SDN DDoS detection method and system based on neural network

Abstract

The invention relates to the technical field of network security, in particular to an SDN (Software Defined Network) DDoS (Distributed Denial of Service) detection method and detection system based ona neural network, and the system comprises an information extraction module, an abnormality early warning module, a flow table information collection module, an information processing module and a detection module, the information extraction module is used for extracting source IP address and destination IP address information in the packet _ in; the abnormity early warning module is used for obtaining a threshold value of an abnormity alarm by utilizing a naive Bayes probability model according to a three-way decision principle, and sending out an abnormity early warning if the probability of the type of the data packet is calculated to be lower than the threshold value; the flow table information collection module is used for collecting flow table data; the information processing moduleis used for carrying out standardized, normalized and dimensionality-reduced data operation on the collected OpenFlow flow table data. According to the invention, the abnormal information in the network can be quickly judged and early warned in the software-defined network, and the network cannot be overloaded.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a neural network-based DDoS detection method and system in an SDN network. Background technique [0002] In the era of cloud computing and big data, massive data storage and processing require high-performance servers to support, and cloud computing is actually an application after virtualizing resource pools, based on virtualization technology. Both cloud computing and virtualization require centralized control, and the three most important concepts of SDN are: programmable (open API interface), separation of control plane and data plane, and centralized control model. The SDN-based network architecture can more easily realize network virtualization, thereby providing support for services related to big data. However, Distributed Denial of Service (DDoS) has always been a key research object in the field of network security. It seriously threatens the development of ne...

AI Technical Summary

Problems solved by technology

However, there are still deficiencies in some aspects

For example, the first method of using SVM to detect DDoS only uses a small number of data samples for training. It cannot detect new types of attacks combined in multiple ways, and the detection accuracy needs to be improved. More importantly, in actual scenarios, DDoS The amount of data is often 20G or even higher, so the actual effect of this method is not good

The second is to implement DDoS detection at the entrance of network traffic by modifying the OpenFlow switch. This method can indeed deal with DDoS traffic in the most timely manner, but this will greatly increase the cost and violate the decoupling and principle of separating the control and forwarding planes.

[0004] Most DDoS detections are based on the principle of intrusion detection, using machine learning algorithms for direct detection. If DDoS attacks do not occur and such complex and load-increasing DDoS detections are performed, network utilization will be greatly reduced.

Images