Frontiers of Information Technology & Electronic Engineering
>> 2019,
Volume 20,
Issue 9
doi:
10.1631/FITEE.1800436
Orginal Article
Discoverymethod for distributed denial-of-service attack behavior inSDNs using a feature-pattern graphmodel
1. College of Electronics and Information Engineering, Tongji University, Shanghai 201804, China
2. School of Electrical Engineering and Computer Science, University of Ottawa, Ottawa K1N 6N5, Canada
3. The Third Research Institute of the Ministry of Public Security, Shanghai 200120, China |
Available online: 2019-11-07
Next
Previous
Abstract
The security threats to software-defined networks (SDNs) have become a significant problem, generally because of the open framework of SDNs. Among all the threats, distributed denial-of-service (DDoS) attacks can have a devastating impact on the network. We propose a method to discover DDoS attack behaviors in SDNs using a feature-pattern graph model. The feature-pattern graph model presented employs network patterns as nodes and similarity as weighted links; it can demonstrate not only the traffic header information but also the relationships among all the network patterns. The similarity between nodes is modeled by metric learning and the Mahalanobis distance. The proposed method can discover DDoS attacks using a graph-based neighborhood classification method; it is capable of automatically finding unknown attacks and is scalable by inserting new nodes to the graph model via local or global updates. Experiments on two datasets prove the feasibility of the proposed method for attack behavior discovery and graph update tasks, and demonstrate that the graph-based method to discover DDoS attack behaviors substantially outperforms the methods compared herein.
京公网安备 11010502051620号
