Ddos detection method and system based on neural network in sdn network

Abstract

The present invention relates to the technical field of network security, in particular to a neural network-based SDN DDoS detection method and a detection system. The system of the present invention includes an information extraction module, an abnormal early warning module, a flow table information collection module, an information processing module and a detection module; The information extraction module is used to extract the source IP address and destination IP address information in the packet_in package; the abnormal warning module is used for the three-way decision-making principle, using the probability model of naive Bayesian to obtain the threshold of abnormal alarm, and calculate the type of data packet. If the probability is lower than the threshold, an abnormal warning is issued; the flow table information collection module is used to collect flow table data; the information processing module is used to standardize, normalize, and reduce the data operation of the collected OpenFlow flow table data; In the software-defined network, abnormal information in the network can be quickly judged and an early warning can be issued without causing too much load on the network.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a neural network-based DDoS detection method and system in an SDN network. Background technique [0002] In the era of cloud computing and big data, massive data storage and processing require high-performance servers to support, and cloud computing is actually an application after virtualizing resource pools, based on virtualization technology. Both cloud computing and virtualization require centralized control, and the three most important concepts of SDN are: programmable (open API interface), separation of control plane and data plane, and centralized control model. The SDN-based network architecture can more easily realize network virtualization, thereby providing support for services related to big data. However, Distributed Denial of Service (DDoS) has always been a key research object in the field of network security. It seriously threatens the development of ne...

AI Technical Summary

Problems solved by technology

However, there are still deficiencies in some aspects

For example, the first method of using SVM to detect DDoS only uses a small number of data samples for training. It cannot detect new types of attacks combined in multiple ways, and the detection accuracy needs to be improved. More importantly, in actual scenarios, DDoS The amount of data is often 20G or even higher, so the actual effect of this method is not good

The second is to implement DDoS detection at the entrance of network traffic by modifying the OpenFlow switch. This method can indeed deal with DDoS traffic in the most timely manner, but this will greatly increase the cost and violate the decoupling and principle of separating the control and forwarding planes.

[0004] Most DDoS detections are based on the principle of intrusion detection, using machine learning algorithms for direct detection. If DDoS attacks do not occur and such complex and load-increasing DDoS detections are performed, network utilization will be greatly reduced.

Images