{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,19]],"date-time":"2026-01-19T08:27:06Z","timestamp":1768811226073,"version":"3.49.0"},"reference-count":33,"publisher":"MDPI AG","issue":"22","license":[{"start":{"date-parts":[[2022,11,21]],"date-time":"2022-11-21T00:00:00Z","timestamp":1668988800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100012166","name":"National Key R&amp;D Program of China","doi-asserted-by":"publisher","award":["2018YFA0701604"],"award-info":[{"award-number":["2018YFA0701604"]}],"id":[{"id":"10.13039\/501100012166","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100012166","name":"National Key R&amp;D Program of China","doi-asserted-by":"publisher","award":["2022YJS130"],"award-info":[{"award-number":["2022YJS130"]}],"id":[{"id":"10.13039\/501100012166","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100012226","name":"Fundamental Research Funds for the Central Universities","doi-asserted-by":"publisher","award":["2018YFA0701604"],"award-info":[{"award-number":["2018YFA0701604"]}],"id":[{"id":"10.13039\/501100012226","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100012226","name":"Fundamental Research Funds for the Central Universities","doi-asserted-by":"publisher","award":["2022YJS130"],"award-info":[{"award-number":["2022YJS130"]}],"id":[{"id":"10.13039\/501100012226","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>In view of various security requirements, there are various security services in the network. In particular, DDoS attacks have various types and detection methods. How to flexibly combine security services and make full use of the information provided by security services have become urgent problems to be solved. This paper combines the reasoning ability of the malicious behavior knowledge base to realize the dynamic deployment of the service function chain and dynamic configuration of the security service function. The method feeds back the information generated by the security service to the knowledge base. After the analysis of the knowledge base, the service function chain path and the security service configuration policies are generated, and these policies will be dynamically distributed to the security service function. Finally, security services can be dynamically arranged for different network traffic, realizing the coordinated use of various security services and improving the overall detection rate of the network. The experimental results show that by arranging the paths under the UDP and the TCP, the overall detection rate of the network can reach 99% and 88%, respectively, indicating that it has a good overall detection performance for multiple distributed denial of service (DDoS) attacks.<\/jats:p>","DOI":"10.3390\/s22229021","type":"journal-article","created":{"date-parts":[[2022,11,22]],"date-time":"2022-11-22T05:18:57Z","timestamp":1669094337000},"page":"9021","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["A Dynamic Deployment Method of Security Services Based on Malicious Behavior Knowledge Base"],"prefix":"10.3390","volume":"22","author":[{"given":"Qi","family":"Guo","sequence":"first","affiliation":[{"name":"School of Electronic and Information Engineering, Beijing Jiaotong University, Beijing 100044, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8798-0782","authenticated-orcid":false,"given":"Man","family":"Li","sequence":"additional","affiliation":[{"name":"School of Electronic and Information Engineering, Beijing Jiaotong University, Beijing 100044, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Weilin","family":"Wang","sequence":"additional","affiliation":[{"name":"School of Electronic and Information Engineering, Beijing Jiaotong University, Beijing 100044, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ying","family":"Liu","sequence":"additional","affiliation":[{"name":"School of Electronic and Information Engineering, Beijing Jiaotong University, Beijing 100044, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2022,11,21]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"48","DOI":"10.1109\/MWC.001.2100579","article-title":"Optimizing High-Speed Mobile Networks with Smart Collaborative Theory","volume":"29","author":"Song","year":"2022","journal-title":"IEEE Wirel. Commun."},{"key":"ref_2","first-page":"1","article-title":"DR-SDSN: An Elastic Differentiated Routing Framework for Software-Defined Satellite Networks","volume":"99","author":"Feng","year":"2022","journal-title":"IEEE Wireless Communi."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"6046","DOI":"10.1109\/JIOT.2019.2958097","article-title":"Smart Collaborative Tracking for Ubiquitous Power IoT in Edge-Cloud Interplay Domain","volume":"7","author":"Song","year":"2020","journal-title":"IEEE Internet Things J."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"196","DOI":"10.1109\/MNET.100.2000338","article-title":"Enabling Machine Learning with Service Function Chaining for Security Enhancement at 5G Edges","volume":"35","author":"Feng","year":"2021","journal-title":"IEEE Netw."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"6916","DOI":"10.1109\/TII.2020.3029766","article-title":"Smart Collaborative Balancing for Dependable Network Components in Cyber-Physical Systems","volume":"17","author":"Song","year":"2021","journal-title":"IEEE Trans. Ind. Inform."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"171","DOI":"10.1109\/MCOM.2018.1700662","article-title":"Interface to Network Security Functions for Cloud-Based Security Services","volume":"56","author":"Hyun","year":"2018","journal-title":"IEEE Commun. Mag."},{"key":"ref_7","first-page":"11","article-title":"Blockchain Empowered Federated Learning for Distributed Network Security Behaviour Knowledge Base in 6G","volume":"2022","author":"Li","year":"2022","journal-title":"Secur. Commun. Netw."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"64","DOI":"10.1109\/MNET.011.2000613","article-title":"Enabling Heterogeneous Deterministic Networks with Smart Collaborative Theory","volume":"35","author":"Song","year":"2021","journal-title":"IEEE Netw."},{"key":"ref_9","unstructured":"Lukas, I., and Nicolas, F. (2019, January 27). Performance Influence of Security Function Chain Ordering. Proceedings of the Companion of the 2019 ACM\/SPEC International Conference on Performance Engineering (ICPE \u201919), New York, NY, USA."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"145807","DOI":"10.1109\/ACCESS.2019.2944982","article-title":"Optimal Construction of Service Function Chains Based on Security Level for Improving Network Security","volume":"7","author":"Dwiardhika","year":"2019","journal-title":"IEEE Access"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Hoang, H., Hien, D.T., and Duy, P. (2021, January 21\u201322). An Approach for Service Function Chain Orchestration in Combination with SDN-based Network. Proceedings of the NAFOSTED Conference on Information and Computer Science (NICS), Hanoi, Vietnam.","DOI":"10.1109\/NICS54270.2021.9701563"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Zhai, D., Meng, X., and Kang, Q. (2021, January 4\u20137). Security Service Function Chain Deployment Using a Viterbi-Based Algorithm. Proceedings of the 13th International Conference on Communication Software and Networks (ICCSN), Chongqing, China.","DOI":"10.1109\/ICCSN52437.2021.9463659"},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"543","DOI":"10.1109\/TNSM.2017.2711610","article-title":"On Dynamic Service Function Chain Deployment and Readjustment","volume":"14","author":"Liu","year":"2017","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Li, M., Zhou, H., and Qin, Y. (2022). Two-Stage Intelligent Model for Detecting Malicious DDoS Behavior. Sensors, 22.","DOI":"10.3390\/s22072532"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"She, C., Wen, W., and Zheng, K. (2016, January 15\u201316). Application Layer DDoS Detection by K-means Algorithm. Proceedings of the International Conference on Electrical and Electronics Engineering and Computer Science, Jinan, China.","DOI":"10.2991\/iceeecs-16.2016.16"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Gao, Y., Feng, Y., and Kawamoto, J. (2016, January 4\u20135). A Machine Learning Based Approach for Detecting DRDoS Attacks and Its Performance Evaluation. Proceedings of the 2016 11th Asia Joint Conference on Information Security (AsiaJCIS), Fukuoka, Japan.","DOI":"10.1109\/AsiaJCIS.2016.24"},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"17404","DOI":"10.1109\/ACCESS.2020.2967478","article-title":"Low-Rate DDoS Attack Detection Based on Factorization Machine in Software Defined Network","volume":"8","author":"Wu","year":"2020","journal-title":"IEEE Access"},{"key":"ref_18","unstructured":"Hares, S., Lopez, D., and Zarny, M. (2022, October 12). Interface to Network Security Functions (I2NSF): Problem Statement and Use Cases. IETF, RFC 8192. Available online: https:\/\/datatracker.ietf.org\/doc\/rfc8192\/."},{"key":"ref_19","unstructured":"Lopez, D., Lopez, E., and Dunbar, L. (2022, October 12). Framework for Interface to Network Security Functions. IETF, RFC 8329. Available online: https:\/\/datatracker.ietf.org\/doc\/rfc8329\/."},{"key":"ref_20","unstructured":"Lopez, R., Lopez, G., and Garcia, F. (2022, October 12). A YANG Data Model for IPsec Flow Protection Based on Software-Defined Networking (SDN). IETF, RFC 9061. Available online: https:\/\/datatracker.ietf.org\/doc\/rfc9061\/."},{"key":"ref_21","unstructured":"Yang, H., Kim, Y., and Jeong, J. (2022, October 12). I2NSF on the NFV Reference Architecture. IETF, Draft-yang-i2nsf-nfv-architecture-08. Available online: https:\/\/www.ietf.org\/id\/draft-yang-i2nsf-nfv-architecture-08.html."},{"key":"ref_22","unstructured":"Jeong, J., Lingga, P., and Soo, P. (2022, October 12). An Extension of I2NSF Framework for Security Management Automation in Cloud-Based Security Services. IETF Draft-Jeong-i2nsf-Security-Management-Automation-04. Available online: https:\/\/datatracker.ietf.org\/doc\/draft-jeong-i2nsf-security-management-automation\/."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"12931","DOI":"10.1109\/JIOT.2022.3163776","article-title":"Efficient Cache Consistency Management for Transient IoT Data in Content-Centric Networking","volume":"9","author":"Feng","year":"2022","journal-title":"IEEE Internet Things J."},{"key":"ref_24","unstructured":"Evangelos, H., Omar, C., and Susan, H. (2022, October 12). Forwarding and Control Element Separation (ForCES) OpenFlow Model Library. IETF, Draft-haleplidis-forces-openflow-lib-03. Available online: https:\/\/datatracker.ietf.org\/doc\/draft-haleplidis-forces-openflow-lib\/03\/."},{"key":"ref_25","unstructured":"Quinn, P., Elzur, U., and Pignataro, C. (2022, October 12). Network Service Header (NSH). IETF RFC 8300. Available online: https:\/\/www.rfc-editor.org\/rfc\/rfc8300."},{"key":"ref_26","first-page":"73","article-title":"Multi-type low-rate DDoS attack detection method based on hybrid deep learning","volume":"8","author":"Li","year":"2022","journal-title":"Chin. J. Netw. Inf. Secur."},{"key":"ref_27","first-page":"1","article-title":"An online detection method of botnet based on ensemble learning","volume":"39","author":"Shen","year":"2022","journal-title":"Appl. Res. Comput."},{"key":"ref_28","unstructured":"Li, Y., and Li, M. (2022). Multi-Type Application Layer DDoS Attack Detection Method Based on Ensemble Learning. [Ph.D. Thesis, Tianjin University of Technology]."},{"key":"ref_29","first-page":"1","article-title":"Multi-class DRDoS Attack Detection Method Based on Feature Selection","volume":"7","author":"Yang","year":"2021","journal-title":"Res. Briefs Inf. Commun. Technol. Evol. ReBICTE"},{"key":"ref_30","unstructured":"Jeong, J., and Chung, C. (2022, October 12). I2NSF Consumer-Facing Interface YANG Data Model. IETF Draft-ietf-i2nsf-Consumer-Facing-Interface-dm-22. Available online: https:\/\/datatracker.ietf.org\/doc\/draft-ietf-i2nsf-consumer-facing-interface-dm\/."},{"key":"ref_31","unstructured":"Jeong, J., and Chung, C. (2022, October 12). I2NSF Network Security Function-Facing Interface YANG Data Model. IETF Draft-ietf-i2nsf-nsf-Facing-Interface-dm-29. Available online: https:\/\/datatracker.ietf.org\/doc\/draft-ietf-i2nsf-nsf-facing-interface-dm\/29\/."},{"key":"ref_32","unstructured":"(2022, October 12). OpenDaylight Platform Overview. Available online: https:\/\/www.opendaylight.org\/about\/platform-overview."},{"key":"ref_33","unstructured":"Wang, Z. (2021). Design and Implementation of Mass Connection Management Architecture Based on Blockchain. [Master\u2019s Thesis, Beijing Jiaotong University]."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/22\/22\/9021\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T01:22:59Z","timestamp":1760145779000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/22\/22\/9021"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,11,21]]},"references-count":33,"journal-issue":{"issue":"22","published-online":{"date-parts":[[2022,11]]}},"alternative-id":["s22229021"],"URL":"https:\/\/doi.org\/10.3390\/s22229021","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,11,21]]}}}