SDN 中基于机器学习的DDoS 攻击协同防御
合集下载
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
Cooperative defense of DDoS attack based on machine learning in SDN
SHANG Li1, CHEN Ming1, ZHANG Lei1, LIU Xintong1, SHI Tai2, LI Baogang2 (1. Information and Communication Branch of State Grid Hebei Electric Power Co., Ltd., Shijiazhuang 050000, China;
This work is supported by the Sicence and Technology Project of State Grid Corporation of China (No. SGHEXT00GCJS2000167) and the National Natural Science Foundation of China (No. 61971190). Key words: software defined network; intrusion detection; machine learning; network security; convolutional neural network
第 49 卷 第 16 期 2021 年 8 月 16 日
DOI: 10.19783/ki.pspc.201261
电力系统保护与控制
Power System Protection and Control
Vol.49 No.16 Aug. 16, 2021
SDN 中基于机器学习的 DDoS 攻击协同防御
尚 立 1,陈 明 1,张 磊 1,刘辛彤 1,石 泰 2,李保罡 2
(1.国网河北省电力有限公司信息通信分公司,河北 石家庄 050000;2.华北电力大学,河北 保定 071003)
摘要:现在电力系统业务越来越多,传统的网络架构缺乏全局观、控制能力不强。软件定义网络(SDN)是一种新 兴的网络架构,将 SDN 运用到电力系统中去,可以改变以往电力通信网的静态化格局,实现真正意义上的智能电 网。然而,SDN 这种体系结构容易受到分布式拒绝服务(DDoS)的威胁。采用卷积神经网络和 SVM 支持向量机相 结合的方法来检测攻击。利用 SDN 控制器全局管理的特性,通过控制器提取相邻交换机之间的关联特征,使得交 换机可以协同运作,提高检测精度。此外,为了可以实时观测网络的安全状况,设计了基于 Influxdb 和 Grafana 的轻量级网络监控系统。通过模拟攻击和正常流量来获取大量数据集,并和其他检测方法进行对比试验。实验结 果表明,该模型有更高的检测率和更低的误报率,数据也可以实时上传到监控系统中,给管理者提供整个网络的 视图,使得网络的管理更加便捷。 关键词:软件定义网络;入侵检测;机器学习;网络安全;卷积神经网络
2. North China Electric Power University, Baoding 071003,ቤተ መጻሕፍቲ ባይዱChina)
Abstract: There is an ever increasing number of services in the power system, and the traditional network architecture lacks an overall view and its control ability is not strong. The Software Defined Network (SDN) is an emerging network architecture. The application of SDN in a power system can change the static pattern of the previous power communication network and realize a real smart grid. However, the architecture of SDN is vulnerable to Distributed Denial of Service (DDoS) threats. A combination of convolutional neural network and Support Vector Machine (SVM) is used to detect attacks. Based on the features of global management of an SDN controller, the association features between adjacent switches are extracted by the controller, so that switches can cooperate in operation and detection efficiency and accuracy can be improved. In addition, a lightweight network monitoring system based on Influxdb and Grafana is designed for real-time observation of network security. A large number of data sets are obtained by simulating attacks and normal traffic, and comparing with other detection methods. The results show that the model has a higher detection rate and a lower false alarm rate, and the data can also be uploaded to the monitoring system in real time to provide managers with a view of the whole network, making the management of the network more convenient.
SHANG Li1, CHEN Ming1, ZHANG Lei1, LIU Xintong1, SHI Tai2, LI Baogang2 (1. Information and Communication Branch of State Grid Hebei Electric Power Co., Ltd., Shijiazhuang 050000, China;
This work is supported by the Sicence and Technology Project of State Grid Corporation of China (No. SGHEXT00GCJS2000167) and the National Natural Science Foundation of China (No. 61971190). Key words: software defined network; intrusion detection; machine learning; network security; convolutional neural network
第 49 卷 第 16 期 2021 年 8 月 16 日
DOI: 10.19783/ki.pspc.201261
电力系统保护与控制
Power System Protection and Control
Vol.49 No.16 Aug. 16, 2021
SDN 中基于机器学习的 DDoS 攻击协同防御
尚 立 1,陈 明 1,张 磊 1,刘辛彤 1,石 泰 2,李保罡 2
(1.国网河北省电力有限公司信息通信分公司,河北 石家庄 050000;2.华北电力大学,河北 保定 071003)
摘要:现在电力系统业务越来越多,传统的网络架构缺乏全局观、控制能力不强。软件定义网络(SDN)是一种新 兴的网络架构,将 SDN 运用到电力系统中去,可以改变以往电力通信网的静态化格局,实现真正意义上的智能电 网。然而,SDN 这种体系结构容易受到分布式拒绝服务(DDoS)的威胁。采用卷积神经网络和 SVM 支持向量机相 结合的方法来检测攻击。利用 SDN 控制器全局管理的特性,通过控制器提取相邻交换机之间的关联特征,使得交 换机可以协同运作,提高检测精度。此外,为了可以实时观测网络的安全状况,设计了基于 Influxdb 和 Grafana 的轻量级网络监控系统。通过模拟攻击和正常流量来获取大量数据集,并和其他检测方法进行对比试验。实验结 果表明,该模型有更高的检测率和更低的误报率,数据也可以实时上传到监控系统中,给管理者提供整个网络的 视图,使得网络的管理更加便捷。 关键词:软件定义网络;入侵检测;机器学习;网络安全;卷积神经网络
2. North China Electric Power University, Baoding 071003,ቤተ መጻሕፍቲ ባይዱChina)
Abstract: There is an ever increasing number of services in the power system, and the traditional network architecture lacks an overall view and its control ability is not strong. The Software Defined Network (SDN) is an emerging network architecture. The application of SDN in a power system can change the static pattern of the previous power communication network and realize a real smart grid. However, the architecture of SDN is vulnerable to Distributed Denial of Service (DDoS) threats. A combination of convolutional neural network and Support Vector Machine (SVM) is used to detect attacks. Based on the features of global management of an SDN controller, the association features between adjacent switches are extracted by the controller, so that switches can cooperate in operation and detection efficiency and accuracy can be improved. In addition, a lightweight network monitoring system based on Influxdb and Grafana is designed for real-time observation of network security. A large number of data sets are obtained by simulating attacks and normal traffic, and comparing with other detection methods. The results show that the model has a higher detection rate and a lower false alarm rate, and the data can also be uploaded to the monitoring system in real time to provide managers with a view of the whole network, making the management of the network more convenient.