当前位置: X-MOL 学术Comput. Electr. Eng. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Near real-time security system applied to SDN environments in IoT networks using convolutional neural network
Computers & Electrical Engineering ( IF 4.3 ) Pub Date : 2020-09-01 , DOI: 10.1016/j.compeleceng.2020.106738
Marcos V.O. de Assis , Luiz F. Carvalho , Joel J.P.C. Rodrigues , Jaime Lloret , Mario L. Proença Jr

Abstract The Internet of Things (IoT) paradigm brings new and promising possibilities for services and products. The heterogeneity of IoT devices highlights the inefficiency of traditional networks’ structures to support their specific requirements due to their lack of flexibility. Thus, Software-defined Networking (SDN) is commonly associated with IoT since this architecture provides a more flexible and manageable network environment. As shown by recent events, IoT devices may be used for large scale Distributed Denial of Service (DDoS) attacks due to their lack of security. This kind of attack is commonly detected and mitigated at the destination-end network but, due to the massive volume of information that IoT botnets generate, this approach is becoming impracticable. We propose in this paper a near real-time SDN security system that both prevents DDoS attacks on the source-end network and protects the sources SDN controller against traffic impairment. For this, we apply and test a Convolutional Neural Network (CNN) for DDoS detection, and describe how the system could mitigate the detected attacks. The performance outcomes were performed in two test scenarios, and the results pointed out that the proposed SDN security system is promising against next-generation DDoS attacks.

中文翻译:

使用卷积神经网络的近实时安全系统应用于物联网网络中的SDN环境

摘要 物联网 (IoT) 范式为服务和产品带来了新的、有前景的可能性。物联网设备的异构性凸显了传统网络结构由于缺乏灵活性而无法满足其特定要求的效率低下。因此,软件定义网络 (SDN) 通常与物联网相关联,因为该架构提供了更灵活和可管理的网络环境。正如最近的事件所示,物联网设备由于缺乏安全性,可能会被用于大规模分布式拒绝服务 (DDoS) 攻击。这种攻击通常在目标端网络被检测和缓解,但由于物联网僵尸网络生成的大量信息,这种方法变得不切实际。我们在本文中提出了一种近实时 SDN 安全系统,既可以防止对源端网络的 DDoS 攻击,又可以保护源 SDN 控制器免受流量损害。为此,我们应用并测试了用于 DDoS 检测的卷积神经网络 (CNN),并描述了系统如何减轻检测到的攻击。性能结果在两个测试场景中进行,结果表明所提出的 SDN 安全系统有望抵御下一代 DDoS 攻击。
更新日期:2020-09-01
down
wechat
bug