SDN中基于MS-KNN算法的LFA攻击检测方法
针对一种新型的DDoS攻击—链路泛洪攻击(link-flooding attack,LFA)难以检测的问题,提出了SDN中基于MS-KNN(Mean Shift- K-NearestNeighbor)方法的LFA检测方法。首先通过搭建SDN实验平台,模拟LFA并构建LFA数据集;然后利用改进的加权欧氏距离均值漂移(Mean Shift,MS)算法对LFA数据集进行分类;最后利用K近邻(K-nearestneighbor,KNN)算法判断分类结果中是否具有LFA数据。实验结果表明,相较于KNN算法,利用MS-KNN不仅得到了更高的准确率,同时也得到了更低的假阳性率。
bstarct: To address the problem that a new type of DDoS attack, link-flooding attack (LFA) , is difficult to detect, an LFA detection method based on MS-KNN (Mean Shift-K-NearestNeighbor) method in SDN is proposed. Firstly, this paper simulated LFA and constructed LFA dataset by building an SDN experiment platform; secondly, an improved weighted Euclidean distance mean shift (MS) algorithm was used to classify the LFA dataset; finally, the K-nearestneighbor (KNN) algorithm was used to determine whether LFA data were included in the classification results. The experimental results show that the use of MS-KNN not only obtains a higher accuracy rate but also a lower false positive rate compared with the KNN algorithm.
孙文悦、王昌达
计算技术、计算机技术
链路泛洪攻击SDN均值漂移算法K近邻算法MS-KNN
孙文悦,王昌达.SDN中基于MS-KNN算法的LFA攻击检测方法[EB/OL].(2022-05-10)[2025-08-23].https://chinaxiv.org/abs/202205.00087.点此复制
评论