The Design And Implementation Of Network Traffic Anomaly Detection Model Based On SDN

With the rapid development of big data, cloud computing and other technologies, the data of network on unified management, high security, and maintenances convenience become more and more stringent. In the process of using the network, to ensure the normal network traffic is the foundation of a healthy and orderly of the network operation, and it is an important factor for sustainable development the network, the network traffic anomaly detection and analysis of network is an important research content on network security management. Timely and effectively to find and identify the presence of abnormal traffic, is very important. Detecting anomaly network traffic has sum characteristic, such as global, holistic, dynamic, coherence, etc. The purpose of network traffic anomaly detection is timely discover the existence traffic anomalies of the network, excluded the risk to ensure the network traffic running security, this research has a great significance.SDN(Software Defined Networking), which has some features as data plane and control plane is separate, and network can be programmable. SDN is concluded as the next generation of Internet. OpenFlow protocol mechanism is the core of SDN, it is an open standard protocol, and its core mechanism includes two aspects are flow table mechanism and message passing mechanism. However, this mechanism is easy to generate new DOS attack, how to detect DOS attack is the key issue based on SDN virtual network. We study two problems in this paper; the first is we have designed a model on network traffic anomaly detection mode based on self-similar phenomena and OpenFlow protocol mechanisms. The second is we design and implement the model of anomaly traffic detection in SDN virtual network system platform. we create a virtual network-based of SDN by Mininet in the same physical host, all nodes in the network are similar to the real host, and the interaction between the nodes generate traffic is completely inside the physical host.Since all of the network traffic generated by one physical hosts without passing a physical NIC, so the traditional network security devices cannot detect anomalies in SDN virtual network. In this paper, we use the Hurst R/S analysis to determine abnormal in SDN virtual network. For network traffic anomaly detection model is designed in this paper the main of ours is as follows:(1) Based on the causes and classification of network traffic anomaly, we combine the advantages of SDN network architecture and the principle of self-similarity, and propose a network traffic anomaly detection model based on SDN.(2) This paper presents a network traffic anomaly detection model based on SDN, the model is divided into two parts, the first part is wireless sensor networks emulate to LAN module, and the second part is Mininet implement network traffic anomaly detection module based on SDN.(3) In this paper, we use a lightweight simulation tool Mininet, complete the network traffic anomaly detection model simulation based on SDN. Meanwhile, we simulate the DDoS attacks in this environment, by analyzing the value of Hurst. If the Hurst values outside the normal range prove that the model can detect physical abnormalities in the host SDN virtual network. Simulation results show that the model can determine the network traffic anomaly, and have a significant role on detected flexibility, responsiveness aspects of the initiative, and security mechanisms.