基于软件定义物联网的分布式拒绝服务攻击检测方法

由于物联网（IoT）设备众多、分布广泛且所处环境复杂，相较于传统网络更容易遭受分布式拒绝服务（DDoS）攻击，针对这一问题提出了一种在软件定义物联网（SD-IoT）架构下基于均分取值区间长度-K均值（ELVR-Kmeans）算法的DDoS攻击检测方法。首先，利用SD-IoT控制器的集中控制特性通过获取OpenFlow交换机的流表，分析SD-IoT环境下DDoS攻击流量的特性，提取出与DDoS攻击相关的七元组特征；然后，使用ELVR-Kmeans算法对所获取的流表进行分类，以检测是否有DDoS攻击发生；最后，搭建仿真实验环境，对该方法的检测率、准确率和错误率进行测试。实验结果表明，该方法能够较好地检测SD-IoT环境中的DDoS攻击，检测率和准确率分别达到96.43%和98.71%，错误率为1.29%。

Distributed denial of service attack detection method based on software defined Internet of things

Due to the large number, wide distribution and complex environments of Internet of Things (IoT) devices, IoT is more vulnerable to DDoS (Distributed Denial of Service) attacks than traditional networks. Concerning this problem, a Distributed Denial of Service (DDoS) attack detection method based on Equal Length of Value Range K-means (ELVR-Kmeans) algorithm in Software Defined IoT (SD-IoT) architecture was proposed. Firstly, the centralized control characteristic of the SD-IoT controller was used to extract the flow tables of the OpenFlow switch to analyze the DDoS attack traffic characteristics in SD-IoT environment and extract the seven-tuple features related to the DDoS attack traffic. Secondly, the obtained flow tables were classified by the ELVR-Kmeans algorithm to detect whether a DDoS attack had occurred. Finally, the simulation experiment environment was built to test the detection rate, accuracy and error rate of the method. The simulation results show that the proposed method can effectively detect DDoS attacks in SD-IoT environment with detection rate and accuracy of 96.43% and 98.71% respectively, and error rate of 1.29%.