云环境下SDN网络低速率DDoS攻击的研究
|
摘要
针对云环境SDN网络中存在的对低速率DDoS攻击检测精度较低,缺乏统一框架对数据平面、控制平面低速率DDoS攻击进行检测及防御等问题,提出了一种针对低速率DDoS的统一检测框架。首先,分析验证了数据平面低速率DDoS攻击的有效性,在此基础上结合低速率DDoS攻击在通信、频率等方面的特性,提取了均值、最大值、偏差度、平均离差、存活时间这5个方面的十维特征,实现了基于贝叶斯网络的低速率DDoS攻击检测。然后,通过控制器下发相关策略来阻断攻击流。实验表明在OpenStack云环境下对低速率DDoS攻击检测率达到99.3%,CPU占用率为9.04%,证明了所提方案能够有效地完成低速率DDoS攻击的检测及防御。
Aiming at the problems of low-rate DDoS attack detection accuracy in cloud SDN network and the lack of unified framework for data plane and control plane low-rate DDoS attack detection and defense, a unified framework for low-rate DDoS attack detection was proposed. First of all, the validity of the data plane DDoS attacks in low rate was analyzed, on the basis of combining with low-rate of DDoS attacks in the aspect of communications, frequency characteristics, extract the mean value, maximum value, deviation degree and average deviation, survival time of ten dimensions characteristics of five aspects, to achieve the low-rate of DDoS attack detection based on bayesian networks, issued by the controller after the relevant strategies to block the attack flow. Finally, in OpenStack cloud environment, the detection rate of low-rate DDoS attack reaches 99.3% and the CPU occupation rate is 9.04%. It can effectively detect and defend low-rate DDoS attacks.
Aiming at the problems of low-rate DDoS attack detection accuracy in cloud SDN network and the lack of unified framework for data plane and control plane low-rate DDoS attack detection and defense, a unified framework for low-rate DDoS attack detection was proposed. First of all, the validity of the data plane DDoS attacks in low rate was analyzed, on the basis of combining with low-rate of DDoS attacks in the aspect of communications, frequency characteristics, extract the mean value, maximum value, deviation degree and average deviation, survival time of ten dimensions characteristics of five aspects, to achieve the low-rate of DDoS attack detection based on bayesian networks, issued by the controller after the relevant strategies to block the attack flow. Finally, in OpenStack cloud environment, the detection rate of low-rate DDoS attack reaches 99.3% and the CPU occupation rate is 9.04%. It can effectively detect and defend low-rate DDoS attacks.
引文
[1]TRUNG V.Phan,Minho Park:efficient distributed denial-of-service attack defense in SDN-based cloud[J].IEEE Access,2019(7):18701-18714.
[2]VICENTINI C,SANTIN A,VIEGAS E,et al.SDN-based and multitenant-aware resource provisioning mechanism for cloud-based big data streaming[J].Journal of Network and Computer Applications,2019(126):133-149.
[3]HONG K,KIM Y,CHOI H,et al.SDN-assisted slow HTTP DDoSattack defense method[J].IEEE Communications Letters,2018,22(4):688-691.
[4]KREUTZ D,RAMOS F M V,VERISSIMO P.Towards secure and dependable software-defined networks[C]//ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking.ACM,2013:55-60.
[5]SAHOO K S,PUTHAL D,TIWARY M,et al.An early detection of low rate DDoS attack to SDN based data center networks using information distance metrics[J].Future Generation Computer Systems,2018(89):685-697.
[6]LUKASEDER T,MAILE L,ERB B,et al.SDN-assisted network-based mitigation of slow DDoS attacks[J].Secure Communication,2018(2):102-121.
[7]何亨,胡艳,郑良汉,等.云环境中基于SDN的高效DDoS攻击检测与防御方案[J].通信学报,2018,39(4):139-151.HE H,HU Y,ZHENG L H,et al.Efficient DDoS attack detection and prevention scheme based on SDN in cloud environment[J].Journal on Communications,2018,39(4):139-151.
[8]刘孟.云环境下DDoS攻防体系及其关键技术研究[D].南京:南京大学,2016.LIU M.Research on DDoS attack and defense system and key technologies in cloud environment[D].Nanjing:Nanjing University,2016.
[9]WANG W,KE X,WANG L.A HMM-R approach to detect L-DDoSattack adaptively on SDN controller[J].Future Internet,2018,10(9):83.
[10]CHEN Z,JIANG F,CHENG Y,et al.XGBoostclassifier for DDoSattack detection and analysis in SDN-based cloud[C]//IEEE International Conference on Big Data and Smart Computing.IEEE Computer Society,2018:251-256.
[11]吴志军,张景安,岳猛,等.基于联合特征的LDoS攻击检测方法[J].通信学报,2017,38(5):19-30.WU Z J,ZHANG J A,YUE M,et al.Approach of detecting low-rate DoS attack based on combined features[J].Journal on Communications,2017,38(5):19-30.
[12]KLOTI R,KOTRONIS V,SMITH P.OpenFlow:a security analysis[C]//The IEEE International Conference on Network Protocols.IEEE,2013:1-6.
[13]乔思祎,胡成臣,李昊.Open Flow交换机流表溢出问题的缓解机制[J].计算机学报,2018,41(9):2003-2015.QIAO S Y,HU C C,LI H.Mitigation mechanism of flow table overflow problem in OpenFlow switch[J].Chinese Journal of Computers,2018,41(9):2003-2015.
[14]KANDOI R,ANTIKAINEN M.Denial-of-service attacks in OpenFlow SDN networks[C]//IFIP/IEEE International Symposium on Integrated Network Management.IEEE,2015:1322-1326.
[15]GUDE N,KOPONEN T,PETTIT J,et al.NOX:towards an operating system for networks[J].ACM SIGCOMM Computer Communication Review,2008,38(3):105-110.
[16]KUZMANOVIC A.Low-rate TCP-targeted denial of service attacks(the shrew vs.the mice and elephant)[J].Proceedings ACM SIG-COMM,2003(3):75-86.
[17]王文涛,王玲霞,黄烨.SDN环境下基于Renyi熵的低速率分布式拒绝攻击的检测[J].中南民族大学学报(自然科学版),2017,36(3):131-136.WANG W T,WANG L X,HUANG Y.Detection of low rate distributed denial of attack based on Renyientropy in SDN environment[J].Journal of Central South University for Nationalities(Natural Science Edition),2017,36(3):131-136.
[18]阿里云创新实验室.阿里云安全报告[R].阿里云创新实验室,(2018-09)[2018-12-26].ALIYUN LABS.Aliyun security report[R].Aliyun Labs,(2018-09)[2018-12-26].
[19]KANDULA S,SENGUPTA S,GREENBERG A,et al.The nature of data center traffic:measurements&analysis[C]//ACM SIGCOMMConference on Internet Measurement.ACM,2009:202-208.
[2]VICENTINI C,SANTIN A,VIEGAS E,et al.SDN-based and multitenant-aware resource provisioning mechanism for cloud-based big data streaming[J].Journal of Network and Computer Applications,2019(126):133-149.
[3]HONG K,KIM Y,CHOI H,et al.SDN-assisted slow HTTP DDoSattack defense method[J].IEEE Communications Letters,2018,22(4):688-691.
[4]KREUTZ D,RAMOS F M V,VERISSIMO P.Towards secure and dependable software-defined networks[C]//ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking.ACM,2013:55-60.
[5]SAHOO K S,PUTHAL D,TIWARY M,et al.An early detection of low rate DDoS attack to SDN based data center networks using information distance metrics[J].Future Generation Computer Systems,2018(89):685-697.
[6]LUKASEDER T,MAILE L,ERB B,et al.SDN-assisted network-based mitigation of slow DDoS attacks[J].Secure Communication,2018(2):102-121.
[7]何亨,胡艳,郑良汉,等.云环境中基于SDN的高效DDoS攻击检测与防御方案[J].通信学报,2018,39(4):139-151.HE H,HU Y,ZHENG L H,et al.Efficient DDoS attack detection and prevention scheme based on SDN in cloud environment[J].Journal on Communications,2018,39(4):139-151.
[8]刘孟.云环境下DDoS攻防体系及其关键技术研究[D].南京:南京大学,2016.LIU M.Research on DDoS attack and defense system and key technologies in cloud environment[D].Nanjing:Nanjing University,2016.
[9]WANG W,KE X,WANG L.A HMM-R approach to detect L-DDoSattack adaptively on SDN controller[J].Future Internet,2018,10(9):83.
[10]CHEN Z,JIANG F,CHENG Y,et al.XGBoostclassifier for DDoSattack detection and analysis in SDN-based cloud[C]//IEEE International Conference on Big Data and Smart Computing.IEEE Computer Society,2018:251-256.
[11]吴志军,张景安,岳猛,等.基于联合特征的LDoS攻击检测方法[J].通信学报,2017,38(5):19-30.WU Z J,ZHANG J A,YUE M,et al.Approach of detecting low-rate DoS attack based on combined features[J].Journal on Communications,2017,38(5):19-30.
[12]KLOTI R,KOTRONIS V,SMITH P.OpenFlow:a security analysis[C]//The IEEE International Conference on Network Protocols.IEEE,2013:1-6.
[13]乔思祎,胡成臣,李昊.Open Flow交换机流表溢出问题的缓解机制[J].计算机学报,2018,41(9):2003-2015.QIAO S Y,HU C C,LI H.Mitigation mechanism of flow table overflow problem in OpenFlow switch[J].Chinese Journal of Computers,2018,41(9):2003-2015.
[14]KANDOI R,ANTIKAINEN M.Denial-of-service attacks in OpenFlow SDN networks[C]//IFIP/IEEE International Symposium on Integrated Network Management.IEEE,2015:1322-1326.
[15]GUDE N,KOPONEN T,PETTIT J,et al.NOX:towards an operating system for networks[J].ACM SIGCOMM Computer Communication Review,2008,38(3):105-110.
[16]KUZMANOVIC A.Low-rate TCP-targeted denial of service attacks(the shrew vs.the mice and elephant)[J].Proceedings ACM SIG-COMM,2003(3):75-86.
[17]王文涛,王玲霞,黄烨.SDN环境下基于Renyi熵的低速率分布式拒绝攻击的检测[J].中南民族大学学报(自然科学版),2017,36(3):131-136.WANG W T,WANG L X,HUANG Y.Detection of low rate distributed denial of attack based on Renyientropy in SDN environment[J].Journal of Central South University for Nationalities(Natural Science Edition),2017,36(3):131-136.
[18]阿里云创新实验室.阿里云安全报告[R].阿里云创新实验室,(2018-09)[2018-12-26].ALIYUN LABS.Aliyun security report[R].Aliyun Labs,(2018-09)[2018-12-26].
[19]KANDULA S,SENGUPTA S,GREENBERG A,et al.The nature of data center traffic:measurements&analysis[C]//ACM SIGCOMMConference on Internet Measurement.ACM,2009:202-208.