Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

DDoS attack detection method combining SVM and optimized LSTM model under SDN network architecture

A technology for network architecture and attack detection, applied in the field of information and communication, can solve problems such as loss of relevant information, no time sequence processing, and inability to forward data packets

Active Publication Date: 2020-10-09
HARBIN INST OF TECH
View PDF14 Cites 14 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] In the SDN network architecture, the control plane and the forwarding plane are separated, and the security of the controller is the key to the security of the entire SDN network, and DDoS attack is one of the main threats to the security of the controller. In a DDoS attack, the attacker invades the SDN Then input a large amount of forged invalid network traffic into the network, so that the controller resources are finally exhausted, and then the legal data packets cannot be forwarded. Therefore, how to quickly and accurately detect DDoS attacks has become a research hotspot in the field of SDN security. At present, the detection methods for DDoS attacks in SDN networks mainly use statistical analysis methods and machine learning methods, that is, based on anomaly detection technology deployed in the SDN controller to detect DDoS attacks, the existing DDoS attack detection methods, such as based on There are some limitations in entropy detection methods. Entropy-based detection schemes usually detect unexpected changes in traffic characteristic entropy, but relevant information in the statistical distribution of flows may be lost, thereby covering up abnormal effects. Traditional machine learning is applied to The limitation of DDoS attack detection is that it cannot use the historical characteristics of traffic, but distinguishes normal traffic from attack traffic by extracting traffic features. At present, these detection and learning methods based on machine learning mainly focus on improving the classification and detection accuracy of a single sample, but do not However, in DDoS attack detection, traffic samples are more in line with the characteristics of time series samples, and it is more suitable to use a deep learning method that can classify and predict time series. Therefore, the present invention proposes a method based on the SDN network architecture The DDoS attack detection method combined with SVM and optimized LSTM model can not only make classification judgments on time series, but also achieve detection and judgment based on traffic characteristics over a period of time, so as to reduce false alarms caused by a single machine learning classifier for individual abnormal traffic , can also reduce the misjudgment rate of traffic in the initial stage of the network due to the sensitivity of the LSTM model to data, and reduce the time-consuming detection and system burden. In addition, the present invention also uses an improved genetic algorithm to optimize LSTM deep learning The parameters of the model are used to better evaluate the time series forecasting problem. Finally, an experimental simulation platform is built to verify the feasibility of the detection method in the SDN network environment.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DDoS attack detection method combining SVM and optimized LSTM model under SDN network architecture
  • DDoS attack detection method combining SVM and optimized LSTM model under SDN network architecture
  • DDoS attack detection method combining SVM and optimized LSTM model under SDN network architecture

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0022] Step 1: According to the existing LSTM model, use an improved genetic algorithm to optimize the LSTM model to obtain an optimized LSTM model;

[0023] Step 2: Build a virtual SDN network topology structure;

[0024] Step 3: Perform data collection on the virtual SDN network topology structure built in Step 2, to obtain an SDN network data set;

[0025] Step 4: Use step 3 to obtain the SDN network data set, and after standard deviation normalization and time series processing, train the optimized LSTM model obtained in step 1;

[0026] Step 5. Use the SDN network data set obtained in step 3 to train the support vector machine SVM;

[0027] Step 6. After using the SDN controller to collect the flow table information in the virtual SDN network, extract the feature vector according to the feature extraction method, and cache the real-time extracted data into a file for storage;

[0028] Step 7. The flow table feature vector extracted in step 6 is sent to the SVM model for detection. T...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a DDoS attack detection method combining an SVM and an optimized LSTM model under SDN network architecture. The invention relates to the technical field of information and communication, in particular to a DDoS attack detection method combining an SVM and an optimized LSTM model under SDN network architecture. The invention provides a DDoS attack detection method combiningan SVM and an optimized LSTM model under SDN network architecture. A time sequence can be classified and determined; detection and judgment are carried out through the traffic characteristics in a period of time, so that a false alarm problem caused by a single machine learning classifier to individual abnormal traffic is reduced, the misjudgment rate of the traffic in the initial stage of the network due to the sensitivity of the LSTM model to data can be reduced, the detection time consumption is reduced, and the system burden is reduced.

Description

Technical field [0001] The invention relates to the field of information and communication technology, and in particular to a DDoS attack detection method combining SVM and optimized LSTM model under an SDN network architecture. Background technique [0002] In the SDN network architecture, the control plane is separated from the forwarding plane, and the security of the controller is the key to the security of the entire SDN network. DDoS attacks are one of the main threats to the security of the controller. In DDoS attacks, the attacker invades the SDN Then input a large amount of forged invalid network traffic into the network, which makes the controller resources eventually exhausted, and then unable to forward legitimate data packets, so how to quickly and accurately detect DDoS attacks has become a research hotspot in the SDN security field. Currently, the detection methods for DDoS attacks in SDN networks mainly use statistical analysis methods and machine learning methods...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/24G06N3/08G06N3/06G06N3/04G06K9/62
CPCH04L63/1416H04L63/1458H04L41/145H04L41/142G06N3/061G06N3/08G06N3/049H04L63/1425H04L41/12G06N3/045G06N3/044G06F18/2411
Inventor 贾敏束越婕陶滢高梓贺解索非周镒李文屏苏曼刘晓锋郭庆顾学迈
Owner HARBIN INST OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com