河北大学学报(自然科学版) ›› 2021, Vol. 41 ›› Issue (6): 728-733.DOI: 10.3969/j.issn.1000-1565.2021.06.013

• • 上一篇    下一篇

软件定义网络中基于贝叶斯ARTMAP的DDoS攻击检测模型

刘振鹏1,张庆文1,李泽园1,刘嘉航1,董姝慧1,赵永刚2   

  • 发布日期:2021-12-08
  • 通讯作者: 赵永刚(1975—)
  • 作者简介:刘振鹏(1966—),男,河北保定人,河北大学教授,博士,博士生导师,主要从事网络信息安全与隐私保护等方向研究.E-mail:lzp@hbu.edu.cn
  • 基金资助:
    河北省自然科学基金资助项目(F2019201427);教育部“云数融合科教创新”基金资助项目(2017A20004)

DDoS attack detection model based on Bayesian ARTMAP in software-defined networks

LIU Zhenpeng1, ZHANG Qingwen1, LI Zeyuan1, LIU Jiahang1, DONG Shuhui1, ZHAO Yonggang2   

  1. 1.School of Electronic Information Engineering, Hebei University, Baoding 071002, China; 2.School of Management Engineering and Business, Hebei University of Engineering, Handan 056038, China
  • Published:2021-12-08

摘要: 为解决SDN(software defined network,软件定义网络)架构下DDoS(distributed denial of service,分布式拒绝服务)攻击检测问题,提出基于贝叶斯ARTMAP的DDoS攻击检测模型. 流量统计模块主要收集捕获到的流表信息,特征提取模块提取流表中的关键信息并获取关键特征,分类检测模块通过贝叶斯ARTMAP提取分类规则,并通过粒子群算法对参数进行优化,对新的数据集进行分类检测.仿真实验证明了模型所提取的5元特征的有效性,并且该模型与3种传统的DDoS攻击检测模型相比检测成功率提高了0.96%~3.71%,误警率降低了0.67%~2.92%.

关键词: 软件定义网络, DDoS攻击, 贝叶斯ARTMAP, 特征提取, 检测模型

Abstract: In order to solve the problem of distributed denial of service(DDoS)attack detection under software defined network(SDN)architecture, a DDoS attack detection model based on Bayesian ARTMAP is proposed: the traffic statistics module mainly collects the captured flow table information, and then sends it to the feature extraction module. The feature extraction module extracts the key information in the flow table and provides the key features according to the set method, and these features are finally sent to the classification detection module. Classification detection module extracts classification rules by Bayesian ARTMAP, and optimizes parameters by particle swarm optimization to classify new data sets. Experiments show that the 5 yuan features extracted by the model are effective, and the detection success rate of the model is increased by 0.96%-3.71%, and the false alarm rate is reduced by 0.67%-2.92% compared with the three DDoS attack detection models based on C4.5 decision tree, feature pattern graph model and K-means algorithm model.

Key words: software-defined network, DDoS attack, Bayesian ARTMAP, feature extraction, detection model

中图分类号: