Abstract:Aiming at the problem that distributed denial-of-service (DDoS) attacks in power monitoring system are difficult to identify in real time with high accuracy and low energy consumption, a real-time DDoS attack detection method based on firewall is proposed. The method adopts a combination of software and hardware. On the hardware side, the firewall uses field programmable gate array (FPGA) to collect message data in real time, update counters when forwarding messages, provide real-time characteristic values required for detection and perform attack prediction. On the software side, it runs a recognizer based on machine learning. The hardware senses the network status in real time when collecting packet data. Once the network is abnormal, the online identifier is launched to detect DDoS attack. A DDoS attack detection prototype system based on this method is implemented and deployed. Experiments show that the method can detect DDoS attack in real time with low resource occupancy and high accuracy.
[1] 陈超群, 陈勃, 刘布麒, 等. 轨道交通网络信息安全防护系统研究与设计[J]. 电气技术, 2020, 21(2): 50-55. [2] 王刚, 张向东, 陈顺利, 等. 依托灰关联投影的配网自动化通信网络安全性评价研究[J]. 电气技术, 2019, 20(6): 66-69. [3] 金能, 梁宇, 邢家维, 等. 提升配电网线路保护可靠性的远方保护及其与就地保护优化配合方案研究[J]. 电工技术学报, 2019, 34(24): 5221-5233. [4] 张浩然, 贾帅锋, 赵冠华, 等. 直流控制保护系统网络安全分析与对策[J]. 电气技术, 2020, 21(1): 110-112. [5] 汤奕, 李梦雅, 王琦, 等. 电力信息物理系统网络攻击与防御研究综述: (二)检测与保护[J]. 电力系统自动化, 2019, 43(10): 1-9. [6] 杨挺, 侯昱丞, 赵黎媛, 等. 基于时-频域混合特征的变电站通信网异常流量检测方法[J]. 电力系统自动化, 2020, 44(16): 79-86. [7] 苏盛, 吴长江, 马钧, 等. 基于攻击方视角的电力CPS网络攻击模式分析[J]. 电网技术, 2014, 38(11): 3115-3120. [8] DOSHI R, APTHORPE N, FEAMSTER N.Machine learning ddos detection for consumer internet of things devices[C]//2018 IEEE Security and Privacy Workshops (SPW), San Francisco, USA, 2018: 29-35. [9] SHIAELES S N, KATOS V, KARAKOS A S, et al.Real time DDoS detection using fuzzy estimators[J]. Computers & Security, 2012, 31(6): 782-790. [10] MOUSAVI S M, ST-HILAIRE M.Early detection of DDoS attacks against SDN controllers[C]//2015 International Conference on Computing, Networking and Communications (ICNC), Garden Grove, USA, 2015: 77-81. [11] IDHAMMAD M, AFDEL K, BELOUCH M.Semi-supervised machine learning approach for DDoS detection[J]. Applied Intelligence, 2018, 48(10): 3193-3208. [12] YANG Xiang, LI Ke, ZHOU Wanlei.Low-rate DDoS attacks detection and traceback by using new information metrics[J]. IEEE Transactions on Infor-mation Forensics and Security, 2011, 6(2): 426-437. [13] SHARAFALDIN I, LASHKARI A H, GHORBANI A A.Toward generating a new intrusion detection dataset and intrusion traffic characterization[C]//4th Inter-national Conference on Information Systems Security and Privacy (ICISSP), Portugal, 2018: 108-116. [14] KARIMAZAD R, FARAAHI A.An anomaly-based method for DDoS attacks detection using RBF neural net-works[C]//Proceedings of the International Con-ference on Network and Electronics Engineering, Singapore, 2011, 11: 44-48. [15] CHANG C C, LIN C J.LIBSVM: a library for support vector machines[J]. ACM Transactions on Intelligent Systems and Technology (TIST), 2011, 2(3): 1-27. [16] BUHMANN M D.Radial basis functions: theory and implementations[M]. UK: Cambridge University Press, 2003. [17] SUBBULAKSHMI T, BALAKRISHNAN K, SHALINIE S M, et al.Detection of DDoS attacks using enhanced support vector machines with real time generated dataset[C]//2011 Third International Conference on Advanced Computing, India, 2011: 17-22.