DDoS Attack Detection Based on RBFNN in SDN
SDN is a new network architecture with centralized control. By analyzing the traffic characteristics of DDoS attack, and using the SDN controller to collect the traffic in the network, the important characteristics such as the IP address entropy ratio and the port entropy ratio related to the attack are extracted. According to the analysis of relevant eigenvalues, the RBFNN algorithm is used to classify the training samples to detect DDoS attacks. Finally, the SDN environment and DDoS attacks are simulated under Ubuntu, and the RBFNN algorithm detection model is deployed in the SDN controller. Compared with BPNN algorithm and Naive Bayes algorithm, it is proved that the algorithm performs DDoS attack detection with high recognition rate in a short time.
KeywordsDDoS SDN RBFNN
This work was supported by National Key Research and Development Plan of China (No 2016YFB0801004).
- 1.Santanna, J.J., van Rijswijk-Deij, R., Hofstede, R., et al.: Booters—an analysis of DDoS-as-a-service attacks. In: IFIP/IEEE International Symposium on Integrated Network Management, pp. 243–251. IEEE (2017)Google Scholar
- 3.Cohen, R., Lewin-Eytan, L., Naor, J.S., Raz, D.: On the effect of forwarding table size on SDN network utilization. In: Proceedings of the 33rd IEEE International Conference on Computer Communications, pp.1734–1742 (2014)Google Scholar
- 4.Wang, X., Zhuang, L., Hu, Y., et al.: DDoS attack detection based on BPNN in software defined networks. J. Comput. Appl. (2018)Google Scholar
- 5.Fu, X., Junqing, M., Xunsong, H., et al.: DDoS attack detection based on KNN in software defined networks. J. Nanjing Univ. Posts Telecommun. (Nat. Sci. Ed.) 35(1), 84–88 (2015)Google Scholar
- 6.Shu, Y., Mei, M., Huang, W., et al.: Study on DDoS attack detection based on conditional entropy in SDN environment. Wirel. Internet Technol. 5, 75–76 (2016)Google Scholar
- 7.Han, Z.: An entropy-based detection of DDoS attacks in SDN. Inf. Technol. 1, 63–66 (2017)Google Scholar