Research On Key Technologies Of Anomaly Detection For Software Defined Network

Software-defined networking(SDN)is a new network architecture.SDN separates control layer from data layer and opens network interfaces to realize centralized network control and improve the scalability and the programmability of networks.But SDN is also facing a lot of network security threats,such as DDo S,data scanning,data theft,etc.Technologies of SDN abnormal traffic detection can protect network security and defend against various network attacks,which have become current research hotspots.However,as the scale of SDN networks continues to expand,network attacking methods become diversified and complicated,which brings huge challenges to SDN abnormal traffic detection.In order to improve the performance of SDN networks,implement scalable SDN traffic detection,and prevent SDN privacy information leakage,this dissertation focuses on the improvement of SDN abnormal traffic detection algorithm,optimization of SDN detection framework,traffic detection of SDN distributed cross-domain networks,and SDN cloud edge collaborative multi-layer detection.The main innovative achievements are as follows:(1)Aiming at the problem that the detection accuracy of abnormal traffic in SDN local area network needs to be further improved,an efficient detection method based on K-FKNN in Software Defined Networks is proposed.The K-means++ clustering algorithm is used to preprocess various training data to form multiple clusters.And cluster radius method is used to find the nearest clusters of the detection flow.The nearest neighbor clusters are used to distinguish and detect traffic attributes.If the attributes between the nearest neighbors are inconsistent,then the subsets formed by the nearest neighbors are used for identification,improving the accuracy of traffic detection.What’s more,the corresponding SDN detection system module is designed,and the K-nearest neighbor algorithm flow is improved for reducing the algorithm complexity.(2)In view of the high detection delay in the process of identifying abnormal traffic in the SDN network,a multi-level SDN abnormal traffic detection method based on EMSOM-KD is proposed.First,the existing SDN abnormal traffic detection framework is optimized to decouple the model training from real-time traffic detection,and the load of the controller is reduced.Then,a multi-level detection model combining entropy measuring self-organizing mapping network and KD tree is constructed.The appropriate self-organizing mapping network is selected through the information entropy measurement model,and SOM neurons are classified.During the process of real-time traffic detection,the entropy measuring SOM network is used to quickly and accurately identify most of the SDN traffic.For unidentified suspicious traffic,the KD tree algorithm is used to perform fine-grained classification.This method can carry out high-efficiency inspections and guarantee detection accuracy.(3)SDN distributed networks form data islands due to privacy and security concerns,and because of the unbalanced data they cannot improve the performance of local traffic detection.Aiming at that problem,a SDN cross-domain collaborative traffic detection method based on lightweight federated learning is proposed.During the federated learning process,the global controller deploys the initial CNN model to each subnet,then each subnet controller trains and compresses the model locally.The global controller aggregates and assign model parameters,and each subnet controller receives the aggregated parameters and updates the local model.When the global model reaches the convergence condition,each subnet controller uses the latest model to detect network traffic.In this way,each subnet can enjoy the benefits of the data from various places without uploading private flow data.This method protects the private data of each subnet and improves the performance of traffic detection.What’s more,the CNN model compression can relieve network communication pressure and raise the CNN detection efficiency.(4)As the scale of SDN networks expands and network attacks are complex and diverse,SDN local data intelligence and computing resources cannot meet the needs of accurate identification and reliable defense of various attacks,a SDN cross-domain anomaly detection and security protection scheme based on cloud-side collaboration and attribute signcryption is proposed,and the SDN cloudside collaborative detection and security architecture is constructed.According to the architecture,the attribute signcryption is proposed for the secure and reliable data sharing between edge local controllers and the root controller in the cloud.A SDN cloud-side collaborative multi-layer detection method is designed.Firstly,the difference degree between normal flow data and attack flow data is used to select effective features.Then,the joint model of Naive Bayes and back propagation neural network deployed in the edge controllers is used to effectively distinguish normal traffic and malicious traffic in the local network.And the ensemble deep learning model in the root controller detects the attack types of malicious traffic.Finally,the edge controllers can take different mitigation measures according to the attack type information to maintain the security and stability of the network.