SDN中基于φ-熵与IDBO-RF的DDoS攻击联合检测模型

吉林大学学报(理学版) ›› 2025, Vol. 63 ›› Issue (5): 1454-1461.

SDN中基于φ-熵与IDBO-RF的DDoS攻击联合检测模型

高新成¹, 王启龙², 王莉利²

1. 东北石油大学现代教育技术中心, 黑龙江大庆 163318；2. 东北石油大学计算机与信息技术学院, 黑龙江大庆 163318

收稿日期:2024-06-24 出版日期:2025-09-26 发布日期:2025-09-26
通讯作者: 王启龙 E-mail:wangqilong@stu.nepu.edu.cn

DDoS Attack Joint Detection Model Based on φ-Entropy and IDBO-RF in SDN

GAO Xincheng¹, WANG Qilong², WANG Lili²

1. Modern Education Technique Center, Northeast Petroleum University, Daqing 163318, Heilongjiang Province, China； 2. School of
Computer and Information Technology, Northeast Petroleum University, Daqing 163318, Heilongjiang Province, China

Received:2024-06-24 Online:2025-09-26 Published:2025-09-26

摘要/Abstract

摘要： 为减少软件定义网络中分布式拒绝服务攻击检测中的资源消耗, 提高检测精度, 提出一种基于φ-熵与IDBO-RF的二级联合检测模型. 首先, 通过计算目的IP地址φ-熵筛选异常流量完成一级触发检测；其次, 利用改进蜣螂优化算法优化随机森林的超参数, 构建IDBO-RF模型, 将异常流量通过最优特征子集映射到IDBO-RF模型进行分布式拒绝服务攻击二级确认检测. 经公开数据集和仿真实验验证, 该模型有效缩短了检测时间, 减少了软件定义网络的控制器资源消耗, 在分布式拒绝服务攻击二分类和多分类检测中准确率均达99%以上, 平均检测时间仅1.21 s, 对控制器CPU占用率仅33.45%, 具有良好的泛化性能.

关键词: 软件定义网络, 分布式拒绝服务攻击, φ-熵, 随机森林, 蜣螂优化算法

Abstract: In order to reduce the resource consumption in distributed denial of service (DDos) attack detection in software defined networks and improve the detection accuracy, we proposed a two-level joint detection model based on φ-entropy and IDBO-RF. Firstly, abnormal traffic was filtered to complete the first level trigger detection by calculating the φ-entropy of the destination IP address.
Secondly, the hyperparameters of the random forest were optimized by using the improved dung beetle optimization algorithm to construct the IDBO-RF model. Abnormal traffic was mapped through the optimal feature subset to the IDBO-RF model for secondary confirmation detection of DDoS attacks. Through public datasets and simulation experiments, the proposed model effectively shortens the detection time, reduces controller resource consumption of the software defined networks, and achieves an accuracy of over 99% in both binary and multi-classification detection of DDoS attacks, the average detection time is only 1.21 s, and the CPU occupancy rate for controller is only 33.45%, demonstrating good generalization performance.

Key words: software defined network, distributed denial of service attack, φ-entropy, random forest, dung beetle optimization algorithm

中图分类号:

TP393

高新成, 王启龙, 王莉利. SDN中基于φ-熵与IDBO-RF的DDoS攻击联合检测模型[J]. 吉林大学学报(理学版), 2025, 63(5): 1454-1461.

GAO Xincheng, WANG Qilong, WANG Lili. DDoS Attack Joint Detection Model Based on φ-Entropy and IDBO-RF in SDN[J]. Journal of Jilin University Science Edition, 2025, 63(5): 1454-1461.

[1]	费敏学, 黄东岩, 郭晓新. 改进蜣螂算法优化机器学习模型[J]. 吉林大学学报(理学版), 2025, 63(4): 1117-1121.
[2]	付海涛, 张智勇, 王增辉, 金晨磊. 改进SHO算法优化随机森林模型[J]. 吉林大学学报(理学版), 2025, 63(3): 861-0866.
[3]	刘威, 高新成, 王启龙, 张宣, 王莉利. 基于离散粒子群的SDN动态流调度算法[J]. 吉林大学学报(理学版), 2023, 61(5): 1139-1146.
[4]	李永丽, 王浩, 金喜子. 基于随机森林优化的自组织神经网络算法[J]. 吉林大学学报(理学版), 2021, 59(2): 351-358.
[5]	吴玲云, 秦贵和, 于赫. 基于随机森林的车载CAN总线异常检测方法[J]. 吉林大学学报(理学版), 2018, 56(3): 663-668.
[6]	赵伟卫, 李艳颖, 赵风芹, 魏洒洒. 基于互信息和随机森林的混合变量选择算法[J]. 吉林大学学报(理学版), 2017, 55(04): 933-939.
[7]	郭其标. 一种SDN中实现最优化媒体流量的自适应排队算法[J]. 吉林大学学报(理学版), 2016, 54(01): 107-111.
[8]	宫法明, 李世宝, 刘建航. 基于SDN的动态资源分配算法[J]. 吉林大学学报(理学版), 2015, 53(06): 1236-1240.