DDos攻击

什么是 DDoS 攻击？
又有那些著名的案例？

拒绝服务(DoS)攻击可使目标计算机上的系统资源过期、停止服务并使其正常用户无法访问。当黑客使用网络上的两台或多台受攻击的计算机作为傀儡计算机对特定目标发起DoS攻击时，这些攻击称为DDoS攻击。DDoS攻击者可以同时控制多台计算机并创建包含控制傀儡和攻击傀儡的攻击体系结构，如图1所示。

攻击者通常使用大量地理上分布的受危害主机作为傀儡计算机来对特定目标发动DoS攻击。传统的攻击体系结构类似于哑铃形结构，在这种结构中，中间网络只负责数据转发，安全事件和控制功能完全由管理人员执行，而网络没有快速检测和处理网络攻击的能力。

DDoS攻击检测方法综述

由于DDoS攻击的严重性和普遍性，存在大量的DDoS攻击检测研究。在传统网络中的DDoS攻击检测和SDNs中的DDoS攻击检测两个角度对相关研究进行简要综述，如表2所示。

传统网络中的DDoS检测：对传统网络中DDoS攻击的检测方法进行了广泛的研究，采用基于熵的方法[10]、支持向量机方法[11]、朴素贝叶斯方法[13]、神经网络方法[14]、聚类分析方法[15]、人工神经网络方法[12]和KNN方法[9]作为分类器。
SDNS中的检测：SDN控制器收集有关流表的信息，并使用选定的分类器将网络流量分类为正常或异常。基于逻辑集中控制器的能力和网络的可编程性，网络管理员可以立即响应攻击。经典的分类方法，如贝叶斯网络[16]和支持向量机[18]，以及SOM[20]、[25]、[26]和深度学习[27]的神经网络都被用作SDN中的流量分类器。

这些提出的方法通常考虑在单个域中进行攻击检测，这通常需要复杂的检测在测试阶段进行矢量乘法和除法等计算。

例如，朴素贝叶斯的计算公式是f(X)=argmaxP(Yi)∏di=1p(xi∣y)f(X)=argmaxP(Y_i)\prod_{d}^{i=1} p(x_i|y)f(X)=argmaxP(Yi)∏di=1p(xi∣y)，其中xxx是测试实例，ddd是xxx的维度，yyy是分类标记。支持向量机、贝叶斯网络和聚类分析的时间复杂度分别为O(n3)、O(n3)和O(nkt)O(n^3)、O(n^3)和O(nkt)O(n3)、O(n3)和O(nkt)，其中nnn为训练样本数，kkk为聚类数，ttt为迭代次数。深度学习被认为是一种需要大量计算资源进行计算的复杂算法，其时间复杂度为O(f(n))O(f(n))O(f(n))，其中f(n)f(n)f(n)是算法内置模块的函数。

Bian et al.[20]提出了一种基于SOM的方案。训练神经网络和训练测试的时间复杂度分别为O(nm2)O(nm^2)O(nm2)和O(m^2)，其中mmm为神经元数目，nnn为训练样本数目。作为一种基于实例的学习(或称懒惰学习)算法，Mousavi和St-Hilaire在[17]中提出了一种在SDNS中检测DDoS攻击的方法，并声称该方法可以在攻击流量的前500个数据包中检测到DDoS攻击。如果傀儡机器和受害者位于不同的SDN域，则不会将流量反映为异常。

参考文献

[1] A. Zarca, J. Bernabe, I. Farris, T. Taleb, A. Skarmeta, and Y. Khettab,
“Enhancing iot security through network softwarization and virtual
security appliances,” ACMInt.J.Netw.Manage. , to be published.
[2] Ponemon Institute. Accessed: Sep. 20, 2016. [Online]. Available:
https://www.ponemon.org/
[3] D. B. Rawat and S. R. Reddy, “Software defined networking architecture,
security and energy efficiency: A survey,” IEEE Commun. Surveys Tuts. ,
vol. 19, no. 1, pp. 325–346, 1st Quart., 2017.
[4] S. Lal, A. Kalliola, I. Oliver, K. Ahola, and T. Taleb, “Securing VNF
communication in NFVI,” in Proc. IEEE Conf. Standards Commun.
Netw. (CSCN) , Sep. 2017, pp. 187–192.
[5] MIT Lincoln Laboratory Datasets. Accessed: Sep. 20, 2016. [Online].
Available: https://www.ll.mit.edu/ideval/data/2000data.html
[6] Y. Meidan et al. , “ProfilioT: A machine learning approach for IoT device
identification based on network traffic analysis,” in Proc. Symp. Appl.
Comput. , New York, NY, USA, 2017, pp. 506–509. [Online]. Available:
http://doi.acm.org/10.1145/3019612.
[7] Z. M. Fadlullah et al. , “State-of-the-art deep learning: Evolving machine
intelligence toward tomorrow’s intelligent network traffic control sys-
tems,” IEEE Commun. Surveys Tuts. , vol. 19, no. 4, pp. 2432–2455,
4th Quart., 2017.
[8] S. Lal, S. Ravidas, I. Oliver, and T. Taleb, “Assuring virtual network
function image integrity and host sealing in Telco cloue,” in Proc. IEEE
Int. Conf. Commun. (ICC) , May 2017, pp. 1–6.
[9] T. T. Oo and T. Phyu, “Statistical anomaly detection of DDoS attacks
using k-nearest neighbour,” Int. J. Comput. Commun. Eng. Res. ,vol.2,
no. 1, pp. 6–11, 2014.
[10] J. David and C. Thomas, “DDoS attack detection using
fast entropy approach on flow- based network traffic,”
Proc. Comput. Sci. , vol. 50, pp. 30–36, Apr. 2015.
[Online]. Available: http://www.sciencedirect.com/science/article/pii/
S1877050915005086, doi:https://doi.org/10.1016/j.procs.2015.04.007.
[11] A. R. Yusof, N. I. Udzir, and A. Selamat, “An evaluation on KNN-SVM
algorithm for detection and prediction of DDoS attack,” in Trends in
Applied Knowledge-Based Systems and Data Science , H. Fujita, M. Ali,
A. Selamat, J. Sasaki, and M. Kurematsu, Eds. Cham, Switzerland:
Springer, 2016, pp. 95–102.
[12] A. Saied, R. E. Overill, and T. Radzik, “Detection of known and
unknown DDoS attacks using artificial neural networks,” Neuro-
computing , vol. 172, pp. 385–393, Jan. 2016. [Online]. Available:
http://www.sciencedirect.com/science/article/pii/S092523121501053X
[13] N. A. Singh, K. J. Singh, and T. De, “Distributed denial of ser-
vice attack detection using naive Bayes classifier through info gain
feature selection,” in Proc. Int. Conf. Inform. Anal. ,NewYork,
NY, USA, 2016, pp. 54:1–54:9. [Online]. Available: http://doi.acm.
org/10.1145/2980258.
[14] C.-J. Hsieh and T.-Y. Chan, “Detection DDoS attacks based on
neural-network using apache spark,” in Proc. Int. Conf. Appl. Syst.
Innov. (ICASI) , May 2016, pp. 1–4.
[15] S. Wei, Y. Ding, and X. Han, “TDSC: Two-stage DDoS detection and
defense system based on clustering,” in Proc. 47th Annu. IEEE/IFIP
Int. Conf. Dependable Syst. Netw. Workshops (DSN-W) , Jun. 2017,
pp. 101–102.
[16] S. Nanda, F. Zafari, C. DeCusatis, E. Wedaa, and B. Yang, “Predicting
network attack patterns in SDN using machine learning approach,”
in Proc. IEEE Conf. Netw. Funct. Virtualization Softw. Defined
Netw. (NFV-SDN) , Nov. 2016, pp. 167–172.
[17] S. M. Mousavi and M. St-Hilaire, “Early detection of DDoS
attacks against SDN controllers,” in Proc. Int. Conf. Comput., Netw.
Commun. (ICNC) , Feb. 2015, pp. 77–81.
[18] K. Rt, S. T. Selvi, and K. Govindarajan, “DDoS detection and analysis
in SDN-based environment using support vector machine classifier,” in
Proc. 6th Int. Conf. Adv. Comput. (ICoAC) , Dec. 2014, pp. 205–210.
[19] Q. Yan, F. R. Yu, Q. Gong, and J. Li, “Software-defined network-
ing (SDN) and distributed denial of service (DDoS) attacks in cloud
computing environments: A survey, some research issues, and chal-
lenges,” IEEE Commun. Surveys Tuts. , vol. 18, no. 1, pp. 602–622,
1st Quart., 2016.
[20] H. Bian, L. Zhu, M. Shen, M. Wang, C. Xu, and Q. Zhang, “Privacy-
preserving anomaly detection across multi-domain for software defined
networks,” in Proc. Int. Conf. Trusted Syst. , 2015, pp. 3–16.
[21] M. De Cock et al. , “Efficient and private scoring of decision trees,
support vector machines and logistic regression models based on pre-
computation,” IEEE Trans. Depend. Sec. Comput. , to be published,
doi:10.1109/TDSC.2017.2679189.
[22] M. Shen, B. Ma, L. Zhu, R. Mijumbi, X. Du, and J. Hu, “Cloud-based
approximate constrained shortest distance queries over encrypted graphs
with privacy protection,” IEEE Trans. Inf. Forensics Security , vol. 13,
no. 4, pp. 940–953, Apr. 2018.
[23] L. Schiaffino et al. , “Feature selection for KNN classifier to improve
accurate detection of subthalamic nucleus during deep brain stimulation
surgery in Parkinson’s patients,” in VII Latin American Congress on Bio-
medical Engineering CLAIB 2016, Bucaramanga, Santander, Colombia,
October 26th -28th, 2016 , I. Torres, J. Bustamante, and D. A. Sierra,
Eds. Singapore: Springer, 2017, pp. 441–444.
[24] M. Yesilbudak, S. Sagiroglu, and I. Colak, “A novel implementation of
kNN classifier based on multi-tupled meteorological input data for wind
power prediction,” Energy Convers. Manage. , vol. 135, pp. 434–444,
Mar. 2017. [Online]. Available: http://www.sciencedirect.com/science/
article/pii/S
[25] Y. Xu and Y. Liu, “DDoS attack detection under SDN context,” in Proc.
35th Annu. IEEE Int. Conf. Comput. Commun. (INFOCOM) , Apr. 2016,
pp. 1–9.
[26] R. Braga, E. Mote, and A. Passito, “Lightweight DDoS flooding
attack detection using NOX/OpenFlow,” in Proc. IEEE Local Comput.
Netw. (LCN) , Denver, CO, USA, Oct. 2010, pp. 408–415.
[27] Q. Niyaz, W. Sun, and A. Y. Javaid, “A deep learning based
DDoS detection system in software-defined networking (SDN),” EAI
Endorsed Trans. Secur. Safety , vol. 4, no. 12, pp. 1–12, Dec. 2017,
doi:10.4108/eai.28-12-2017.153515.
[28] X. Du and F. Lin, “Secure cell relay routing protocol for sensor
networks,” in Proc. 24th IEEE Int. Perform., Comput., Commun.
Conf. (PCCC) , Apr. 2005, pp. 477–482.
[29] S. Lal, T. Taleb, and A. Dutta, “NFV: Security threats and best practices,”
IEEE Commun. Mag. , vol. 55, no. 8, pp. 211–217, Aug. 2017.
[30] Y. Khettab, M. Bagaa, D. Dutra, T. Taleb, and N. Toumi, “Virtual
security as a service for 5G verticals,” in Proc. IEEE Wireless Commun.
Netw. Conf. , Barcelona, Spain, Apr. 2018.
[31] A. C. Yao, “Protocols for secure computations,” in Proc. 23rd Annu.
Symp. Found. Comput. Sci. , Washington, DC, USA, 1982, pp. 160–164.
[Online]. Available: http://dx.doi.org/10.1109/SFCS.1982.
[32] X. Shu, D. Yao, and E. Bertino, “Privacy-preserving detection of
sensitive data exposure,” IEEE Trans. Inf. Forensics Security , vol. 10,
no. 5, pp. 1092–1103, May 2015.
[33] G. Neugebauer, U. Meyer, and S. Wetzel, “Fair and privacy-preserving
multi-party protocols for reconciling ordered input sets,” in Proc. Int.
Conf. Inf. Secur. , 2011, pp. 136–151.
[34] X. Du and H. H. Chen, “Security in wireless sensor networks,” IEEE
Wireless Commun. Mag. , vol. 15, no. 4, pp. 60–66, Aug. 2008.
[35] X. Du, M. Guizani, Y. Xiao, and H. H. Chen, “Secure and Efficient Time
Synchronization in Heterogeneous Sensor Networks,” IEEE Trans. Veh.
Technol. , vol. 57, no. 4, pp. 2387–2394, Jul. 2008.
[36] Q. Chen, C. Qian, and S. Zhong, “Privacy-preserving cross-domain
routing optimization—A cryptographic approach,” in Proc. IEEE 23rd
Int. Conf. Netw. Protocols (ICNP) , Nov. 2015, pp. 356–365.
[37] M. Burkhart, M. Strasser, D. Many, and X. Dimitropoulos,
“SEPIA: Privacy-preserving aggregation of multi-domain network
events and statistics,” in Proc. 19th USENIX Conf. Secur. ,
Washington, DC, USA, 2010, pp. 1–15. [Online]. Available:
http://dl.acm.org/citation.cfm?id=1929820.
[38] W. K. Wong, D. W.-L. Cheung, B. Kao, and N. Mamoulis, “Secure
kNN computation on encrypted databases,” in Proc. ACM SIGMOD Int.
Conf. Manage. Data , New York, NY, USA, 2009, pp. 139–152. [Online].
Available: http://doi.acm.org/10.1145/1559845.
[39] Y. Elmehdwi, B. K. Samanthula,and W. Jiang, “Secure k-nearest
neighbor query over encrypted data in outsourced environments,” in
Proc. IEEE 30th Int. Conf. Data Eng. , Mar. 2014, pp. 664–675.
[40] X. Du, Y. Xiao, M. Guizani, and H.-H. Chen, “An effective
key management scheme for heterogeneous sensor networks,” Ad
Hoc Netw. , vol. 5, no. 1, pp. 24–34, 2007. [Online]. Available:
http://www.sciencedirect.com/science/article/pii/S
[41] X. Du, Y. Xiao, S. Ci, M. Guizani, and H.-H. Chen, “A routing-driven
key management scheme for heterogeneous sensor networks,” in Proc.
ICC , Jun. 2007, pp. 3407–3412.
[42] J. Katz and Y. Lindell, Introduction to Modern Cryptography (Cryptog-
raphy and Network Security Series). Boca Raton, FL, USA: CRC Press,
2014.
[43] J. S. Beis and D. G. Lowe, “Shape indexing using approximate
nearest-neighbour search in high-dimensional spaces,” in Proc. Conf.
Comput. Vis. Pattern Recognit. (CVPR) , Washington, DC, USA,
Jun. 1997, pp. 1000–1006. [Online]. Available: http://dl.acm.org/
citation.cfm?id=794189.
[44] Open Networking Foundation, Palo Alto, CA, USA. Software-Defined
Networking: The New Norm for Networks. Accessed: Aug. 1, 2016.
[Online]. Available: https://www.opennetworking.org/images/
stories/downloads/sdn-resources/white-papers/wp-sdn-newnorm.pdf
[45] N. McKeown et al. , “OpenFlow: Enabling innovation in campus
networks,” ACM SIGCOMM Comput. Commun. Rev. , vol. 38, no. 2,
pp. 69–74, Apr. 2008. [Online]. Available: http://doi.acm.org/
10.1145/1355734.
[46] M. Shen, M. Wei, L. Zhu, and M. Wang, “Classification of encrypted
traffic with second-order Markov chains and application attribute
bigrams,” IEEE Trans. Inf. Forensics Security , vol. 12, no. 8,
pp. 1830–1843, Aug. 2017.
[47] The Caida UCSD, DDoS Attack 2007. Accessed:
Sep. 20, 2016. [Online]. Available: http://www.caida.org/data/
passive/ddos-20070804_dataset.xml
[48] The Caida UCSD, Anonymized Internet Traces 2008. Accessed:
Sep. 20, 2016. [Online]. Available: http://www.caida.org/data/
passive/passive_2008_dataset.xml
[49] KDDcup99. Accessed: Sep. 20, 2016. [Online]. Available:
http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
[50] Mawilab. Accessed: Sep. 20, 2016. [Online]. Available:
http://www.fukuda-lab.org/mawilab/v1.1/index.html
[51] Y. Xiao et al. , “A survey of key management schemes in wireless sensor
networks,” Comput. Commun. , vol. 30, nos. 11–12, pp. 2314–2341,
Sep. 2007. [Online]. Available: http://www.sciencedirect.com/science/
article/pii/S

【传统网络】与【SDN】的【DDos攻击与检测】相关推荐

Tor 和I2P 网络正遭大规模DDoS 攻击
聚焦源代码安全,网罗国内外最新资讯! 编译:代码卫士 Tor 项目组的执行主管 Isabela Dias Fernandes 在本周二表示,至少从2022年7月开始,Tor 网络就遭受大规模DDoS ...
DDoS攻击流量检测方法
DDoS攻击流量检测方法检测分类 1)误用检测误用检测主要是根据已知的攻击特征直接检测入侵行为.首先对异常信息源建模分析提取特征向量,根据特征设计针对性的特征检测算法,若新数据样本检测出相应的特征 ...
基于SDN的DDoS攻击检测和防御方法
本文主要阐述SDN环境下的DDoS攻击检测与主动防御研究.首先分层次的介绍了软件定义网络的架构特点及协议.然后介绍了DDoS攻击原理及对SDN架构网络的危害.接下来通过Floodlight.minin ...
基于SDN的DDoS攻击检测与防御
2022年6月21日更新看到很多人喜欢这篇文章我还是很高兴的,今天本来打算将我当初的实验环境公布出来,但是当时是保存到了阿里云盘,阿里云盘不支持分享. 后来改成图片格式,又显示文件过大,4G就嫌大了 ...
基于API调用管理的SDN应用层DDoS攻击防御机制
摘要:软件定义网络(SDN,software defined network)针对北向接口安全研究少,加之缺乏严格的访问控制.身份认证及异常调用检测等机制,导致攻击者有机会开发恶意的应用程序,造成北 ...
DDos攻击的一些领域知识——（流量模型针对稳定业务比较有效）不稳定业务采用流量成本的检测算法，攻击发生的时候网络中各个协议的占比发生了明显的变化...
在过去,很多防火墙对于DDoS攻击的检测一般是基于一个预先设定的流量阈值,超过一定的阈值,则会产生告警事件,做的细一些的可能会针对不同的流量特征设置不同的告警曲线,这样当某种攻击突然出现的时候,比如S ...
SDN初体验·理论篇(零):SDN与传统网络不得不说的那些事
本人是一名热爱网络工程的菜鸡,是一只兴趣使然的菜鸡,我目前发的blog只是作为我学习阶段的一个总结,分享给大家,希望大家一起交流,一起探讨,文章中有不正确的知识或言论请大家指出,同时我觉得对网络感兴趣 ...
SDN网络对比传统网络
SDN相比传统网络具有很多优点,比如控制与转发分离,这种思想打破了传统设备供应商的绑定,提高了新业务的部署速度,可以从整个网络层面对流量进行优化等等.在SDN网络中,不管是开发人员还是用户,都可以更多 ...
网络系列--SDN安全
本文分析了当前SDN安全相关的研究论文,综合各类观点总结出本篇文章文章目录一:网络空间安全概述 1.1:网络空间 1.2:网络空间安全 1.3:网络空间安全形势二:SDN概述 2.1:简介 2. ...

【传统网络】与【SDN】的【DDos攻击与检测】

DDos攻击

DDoS攻击检测方法综述

参考文献

【传统网络】与【SDN】的【DDos攻击与检测】相关推荐

最新文章

热门文章