• 文献检索
  • 文档翻译
  • 深度研究
  • 学术资讯
  • Suppr Zotero 插件Zotero 插件
  • 邀请有礼
  • 套餐&价格
  • 历史记录
应用&插件
Suppr Zotero 插件Zotero 插件浏览器插件Mac 客户端Windows 客户端微信小程序
定价
高级版会员购买积分包购买API积分包
服务
文献检索文档翻译深度研究API 文档MCP 服务
关于我们
关于 Suppr公司介绍联系我们用户协议隐私条款
关注我们

Suppr 超能文献

核心技术专利:CN118964589B侵权必究
粤ICP备2023148730 号-1Suppr @ 2026

文献检索

告别复杂PubMed语法,用中文像聊天一样搜索,搜遍4000万医学文献。AI智能推荐,让科研检索更轻松。

立即免费搜索

文件翻译

保留排版,准确专业,支持PDF/Word/PPT等文件格式,支持 12+语言互译。

免费翻译文档

深度研究

AI帮你快速写综述,25分钟生成高质量综述,智能提取关键信息,辅助科研写作。

立即免费体验

TITAN:结合双向转发图和 GCN 检测针对 SDN 的饱和攻击。

TITAN: Combining a bidirectional forwarding graph and GCN to detect saturation attack targeted at SDN.

机构信息

Guizhou Xiangming Technology Co., Ltd, Guiyang, Guizhou, China.

State Key Laboratory of Big Data, College of Computer Science and Technology, Guizhou University, Guiyang, Guizhou, China.

出版信息

PLoS One. 2024 Apr 26;19(4):e0299846. doi: 10.1371/journal.pone.0299846. eCollection 2024.

DOI:10.1371/journal.pone.0299846
PMID:38669264
原文链接:https://pmc.ncbi.nlm.nih.gov/articles/PMC11051642/
Abstract

The decoupling of control and forwarding layers brings Software-Defined Networking (SDN) the network programmability and global control capability, but it also poses SDN security risks. The adversaries can use the forwarding and control decoupling character of SDN to forge legitimate traffic, launching saturation attacks targeted at SDN switches. These attacks can cause the overflow of switch flow tables, thus making the switch cannot forward benign network traffic. How to effectively detect saturation attack is a research hotspot. There are only a few graph-based saturation attack detection methods. Meanwhile, the current graph generation methods may take useless or misleading information to the attack detection, thus decreasing the attack detection accuracy. To solve the above problems, this paper proposes TITAN, a bidirecTional forwardIng graph-based saturaTion Attack detectioN method. TITAN defines flow forwarding rules and topology information, and designs flow statistical features. Based on these definitions, TITAN generates nodes of the bi-forwarding graph based on the flow statistics features and edges of the bi-forwarding graph based on the network traffic routing paths. In this way, each traffic flow in the network is transformed into a bi-directional forwarding graph. Then TITAN feeds the above bidirectional forwarding graph into a Graph Convolutional Network (GCN) to detect whether the flow is a saturation attack flow. The experimental results show that TITAN can effectively detect saturation attacks in SDNs with a detection accuracy of more than 97%.

摘要

控制层和转发层的解耦为软件定义网络(SDN)带来了网络可编程性和全局控制能力,但也带来了 SDN 安全风险。攻击者可以利用 SDN 的转发和控制解耦特性伪造合法流量,针对 SDN 交换机发起饱和攻击。这些攻击会导致交换机流表溢出,从而使交换机无法转发良性网络流量。如何有效地检测饱和攻击是一个研究热点。目前基于图的饱和攻击检测方法较少。同时,当前的图生成方法可能会将无用或误导性的信息引入攻击检测中,从而降低攻击检测的准确性。为了解决上述问题,本文提出了 TITAN,一种基于双向转发图的饱和攻击检测方法。TITAN 定义了流量转发规则和拓扑信息,并设计了流量统计特征。基于这些定义,TITAN 根据流量统计特征生成基于流的双向转发图的节点,并根据网络流量路由路径生成基于流的双向转发图的边。这样,网络中的每个流量流都转换为一个双向转发图。然后,TITAN 将上述双向转发图输入到图卷积网络(GCN)中,以检测流量是否为饱和攻击流量。实验结果表明,TITAN 可以有效地检测 SDN 中的饱和攻击,检测准确率超过 97%。

https://cdn.ncbi.nlm.nih.gov/pmc/blobs/98aa/11051642/0996802086ef/pone.0299846.g012.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/98aa/11051642/c60206cabb80/pone.0299846.g001.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/98aa/11051642/28f70eb64b8c/pone.0299846.g002.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/98aa/11051642/4872b2dd5b03/pone.0299846.g003.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/98aa/11051642/aa1da5ddbb5b/pone.0299846.g004.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/98aa/11051642/dff1ce74dff5/pone.0299846.g005.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/98aa/11051642/a3633d506c29/pone.0299846.g006.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/98aa/11051642/20c1cfc9a12c/pone.0299846.g007.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/98aa/11051642/f9715292043c/pone.0299846.g008.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/98aa/11051642/74e1443382be/pone.0299846.g009.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/98aa/11051642/89502bab6bb2/pone.0299846.g010.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/98aa/11051642/656ec0641e31/pone.0299846.g011.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/98aa/11051642/0996802086ef/pone.0299846.g012.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/98aa/11051642/c60206cabb80/pone.0299846.g001.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/98aa/11051642/28f70eb64b8c/pone.0299846.g002.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/98aa/11051642/4872b2dd5b03/pone.0299846.g003.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/98aa/11051642/aa1da5ddbb5b/pone.0299846.g004.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/98aa/11051642/dff1ce74dff5/pone.0299846.g005.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/98aa/11051642/a3633d506c29/pone.0299846.g006.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/98aa/11051642/20c1cfc9a12c/pone.0299846.g007.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/98aa/11051642/f9715292043c/pone.0299846.g008.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/98aa/11051642/74e1443382be/pone.0299846.g009.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/98aa/11051642/89502bab6bb2/pone.0299846.g010.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/98aa/11051642/656ec0641e31/pone.0299846.g011.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/98aa/11051642/0996802086ef/pone.0299846.g012.jpg

相似文献

1
TITAN: Combining a bidirectional forwarding graph and GCN to detect saturation attack targeted at SDN.TITAN:结合双向转发图和 GCN 检测针对 SDN 的饱和攻击。
PLoS One. 2024 Apr 26;19(4):e0299846. doi: 10.1371/journal.pone.0299846. eCollection 2024.
2
Adaptive Machine Learning Based Distributed Denial-of-Services Attacks Detection and Mitigation System for SDN-Enabled IoT.基于自适应机器学习的支持软件定义网络的物联网分布式拒绝服务攻击检测与缓解系统
Sensors (Basel). 2022 Mar 31;22(7):2697. doi: 10.3390/s22072697.
3
Detection and mitigation of DDoS attacks based on multi-dimensional characteristics in SDN.基于软件定义网络中多维度特征的分布式拒绝服务攻击检测与缓解
Sci Rep. 2024 Jul 16;14(1):16421. doi: 10.1038/s41598-024-66907-z.
4
DoSGuard: Mitigating Denial-of-Service Attacks in Software-Defined Networks.DoSGuard:缓解软件定义网络中的拒绝服务攻击
Sensors (Basel). 2022 Jan 29;22(3):1061. doi: 10.3390/s22031061.
5
DDosTC: A Transformer-Based Network Attack Detection Hybrid Mechanism in SDN.DDosTC:SDN 中的基于 Transformer 的网络攻击检测混合机制。
Sensors (Basel). 2021 Jul 26;21(15):5047. doi: 10.3390/s21155047.
6
ML-Based Delay Attack Detection and Isolation for Fault-Tolerant Software-Defined Industrial Networks.基于机器学习的容错软件定义工业网络延迟攻击检测与隔离
Sensors (Basel). 2022 Sep 14;22(18):6958. doi: 10.3390/s22186958.
7
Multi-Stage Learning Framework Using Convolutional Neural Network and Decision Tree-Based Classification for Detection of DDoS Pandemic Attacks in SDN-Based SCADA Systems.基于卷积神经网络和决策树分类的多阶段学习框架,用于检测基于软件定义网络的监控与数据采集系统中的分布式拒绝服务大规模攻击。
Sensors (Basel). 2024 Feb 5;24(3):1040. doi: 10.3390/s24031040.
8
SDN-Defend: A Lightweight Online Attack Detection and Mitigation System for DDoS Attacks in SDN.SDN-Defend:一种用于软件定义网络中分布式拒绝服务攻击的轻量级在线攻击检测与缓解系统
Sensors (Basel). 2022 Oct 28;22(21):8287. doi: 10.3390/s22218287.
9
SACFIR: SDN-Based Application-Aware Centralized Adaptive Flow Iterative Reconfiguring Routing Protocol for WSNs.SACFIR:用于无线传感器网络的基于软件定义网络的应用感知集中式自适应流迭代重配置路由协议
Sensors (Basel). 2017 Dec 13;17(12):2893. doi: 10.3390/s17122893.
10
A Security Assessment Mechanism for Software-Defined Networking-Based Mobile Networks.一种基于软件定义网络的移动网络安全评估机制。
Sensors (Basel). 2015 Dec 17;15(12):31843-58. doi: 10.3390/s151229887.

本文引用的文献

1
Hi-GCN: A hierarchical graph convolution network for graph embedding learning of brain network and brain disorders prediction.Hi-GCN:一种用于脑网络图嵌入学习和脑疾病预测的层次图卷积网络。
Comput Biol Med. 2020 Dec;127:104096. doi: 10.1016/j.compbiomed.2020.104096. Epub 2020 Nov 3.
2
Receiver operating characteristic curve in diagnostic test assessment.诊断测试评估中的受试者工作特征曲线。
J Thorac Oncol. 2010 Sep;5(9):1315-6. doi: 10.1097/JTO.0b013e3181ec173d.
3
The graph neural network model.图神经网络模型。
IEEE Trans Neural Netw. 2009 Jan;20(1):61-80. doi: 10.1109/TNN.2008.2005605. Epub 2008 Dec 9.