DDoS attack detection method combining SVM and optimized LSTM model under SDN network architecture

Abstract

The invention discloses a DDoS attack detection method combining an SVM and an optimized LSTM model under SDN network architecture. The invention relates to the technical field of information and communication, in particular to a DDoS attack detection method combining an SVM and an optimized LSTM model under SDN network architecture. The invention provides a DDoS attack detection method combiningan SVM and an optimized LSTM model under SDN network architecture. A time sequence can be classified and determined; detection and judgment are carried out through the traffic characteristics in a period of time, so that a false alarm problem caused by a single machine learning classifier to individual abnormal traffic is reduced, the misjudgment rate of the traffic in the initial stage of the network due to the sensitivity of the LSTM model to data can be reduced, the detection time consumption is reduced, and the system burden is reduced.

Description

Technical field [0001] The invention relates to the field of information and communication technology, and in particular to a DDoS attack detection method combining SVM and optimized LSTM model under an SDN network architecture. Background technique [0002] In the SDN network architecture, the control plane is separated from the forwarding plane, and the security of the controller is the key to the security of the entire SDN network. DDoS attacks are one of the main threats to the security of the controller. In DDoS attacks, the attacker invades the SDN Then input a large amount of forged invalid network traffic into the network, which makes the controller resources eventually exhausted, and then unable to forward legitimate data packets, so how to quickly and accurately detect DDoS attacks has become a research hotspot in the SDN security field. Currently, the detection methods for DDoS attacks in SDN networks mainly use statistical analysis methods and machine learning methods...

AI Technical Summary

Problems solved by technology

[0002] In the SDN network architecture, the control plane and the forwarding plane are separated, and the security of the controller is the key to the security of the entire SDN network, and DDoS attack is one of the main threats to the security of the controller. In a DDoS attack, the attacker invades the SDN Then input a large amount of forged invalid network traffic into the network, so that the controller resources are finally exhausted, and then the legal data packets cannot be forwarded. Therefore, how to quickly and accurately detect DDoS attacks has become a research hotspot in the field of SDN security. At present, the detection methods for DDoS attacks in SDN networks mainly use statistical analysis methods and machine learning methods, that is, based on anomaly detection technology deployed in the SDN controller to detect DDoS attacks, the existing DDoS attack detection methods, such as based on There are some limitations in entropy detection methods. Entropy-based detection schemes usually detect unexpected changes in traffic characteristic entropy, but relevant information in the statistical distribution of flows may be lost, thereby covering up abnormal effects. Traditional machine learning is applied to The limitation of DDoS attack detection is that it cannot use the historical characteristics of traffic, but distinguishes normal traffic from attack traffic by extracting traffic features. At present, these detection and learning methods based on machine learning mainly focus on improving the classification and detection accuracy of a single sample, but do not However, in DDoS attack detection, traffic samples are more in line with the characteristics of time series samples, and it is more suitable to use a deep learning method that can classify and predict time series. Therefore, the present invention proposes a method based on the SDN network architecture The DDoS attack detection method combined with SVM and optimized LSTM model can not only make classification judgments on time series, but also achieve detection and judgment based on traffic characteristics over a period of time, so as to reduce false alarms caused by a single machine learning classifier for individual abnormal traffic , can also reduce the misjudgment rate of traffic in the initial stage of the network due to the sensitivity of the LSTM model to data, and reduce the time-consuming detection and system burden. In addition, the present invention also uses an improved genetic algorithm to optimize LSTM deep learning The parameters of the model are used to better evaluate the time series forecasting problem. Finally, an experimental simulation platform is built to verify the feasibility of the detection method in the SDN network environment.

Images