{"title":"基于动态贝叶斯博弈的软件定义天空地空网络DDoS防御方法","authors":"Zhaobin Li, Bin Yang, Xinyu Zhang, Chao Guo","doi":"10.1155/2022/1886516","DOIUrl":null,"url":null,"abstract":"The centralized management of Software-Defined Network (SDN) brings convenience to Space-Air-Ground Integrated Networks (SAGIN), which also makes it vulnerable to Distributed Denial of Service (DDoS). At present, the popular detection methods are based on machine learning, but most of them are fixed detection strategies with high overhead and real-time control, so the efficiency is not high. This paper designs different defense methods for different DDoS attacks and constructs a multitype DDoS defense model based on a dynamic Bayesian game in the Software-Defined Space-Air-Ground Integrated Networks (SD-SAGIN). The proposed game model’s Nash equilibrium is solved based on the different costs and payoffs of each method. We simulated the attack and defense of DDoS in Ryu controller and Mininet. The results show that, under our model, the attacker and defender’s strategies are in a dynamic balance, and the controller can effectively reduce the defense cost while ensuring detection accuracy. Compared with the existing traditional Support Vector Machine (SVM) defense method, the performance of the proposed method is better, and it provides one of the references for DDoS defense in SD-SAGIN.","PeriodicalId":167643,"journal":{"name":"Secur. Commun. Networks","volume":"6 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-01-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"DDoS Defense Method in Software-Defined Space-Air-Ground Network from Dynamic Bayesian Game Perspective\",\"authors\":\"Zhaobin Li, Bin Yang, Xinyu Zhang, Chao Guo\",\"doi\":\"10.1155/2022/1886516\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The centralized management of Software-Defined Network (SDN) brings convenience to Space-Air-Ground Integrated Networks (SAGIN), which also makes it vulnerable to Distributed Denial of Service (DDoS). At present, the popular detection methods are based on machine learning, but most of them are fixed detection strategies with high overhead and real-time control, so the efficiency is not high. This paper designs different defense methods for different DDoS attacks and constructs a multitype DDoS defense model based on a dynamic Bayesian game in the Software-Defined Space-Air-Ground Integrated Networks (SD-SAGIN). The proposed game model’s Nash equilibrium is solved based on the different costs and payoffs of each method. We simulated the attack and defense of DDoS in Ryu controller and Mininet. The results show that, under our model, the attacker and defender’s strategies are in a dynamic balance, and the controller can effectively reduce the defense cost while ensuring detection accuracy. Compared with the existing traditional Support Vector Machine (SVM) defense method, the performance of the proposed method is better, and it provides one of the references for DDoS defense in SD-SAGIN.\",\"PeriodicalId\":167643,\"journal\":{\"name\":\"Secur. Commun. Networks\",\"volume\":\"6 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-01-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Secur. Commun. Networks\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1155/2022/1886516\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Secur. Commun. Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1155/2022/1886516","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
摘要
SDN (Software-Defined Network)的集中管理为天空地一体化网络(SAGIN)带来了便利,但同时也使其容易受到分布式拒绝服务攻击(DDoS)的攻击。目前流行的检测方法都是基于机器学习的,但大多是固定的检测策略,开销大,需要实时控制,效率不高。针对不同的DDoS攻击设计了不同的防御方法,并在软件定义的天地空一体化网络(SD-SAGIN)中构建了基于动态贝叶斯博弈的多类型DDoS防御模型。该博弈模型的纳什均衡是基于每种方法的不同成本和收益来求解的。我们在Ryu控制器和Mininet上模拟了DDoS的攻击和防御。结果表明,在我们的模型下,攻击者和防御者的策略处于动态平衡状态,控制器可以在保证检测精度的同时有效降低防御成本。与现有的传统支持向量机(SVM)防御方法相比,该方法的性能更好,为SD-SAGIN中的DDoS防御提供了参考之一。
DDoS Defense Method in Software-Defined Space-Air-Ground Network from Dynamic Bayesian Game Perspective
The centralized management of Software-Defined Network (SDN) brings convenience to Space-Air-Ground Integrated Networks (SAGIN), which also makes it vulnerable to Distributed Denial of Service (DDoS). At present, the popular detection methods are based on machine learning, but most of them are fixed detection strategies with high overhead and real-time control, so the efficiency is not high. This paper designs different defense methods for different DDoS attacks and constructs a multitype DDoS defense model based on a dynamic Bayesian game in the Software-Defined Space-Air-Ground Integrated Networks (SD-SAGIN). The proposed game model’s Nash equilibrium is solved based on the different costs and payoffs of each method. We simulated the attack and defense of DDoS in Ryu controller and Mininet. The results show that, under our model, the attacker and defender’s strategies are in a dynamic balance, and the controller can effectively reduce the defense cost while ensuring detection accuracy. Compared with the existing traditional Support Vector Machine (SVM) defense method, the performance of the proposed method is better, and it provides one of the references for DDoS defense in SD-SAGIN.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
