Computer Engineering and Applications ›› 2019, Vol. 55 ›› Issue (20): 84-88.DOI: 10.3778/j.issn.1002-8331.1808-0343

Previous Articles     Next Articles

DDoS Attack Detection Based on C4.5 in SDN

LIU Junjie, WANG Jun, WANG Menglin, WANG Yue   

  1. College of Telecommunications and Information Engineering, Nanjing University of Posts and Telecommunications, Nanjing 210003, China
  • Online:2019-10-15 Published:2019-10-14



  1. 南京邮电大学 通信与信息工程学院,南京 210003

Abstract: Software Defined Network(SDN) is an emerging network architecture. Its separation of control and forwarding architecture brings great convenience and flexibility to network management, but it also brings new security threats and challenges. By performing the Distributed Denial of Service(DDoS) attack on the centralized controller of the SDN, the attacker will make the information unreachable and cause network congestion. In order to detect the DDoS attack, a detection method based on the C4.5 decision tree is proposed. It extracts information from each switch flow entry, then generates a decision tree to classify traffic to realize the detection of DDoS attacks. Finally, the experimental results show that the method has higher detection success rate, lower false alarm rate and less detection time.

Key words: Software Defined Network(SDN), Distributed Denial of Service(DDoS) attack, C4.5 decision tree

摘要: SDN(Software Defined Network,软件定义网络)是一种新兴的网络架构,它的控制与转发分离架构为网络管理带来了极大的便利性和灵活性,但同时也带来新的安全威胁和挑战。攻击者通过对SDN的集中式控制器进行DDoS(Distributed Denial of Service,分布式拒绝服务)攻击,会使信息不可达,造成网络瘫痪。为了检测DDoS攻击,提出了一种基于C4.5决策树的检测方法:通过提取交换机流表项信息,使用C4.5决策树算法训练数据集生成决策树对流量进行分类,实现DDoS攻击的检测,最后通过实验证明了该方法有更高的检测成功率,更低的误警率与较少的检测时间。

关键词: 软件定义网络, 分布式拒绝服务攻击, C4.5决策树