A ddos ​​attack detection method combining svm and optimized lstm model under sdn network architecture

Abstract

A DDoS attack detection method combined with SVM and optimized LSTM model under the SDN network architecture, relates to the field of information and communication technology, and specifically relates to a DDoS attack detection method combined with SVM and optimized LSTM model under the SDN network architecture, the present invention proposes a method The DDoS attack detection method combined with SVM and optimized LSTM model under the SDN network architecture can not only make classification judgments on time series, but also achieve detection and judgment based on traffic characteristics over a period of time, so as to reduce the detection and judgment of individual abnormal traffic due to a single machine learning classifier. The resulting false alarm problem can also reduce the misjudgment rate of traffic in the initial stage of the network due to the sensitivity of the LSTM model to data, reduce the time-consuming detection, and reduce the system burden.

Description

technical field [0001] The invention relates to the technical field of information and communication, in particular to a DDoS attack detection method combining SVM and optimized LSTM model under an SDN network architecture. Background technique [0002] In the SDN network architecture, the control plane and the forwarding plane are separated, and the security of the controller is the key to the security of the entire SDN network, and DDoS attack is one of the main threats to the security of the controller. In a DDoS attack, an attacker invades the SDN Then input a large amount of fake and invalid network traffic into the network, so that the controller resources are eventually exhausted, and then the legitimate data packets cannot be forwarded. Therefore, how to quickly and accurately detect DDoS attacks has become a research hotspot in the field of SDN security. At present, the detection methods for DDoS attacks in SDN networks mainly use statistical analysis methods and ma...

AI Technical Summary

Problems solved by technology

[0002] In the SDN network architecture, the control plane and the forwarding plane are separated, and the security of the controller is the key to the security of the entire SDN network, and DDoS attack is one of the main threats to the security of the controller. In a DDoS attack, the attacker invades the SDN Then input a large amount of forged invalid network traffic into the network, so that the controller resources are finally exhausted, and then the legal data packets cannot be forwarded. Therefore, how to quickly and accurately detect DDoS attacks has become a research hotspot in the field of SDN security. At present, the detection methods for DDoS attacks in SDN networks mainly use statistical analysis methods and machine learning methods, that is, based on anomaly detection technology deployed in the SDN controller to detect DDoS attacks, the existing DDoS attack detection methods, such as based on There are some limitations in entropy detection methods. Entropy-based detection schemes usually detect unexpected changes in traffic characteristic entropy, but relevant information in the statistical distribution of flows may be lost, thereby covering up abnormal effects. Traditional machine learning is applied to The limitation of DDoS attack detection is that it cannot use the historical characteristics of traffic, but distinguishes normal traffic from attack traffic by extracting traffic features. At present, these detection and learning methods based on machine learning mainly focus on improving the classification and detection accuracy of a single sample, but do not However, in DDoS attack detection, traffic samples are more in line with the characteristics of time series samples, and it is more suitable to use a deep learning method that can classify and predict time series. Therefore, the present invention proposes a method based on the SDN network architecture The DDoS attack detection method combined with SVM and optimized LSTM model can not only make classification judgments on time series, but also achieve detection and judgment based on traffic characteristics over a period of time, so as to reduce false alarms caused by a single machine learning classifier for individual abnormal traffic , can also reduce the misjudgment rate of traffic in the initial stage of the network due to the sensitivity of the LSTM model to data, and reduce the time-consuming detection and system burden. In addition, the present invention also uses an improved genetic algorithm to optimize LSTM deep learning The parameters of the model are used to better evaluate the time series forecasting problem. Finally, an experimental simulation platform is built to verify the feasibility of the detection method in the SDN network environment.

Images