基于深度学习的SDN异常流量分布式检测方法

王坤; 付钰; 段雪源; 俞艺涵; 刘涛涛

doi:10.11959/j.issn.1000-436x.2024199

您当前的位置：

首页 >

文章列表页 >

基于深度学习的SDN异常流量分布式检测方法

学术论文 | 更新时间：2024-12-24

- 基于深度学习的SDN异常流量分布式检测方法
- Distributed abnormal traffic detection method for SDN based on deep learning
- 通信学报 2024年45卷第11期页码：114-130
- 作者机构：
  
  1.海军工程大学信息安全系，湖北武汉 430033
  2.信阳职业技术学院信息与通信工程学院，河南信阳 464000
  3.信阳师范大学计算机与信息技术学院，河南信阳464000
  4.河南省教育大数据分析与应用重点实验室，河南信阳 464000
  5.海军工程大学作战运筹与规划系，湖北武汉 430033
- 作者简介：
  
  [ "王坤（1981- ），女，河南信阳人，海军工程大学博士生，信阳职业技术学院副教授，主要研究方向为网络安全、人工智能、信息对抗。" ]
  [ "付钰（1982- ），女，湖北武汉人，博士，海军工程大学教授、博士生导师，主要研究方向为信息安全、人工智能。" ]
  [ "段雪源（1981- ），男，河南开封人，博士，信阳师范大学讲师，主要研究方向为人工智能、信息处理、网络安全。" ]
  [ "俞艺涵（1992- ），男，浙江金华人，博士，海军工程大学讲师，主要研究方向为网络安全、运筹分析。" ]
  [ "刘涛涛（1996- ），男，江西吉水人，海军工程大学博士生，主要研究方向为网络安全、网络信息对抗。" ]
- 基金信息：
  
  国家自然科学基金资助项目(62102422);河南省科技攻关基金资助项目(242102211070)
- DOI：10.11959/j.issn.1000-436x.2024199
  中图分类号： TN915.08
- 收稿日期：2024-09-03，
  
  修回日期：2024-11-05，
  
  纸质出版日期：2024-11-25
- 稿件说明：
移动端阅览
王坤,付钰,段雪源等.基于深度学习的SDN异常流量分布式检测方法[J].通信学报,2024,45(11):114-130.

WANG Kun,FU Yu,DUAN Xueyuan,et al.Distributed abnormal traffic detection method for SDN based on deep learning[J].Journal on Communications,2024,45(11):114-130.
王坤,付钰,段雪源等.基于深度学习的SDN异常流量分布式检测方法[J].通信学报,2024,45(11):114-130. DOI： 10.11959/j.issn.1000-436x.2024199.

WANG Kun,FU Yu,DUAN Xueyuan,et al.Distributed abnormal traffic detection method for SDN based on deep learning[J].Journal on Communications,2024,45(11):114-130. DOI： 10.11959/j.issn.1000-436x.2024199.

摘要

针对传统异常流量检测方法在执行大规模软件定义网络（SDN）的检测任务时，存在运算开销大、共享链路繁忙，容易引起网络设备单点故障，导致软件定义网络服务质量下降甚至网络瘫痪等问题，提出一种基于深度学习的SDN异常流量分布式检测方法。该方法将部署在云端服务器的判别器与若干部署在SDN控制器的生成器构造为“一对多”的分布式生成对抗网络（D-VAE-WGAN），利用正常流量样本完成对D-VAE-WGAN的协同训练，在控制器上生成具有独立检测功能的异常流量检测代理，以实现大规模SDN环境下各控制器子网中异常流量的分布式检测。实验结果表明，该方法可以快速、准确地检测出大规模SDN中的异常样本，在准确率、召回率等检测指标上优于传统方法；并且具备对未知异常的检测能力。

Abstract

Addressing the high computational expenses

congested shared links

and propensity for single-point failures in network devices that can lead to a degradation of software defined network (SDN) service quality or even network paralysis during the execution of large-scale SDN detection tasks by traditional abnormal traffic detection methods

a distributed abnormal traffic detection method for SDN based on deep learning was proposed. This method constructed a “one-to-many” distributed generative adversarial network (D-VAE-WGAN) with a discriminator deployed on a cloud server and multiple generators deployed on SDN controllers. Utilizing normal traffic samples

collaborative training of the D-VAE-WGAN was completed

resulting in independent abnormal traffic detection proxies on controllers

enabling distributed detection of abnormal traffic within each controller's subnet in a large-scale SDN environment. Experimental results indicate that this method can rapidly and accurately detect abnormal samples in large-scale SDN

outperforming traditional methods in detection metrics such as accuracy and recall rate

and can detect unknown anomalies.

关键词

Keywords

references

ALHIJAWI B , ALMAJALI S , ELGALA H , et al . A survey on DoS/DDoS mitigation techniques in SDNs: classification, comparison, solutions, testing tools and datasets [J ] . Computers and Electrical Engineering , 2022 , 99 : 107706 .

CHAHAL J K , BHANDARI A , BEHAL S . DDoS attacks & defense mechanisms in SDN-enabled cloud: taxonomy, review and research challenges [J ] . Computer Science Review , 2024 , 53 : 100644 .

VERGARA J , GARZÓN C , BOTERO J F . A hybrid strategy for DoS attacks detection and Mitigation on SDN enabled real scenarioss [C ] // Proceedings of the International Congress on Information and Communication Technology . Berlin : Springer , 2023 : 705 - 714 .

BHAYO J , SHAH S A , HAMEED S , et al . Towards a machine learning-based framework for DDOS attack detection in software-defined IoT (SD-IoT) networks [J ] . Engineering Applications of Artificial Intelligence , 2023 , 123 : 106432 .

段雪源 , 付钰 , 王坤 , 等 . 基于简单统计特征的LDoS攻击检测方法 [J ] . 通信学报 , 2022 , 43 ( 11 ): 53 - 64 .

DUAN X Y , FU Y , WANG K , et al . LDoS attack detection method based on simple statistical features [J ] . Journal on Communications , 2022 , 43 ( 11 ): 53 - 64 .

JAFARIAN T , MASDARI M , GHAFFARI A , et al . A survey and classification of the security anomaly detection mechanisms in software defined networks [J ] . Cluster Computing , 2021 , 24 ( 2 ): 1235 - 1253 .

贾锟 , 王君楠 , 刘峰 . SDN环境下的DDoS检测与缓解机制 [J ] . 信息安全学报 , 2021 , 6 ( 1 ): 17 - 31 .

JIA K , WANG J N , LIU F . DDoS detection and mitigation framework in SDN [J ] . Journal of Cyber Security , 2021 , 6 ( 1 ): 17 - 31 .

VAN N D , HUY L D , TRUONG C Q , et al . Applying dynamic threshold in SDN to detect DDoS attacks [C ] // Proceedings of the 2022 International Conference on Advanced Technologies for Communications (ATC) . Piscataway : IEEE Press , 2022 : 344 - 349 .

JASIM M N , GAATA M T . K-Means clustering-based semi-supervised for DDoS attacks classification [J ] . Bulletin of Electrical Engineering and Informatics , 2022 , 11 ( 6 ): 3570 - 3576 .

CHENG Q M , WU C M , ZHOU H F , et al . Machine learning based malicious payload identification in software-defined networking [J ] . Journal of Network and Computer Applications , 2021 , 192 : 103186 .

KUMAR R , AGRAWAL N . Software defined networks (SDNs) for environmental surveillance: a survey [J ] . Multimedia Tools and Applications , 2024 , 83 ( 4 ): 11323 - 11365 .

KINGMA D P , WELLING M . Auto-encoding variational bayes [J ] . arXiv Preprint , arXiv: 1312 . 6114 v 11 , 2013 .

GOODFELLOW I J , POUGET-ABADIE J , MIRZA M , et al . Generative adversarial network [J ] . arXiv Preprint , arXiv: 1406 . 2661 v 1 , 2014 .

BAVANI K , RAMKUMAR M P , SELVAN G S R E . Statistical approach based detection of distributed denial of service attack in a software defined network [C ] // Proceedings of the 2020 6th International Conference on Advanced Computing and Communication Systems (ICACCS) . Piscataway : IEEE Press , 2020 : 380 - 385 .

周启钊 , 于俊清 , 李冬 . SDN控制层泛洪防御机制研究: 检测与缓解 [J ] . 通信学报 , 2021 , 42 ( 11 ): 41 - 53 .

ZHOU Q Z , YU J Q , LI D . Research on flood defense mechanism of SDN control layer: detection and mitigation [J ] . Journal on Communications , 2021 , 42 ( 11 ): 41 - 53 .

ZOLOTUKHIN M , KUMAR S , HÄMÄLÄINEN T . Reinforcement learning for attack mitigation in SDN-enabled networks [C ] // Proceedings of the 2020 6th IEEE Conference on Network Softwarization (NetSoft) . Piscataway : IEEE Press , 2020 : 282 - 286 .

TAYFOUR O E , MARSONO M N . Collaborative detection and mitigation of DDoS in software-defined networks [J ] . The Journal of Supercomputing , 2021 , 77 ( 11 ): 13166 - 13190 .

SATHEESH N , RATHNAMMA M V , RAJESHKUMAR G , et al . Flow-based anomaly intrusion detection using machine learning model with software defined networking for OpenFlow network [J ] . Microprocessors and Microsystems , 2020 , 79 : 103285 .

SEBBAR A , ZKIK K , BADDI Y , et al . MitM detection and defense mechanism CBNA-RF based on machine learning for large-scale SDN context [J ] . Journal of Ambient Intelligence and Humanized Computing , 2020 , 11 ( 12 ): 5875 - 5894 .

WANG K , FU Y , DUAN X Y , et al . Detection and mitigation of DDoS attacks based on multi-dimensional characteristics in SDN [J ] . Scientific Reports , 2024 , 14 ( 1 ): 16421 .

SRI V G , NAGARAJAN R . A novel bidirectional LSTM model for network intrusion detection in SDN-IoT network [J ] . Computing , 2024 , 106 ( 8 ): 2613 - 2642 .

YASER A L , MOUSA H M , HUSSEIN M . Improved DDoS detection utilizing deep neural networks and feedforward neural networks as autoencoder [J ] . Future Internet , 2022 , 14 ( 8 ): 240 .

NOVAES M P , CARVALHO L F , LLORET J , et al . Adversarial deep learning approach detection and defense against DDoS attacks in SDN environments [J ] . Future Generation Computer Systems , 2021 , 125 : 156 - 167 .

WANG P , WANG Z X , YE F , et al . ByteSGAN: a semi-supervised generative adversarial network for encrypted traffic classification in SDN Edge Gateway [J ] . Computer Networks , 2021 , 200 : 108535 .

SAMAAN S S , JEIAD H A . Feature-based real-time distributed denial of service detection in SDN using machine learning and Spark [J ] . Bulletin of Electrical Engineering and Informatics , 2023 , 12 ( 4 ): 2302 - 2312 .

PATIL N V , KRISHNA C R , KUMAR K , et al . E-Had: a distributed and collaborative detection framework for early detection of DDoS attacks [J ] . Journal of King Saud University - Computer and Information Sciences , 2022 , 34 ( 4 ): 1373 - 1387 .

SHUKLA P , KRISHNA C R , PATIL N V . SDDA-IoT: storm-based distributed detection approach for IoT network traffic-based DDoS attacks [J ] . Cluster Computing , 2024 , 27 ( 5 ): 6397 - 6424 .

KAUR A , KRISHNA C R , PATIL N V . K-DDoS-SDN: a distributed DDoS attacks detection approach for protecting SDN environment [J ] . Concurrency and computation: practice and experience , 2024 , 36 ( 3 ): 1 - 19 .

EZEH D A , DE OLIVEIRA J . An SDN controller-based framework for anomaly detection using a GAN ensemble algorithm [J ] . Infocommunications Journal , 2023 , 15 ( 2 ): 29 - 36 .

PARRA G D L T , RAD P , CHOO K K R , et al . Detecting Internet of things attacks using distributed deep learning [J ] . Journal of Network and Computer Applications , 2020 , 163 : 102662 .

FENG H F , ZHANG W T , LIU Y , et al . Multi-domain collaborative two-level DDoS detection via hybrid deep learning [J ] . Computer Networks , 2024 , 242 : 110251 .

肖警续 , 郭渊博 , 常朝稳 , 等 . 基于SDN的物联网边缘节点间数据流零信任管理 [J ] . 通信学报 , 2024 , 45 ( 7 ): 101 - 116 .

XIAO J X , GUO Y B , CHANG C W , et al . Zero trust management of data flow between IoT edge nodes based on SDN [J ] . Journal on Communications , 2024 , 45 ( 7 ): 101 - 116 .

陈何雄 , 罗宇薇 , 韦云凯 , 等 . 基于联邦学习的SDN异常流量协同检测技术 [J ] . 计算机工程 , 2023 , 49 ( 3 ): 168 - 176 .

CHEN H X , LUO Y W , WEI Y K , et al . Collaborative detection technology of SDN abnormal traffic based on federated learning [J ] . Computer Engineering , 2023 , 49 ( 3 ): 168 - 176 .

SHU J G , ZHOU L , ZHANG W Z , et al . Collaborative intrusion detection for VANETs: a deep learning-based distributed SDN approach [J ] . IEEE Transactions on Intelligent Transportation Systems , 2021 , 22 ( 7 ): 4519 - 4530 .

段雪源 , 付钰 , 王坤 . 基于VAE-WGAN的多维时间序列异常检测方法 [J ] . 通信学报 , 2022 , 43 ( 3 ): 1 - 13 .

DUAN X Y , FU Y , WANG K . Multi-dimensional time series anomaly detection method based on VAE-WGAN [J ] . Journal on Communications , 2022 , 43 ( 3 ): 1 - 13 .

ELSAYED M S , LE-KHAC N A , JURCUT A D . InSDN: a novel SDN intrusion dataset [J ] . IEEE Access , 2020 , 8 : 165263 - 165284 .

KRISHNAN P , DUTTAGUPTA S , ACHUTHAN K . VARMAN: Multi-plane security framework for software defined networks [J ] . Computer Communications , 2019 , 148 : 215 - 239 .

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

面向软件定义网络的异常流量检测研究综述

SDN下基于深度学习混合模型的DDoS攻击检测与防御

超大规模太赫兹系统深度学习信道估计算法

基于机器学习的加密流量分类研究综述

基于事件存储引擎的可观测系统的设计与实现