is attacked by DDoS.
The characteristics of the flow average packet number, the flow packet average bit, the port acceleration rate, the flow growth rate, the target IP acceleration rate and the flow type data are calculated according to the following formulas:
Figure BDA0003288545180000021
wherein SiRepresenting the number of stream packets;
Figure BDA0003288545180000022
wherein pkt _ byte represents the number of bits per packet;
port speed-up ═ Δ ports/T
Where Δ ports represents the number of ports that grow at a fixed time T;
flow growth rate ═ Δ SFlows/T
Where Δ SFlows represents the number of flow tables that grow over a fixed time T;
destination IP speed-up ═ Δ IP/T
Where Δ IP represents the number of IP increases over a fixed time T.
Figure BDA0003288545180000023
The DDoS network attack detection algorithm in the IPv6 network based on the condition generation counternetwork comprises the following steps:
1) sending the data into a generator, and then calculating through a neural network to obtain a classification result;
2) integrating the classification results and then sending the integrated classification results into a discriminator, and simultaneously judging whether the classification results generated by the generator are real sample classification results;
3) initializing weights in each layer of structure of the neural network, and taking a classification result as a vector input model;
4) searching an optimal parameter combination of each parameter in the neural network, calculating an error between an expected output value and an actual output value of the hidden layer and the output layer, adjusting the weight between neurons step by step until the error meets the precision requirement, and stopping learning;
5) and storing the trained neural network parameters.
The generator is used as a classification model, can give out probability values (fake _ labels) of normal network flow or abnormal DDoS attack flow, combines the result given by the generator with real data and then sends the result and the real data into a discriminator together, and then combines the real data with the real probability result and sends the result and the real data into the discriminator;
fake_labels=generator(data)
the real _ locations and the fake _ locations are results given by the discriminator, in order to train the discriminator to give a high score after the real data is combined with the probability, and in order to give a low score for the combination of the probability value generated by the generator and the real data, a reference standard needs to be given, for the discriminator, the combination of the data and the real classification label is enabled to be similar to 1 as much as possible, and the combination of the data and the label generated by the generator is enabled to be similar to 0 as much as possible;
real_logits=discriminator(data,real_labels)
fake_logits=discriminator(data,fake_labels)
d _ loss _ r is the loss of the discriminator for the data and the real label combination which is close to 1, d _ loss _ f is the loss of the discriminator for the data and the label combination generated by the generator which is close to 0; the sum of the two parts is the total loss d _ loss of the discriminator; when the loss of the discriminator is optimized, the weight of the generator is fixed;
Figure BDA0003288545180000031
Figure BDA0003288545180000032
d_loss_f=d_loss_r+d_loss_f
for the generator loss g _ loss, the fitting result of the generated classification label and the data is approximate to 1; the arbiter weight is fixed when optimizing for generator losses.
Figure BDA0003288545180000033
The neural network parameters of the trained generator are basically consistent with the structure, and the trained generator comprises an input layer, a hidden layer and an output layer;
the number of neurons in each layer of the hidden layer is 128, and the hidden layer is provided with an activation function ReLU; a dropout layer is added to each hidden layer, and the probability of dropout is set to be 50%, namely 50% of each neuron is likely not to participate in the optimization of the neuron in the training process; the dropout layer is only used in the training process, and the dropout layer needs to be closed when the IPv6 network is detected; and finally accessing the hidden layer to a sigmoid layer to output a probability value, wherein a sigmoid function expression is as follows:
F(x)=1/(1+e-x)
meanwhile, the threshold is set to 0.5, that is, the threshold is judged to be 1 when the probability is greater than 0.5, and the threshold is judged to be 0 when the probability is less than 0.5.
The IPv6 network data traffic needing to be detected in the step six is detected through the following steps:
1) loading the neural network parameters of the trained generator;
2) closing the dropout layer;
3) processing input data according to a characteristic processing mode and then sending the processed input data into a generator;
4) and the generator outputs a result to finish detection.
Compared with the prior art, the invention has the beneficial effects that: the method for detecting the DDoS attack in the IPv6 network based on the condition generation countermeasure network has the advantages of high accuracy, low system overhead, wide applicable environment and the like when the network attack detection is carried out.
Drawings
Fig. 1 is a flowchart of a DDoS attack detection method in an IPv6 network for generating a countermeasure network based on conditions under an SDN.
Fig. 2 is a flow chart of a DDoS network attack detection algorithm in an IPv6 network for generating a countermeasure network based on conditions in an SDN of the DDoS attack detection method in an IPv6 network for generating a countermeasure network based on conditions in the present invention.
The specific implementation mode is as follows:
example 1:
as shown in the figure: a DDoS attack detection method in an IPv6 network for generating a countermeasure network based on conditions under an SDN comprises the following steps:
in the scheme of the embodiment, distributed attack is performed on the SDN network controller by simulating large-flow flooding DDoS attack, and attack is initiated to the target site by forging different IP addresses. And simultaneously launching attacks to the SDN controller by simulating different hosts.
For the given embodiment, the DDoS attack detection method in the IPv6 network under the SDN includes the following steps:
the method comprises the following steps: acquiring flow data of the IPv6 network in normal and attacked states based on a NetFlow mode;
step two: carrying out data processing on the acquired data; preserving the characteristics of flow average packet number, flow packet average bit, port acceleration rate, flow growth rate, source IP acceleration rate and flow type data;
step three: providing a DDoS network attack detection algorithm in an IPv6 network for generating a countermeasure network based on conditions;
step four: generating a model parameter of the countermeasure network according to the proposed algorithm construction condition, and generating a training model;
step five: training the flow data obtained in the second step according to the proposed training model to obtain the trained neural network parameters of the generator;
step six: inputting IPv6 network traffic data to be detected and the processed data traffic in the second step into the generator in the fifth step, and judging whether the IPv6 network is attacked by DDoS.
The characteristics of the flow average packet number, the flow packet average bit, the port acceleration rate, the flow growth rate, the target IP acceleration rate and the flow type data are calculated according to the following formulas:
Figure BDA0003288545180000051
wherein SiRepresenting the number of stream packets;
Figure BDA0003288545180000052
wherein pkt _ byte represents the number of bits per packet;
port speed-up ═ Δ ports/T
Where Δ ports represents the number of ports that grow at a fixed time T;
flow growth rate ═ Δ SFlows/T
Where Δ SFlows represents the number of flow tables that grow over a fixed time T;
destination IP speed-up ═ Δ IP/T
Where Δ IP represents the number of IP increases over a fixed time T.
Figure BDA0003288545180000061
The specific format is as follows:
0.683333333333 202.3 5.5 6.4 1.5 0
1.03076923077 302.461538462 5.6 6.0 1.5 0
the DDoS network attack detection algorithm in the IPv6 network based on the condition generation counternetwork comprises the following steps:
1) sending the data into a generator, and then calculating through a neural network to obtain a classification result;
2) integrating the classification results and then sending the integrated classification results into a discriminator, and simultaneously judging whether the classification results generated by the generator are real sample classification results;
3) initializing weights in each layer of structure of the neural network, and taking a classification result as a vector input model;
4) searching an optimal parameter combination of each parameter in the neural network, calculating an error between an expected output value and an actual output value of the hidden layer and the output layer, adjusting the weight between neurons step by step until the error meets the precision requirement, and stopping learning;
5) and storing the trained neural network parameters.
The generator is used as a classification model, can give out probability values (fake _ labels) of normal network flow or abnormal DDoS attack flow, combines the result given by the generator with real data and then sends the result and the real data into a discriminator together, and then combines the real data with the real probability result and sends the result and the real data into the discriminator;
fake_labels=generator(data)
the real _ locations and the fake _ locations are results given by the discriminator, in order to train the discriminator to give a high score after the real data is combined with the probability, and in order to give a low score for the combination of the probability value generated by the generator and the real data, a reference standard needs to be given, for the discriminator, the combination of the data and the real classification label is enabled to be similar to 1 as much as possible, and the combination of the data and the label generated by the generator is enabled to be similar to 0 as much as possible;
real_logits=discriminator(data,real_labels)
fake_logits=discriminator(data,fake_labels)
d _ loss _ r is the loss of the discriminator for the data and the real label combination which is close to 1, d _ loss _ f is the loss of the discriminator for the data and the label combination generated by the generator which is close to 0; the sum of the two parts is the total loss d _ loss of the discriminator; when the loss of the discriminator is optimized, the weight of the generator is fixed;
Figure BDA0003288545180000071
Figure BDA0003288545180000072
d_loss_f=d_loss_r+d_loss_f
for the generator loss g _ loss, the fitting result of the generated classification label and the data is approximate to 1; the arbiter weight is fixed when optimizing for generator losses.
Figure BDA0003288545180000073
The neural network parameters of the trained generator are basically consistent with the structure, and the trained generator comprises an input layer, a hidden layer and an output layer;
the number of neurons in each layer of the hidden layer is 128, and the hidden layer is provided with an activation function ReLU; a dropout layer is added to each hidden layer, and the probability of dropout is set to be 50%, namely 50% of each neuron is likely not to participate in the optimization of the neuron in the training process; the dropout layer is only used in the training process, and the dropout layer needs to be closed when the IPv6 network is detected; and finally accessing the hidden layer to a sigmoid layer to output a probability value, wherein a sigmoid function expression is as follows:
F(x)=1/(1+e-x)
meanwhile, the threshold is set to 0.5, that is, the threshold is judged to be 1 when the probability is greater than 0.5, and the threshold is judged to be 0 when the probability is less than 0.5.
The IPv6 network data traffic needing to be detected in the step six is detected through the following steps:
1) loading the neural network parameters of the trained generator;
2) closing the dropout layer;
3) processing input data according to a characteristic processing mode and then sending the processed input data into a generator;
4) and the generator outputs a result to finish detection.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.

Claims (6)

1. A DDoS attack detection method in an IPv6 network for generating a countermeasure network based on conditions under an SDN is characterized in that: the method comprises the following steps:
the method comprises the following steps: acquiring flow data of the IPv6 network in normal and attacked states based on a NetFlow mode;
step two: carrying out data processing on the acquired data; preserving the characteristics of flow average packet number, flow packet average bit, port acceleration rate, flow growth rate, source IP acceleration rate and flow type data;
step three: providing a DDoS network attack detection algorithm in an IPv6 network for generating a countermeasure network based on conditions;
step four: generating a model parameter of the countermeasure network according to the proposed algorithm construction condition, and generating a training model;
step five: training the flow data obtained in the second step according to the proposed training model to obtain the trained neural network parameters of the generator;
step six: inputting IPv6 network traffic data to be detected and the processed data traffic in the second step into the generator in the fifth step, and judging whether the IPv6 network is attacked by DDoS.
2. The method of claim 1, wherein the DDoS attack detection method in an IPv6 network for generating a countermeasure network based on conditions under an SDN is characterized in that: the method is characterized in that: the characteristics of the flow average packet number, the flow packet average bit, the port acceleration rate, the flow growth rate, the target IP acceleration rate and the flow type data are calculated according to the following formulas:
Figure FDA0003288545170000011
wherein SiRepresenting the number of stream packets;
Figure FDA0003288545170000012
wherein pkt _ byte represents the number of bits per packet;
port speed-up ═ Δ ports/T
Where Δ ports represents the number of ports that grow at a fixed time T;
flow growth rate ═ Δ SFlows/T
Where Δ SFlows represents the number of flow tables that grow over a fixed time T;
destination IP speed-up ═ Δ IP/T
Where Δ IP represents the number of IP increases over a fixed time T.
Figure FDA0003288545170000021
3. The method of claim 1 for detecting DDoS attacks in an IPv6 network under SDN, wherein: the DDoS network attack detection algorithm in the IPv6 network based on the condition generation counternetwork comprises the following steps:
1) sending the data into a generator, and then calculating through a neural network to obtain a classification result;
2) integrating the classification results and then sending the integrated classification results into a discriminator, and simultaneously judging whether the classification results generated by the generator are real sample classification results;
3) initializing weights in each layer of structure of the neural network, and taking a classification result as a vector input model;
4) searching an optimal parameter combination of each parameter in the neural network, calculating an error between an expected output value and an actual output value of the hidden layer and the output layer, adjusting the weight between neurons step by step until the error meets the precision requirement, and stopping learning;
5) and storing the trained neural network parameters.
4. The method of claim 3, wherein the DDoS attack detection method in the IPv6 network for generating the countermeasure network based on the condition under the SDN is characterized in that:
the generator is used as a classification model, can give out probability values (fake _ labels) of normal network flow or abnormal DDoS attack flow, combines the result given by the generator with real data and then sends the result and the real data into a discriminator together, and then combines the real data with the real probability result and sends the result and the real data into the discriminator;
fake_labels=generator(data)
the real _ locations and the fake _ locations are results given by the discriminator, in order to train the discriminator to give a high score after the real data is combined with the probability, and in order to give a low score for the combination of the probability value generated by the generator and the real data, a reference standard needs to be given, for the discriminator, the combination of the data and the real classification label is enabled to be similar to 1 as much as possible, and the combination of the data and the label generated by the generator is enabled to be similar to 0 as much as possible;
real_logits=discriminator(data,real_labels)
fake_logits=discriminator(data,fake_labels)
d _ loss _ r is the loss of the discriminator for the data and the real label combination which is close to 1, d _ loss _ f is the loss of the discriminator for the data and the label combination generated by the generator which is close to 0; the sum of the two parts is the total loss d _ loss of the discriminator; when the loss of the discriminator is optimized, the weight of the generator is fixed;
Figure FDA0003288545170000031
Figure FDA0003288545170000032
d_loSS_f=d_loss_r+d_loSS_f
for the generator loss g _ loss, the fitting result of the generated classification label and the data is approximate to 1; the arbiter weight is fixed when optimizing for generator losses.
Figure FDA0003288545170000033
5. The method of claim 1 or 3, wherein the method for detecting DDoS attacks in IPv6 networks for generating countermeasure networks based on conditions under SDN is characterized in that:
the neural network parameters of the trained generator are basically consistent with the structure, and the trained generator comprises an input layer, a hidden layer and an output layer;
the number of neurons in each layer of the hidden layer is 128, and the hidden layer is provided with an activation function ReLU; a dropout layer is added to each hidden layer, and the probability of dropout is set to be 50%, namely 50% of each neuron is likely not to participate in the optimization of the neuron in the training process; the dropout layer is only used in the training process, and the dropout layer needs to be closed when the IPv6 network is detected; and finally accessing the hidden layer to a sigmoid layer to output a probability value, wherein a sigmoid function expression is as follows:
F(x)=1/(1+e-x)
meanwhile, the threshold is set to 0.5, that is, the threshold is judged to be 1 when the probability is greater than 0.5, and the threshold is judged to be 0 when the probability is less than 0.5.
6. The method of claim 1, wherein the DDoS attack detection method in an IPv6 network for generating a countermeasure network based on conditions under an SDN is characterized in that:
the IPv6 network data traffic needing to be detected in the step six is detected through the following steps:
1) loading the neural network parameters of the trained generator;
2) closing the dropout layer;
3) processing input data according to a characteristic processing mode and then sending the processed input data into a generator;
4) and the generator outputs a result to finish detection.
CN202111167988.7A 2021-09-30 2021-09-30 Method for detecting DDoS attack in IPv6 network based on condition generation countermeasure network under SDN Pending CN113904842A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111167988.7A CN113904842A (en) 2021-09-30 2021-09-30 Method for detecting DDoS attack in IPv6 network based on condition generation countermeasure network under SDN

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111167988.7A CN113904842A (en) 2021-09-30 2021-09-30 Method for detecting DDoS attack in IPv6 network based on condition generation countermeasure network under SDN

Publications (1)

Publication Number Publication Date
CN113904842A true CN113904842A (en) 2022-01-07

Family

ID=79190402

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111167988.7A Pending CN113904842A (en) 2021-09-30 2021-09-30 Method for detecting DDoS attack in IPv6 network based on condition generation countermeasure network under SDN

Country Status (1)

Country Link
CN (1) CN113904842A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115037689A (en) * 2022-06-06 2022-09-09 西安明赋云计算有限公司 Method and system for intelligently scheduling network traffic

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115037689A (en) * 2022-06-06 2022-09-09 西安明赋云计算有限公司 Method and system for intelligently scheduling network traffic

Similar Documents

Publication Publication Date Title
CN109120630B (en) SDN network DDoS attack detection method based on BP neural network optimization
CN110225030B (en) Malicious domain name detection method and system based on RCNN-SPP network
CN112333194B (en) GRU-CNN-based comprehensive energy network security attack detection method
CN113378168B (en) Method for realizing DDoS attack detection in SDN environment based on Renyi entropy and BiGRU algorithm
CN111817982A (en) Encrypted flow identification method for category imbalance
CN112100614A (en) CNN _ LSTM-based network flow anomaly detection method
CN113364787B (en) Botnet flow detection method based on parallel neural network
CN111343171B (en) Intrusion detection method based on mixed feature selection of support vector machine
Chen et al. DDoS attack detection based on random forest
CN112995202A (en) SDN-based DDoS attack detection method
CN108900556A (en) Ddos attack detection method based on HMM and chaotic model
CN105871861B (en) A kind of intrusion detection method of self study protocol rule
CN113904842A (en) Method for detecting DDoS attack in IPv6 network based on condition generation countermeasure network under SDN
CN113923041A (en) DDoS attack flow identification and detection method under SDN network
CN116684877A (en) GYAC-LSTM-based 5G network traffic anomaly detection method and system
KR20190028880A (en) Method and appratus for generating machine learning data for botnet detection system
CN114189350B (en) LightGBM-based train communication network intrusion detection method
CN113037778B (en) Attack detection method for continuous variable quantum key distribution system
CN115664804B (en) LDoS attack detection method based on radial basis function neural network
CN115643108B (en) Safety assessment method, system and product for industrial Internet edge computing platform
Tian et al. Network intrusion detection method based on high speed and precise genetic algorithm neural network
CN114444075B (en) Method for generating evasion flow data
Atli et al. Network intrusion detection using flow statistics
Meamarian et al. A Robust, Lightweight Deep Learning Approach for Detection and Mitigation of DDoS Attacks in SDN
Yin et al. Botnet detection based on genetic neural network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination