| SDN(software-defined network)has gained more and more attention and application,which mainly benefits from its different characteristics from traditional network.Traditional network adopts layered protocol mechanism,and each layer is only responsible for its own related work.SDN breaks the hierarchical structure,mainly including control logic and forwarding processing logic group.Controller realizes control logic,switches shall be responsible for the processing of forwarding.SDN also supports programming features,which makes controller achieve new programming function,then the corresponding rules to switch being installed.The controller is responsible for the path found,load balancing,and other functions,and switches are the executors of the controller issued rules.SDN brings great convenience and flexibility to the network.But security was not considered at the beginning of the design,and most manufacturers no longer support transport layer security(TLS)due to cost,which makes the security problem particularly prominent.In order to solve the above problems,this dissertation proposes a clustering based and a deep learning based malicious data flow detection model.In the detection model of malicious data flow based on clustering,the entropy value of each data flow is calculated to determine whether there is an attack,and the data flow is clustered by clustering algorithm to find the malicious data flows,and then the SDN controller install rules for deletion flow.In order to reduce the clustering time,this dissertation proposes a clustering algorithm based on grid and density(GDBC).Although the GDBC clustering algorithm still requires manual extraction of data stream features in data stream clustering,it can carry out training without prior knowledge and identify some malicious data streams that have not been seen before under the condition of appropriate threshold setting.KDD99 and CTU-13 datasets were used in the experiment.The results show that compared with SE and DBSCAN clustering algorithm,this algorithm can reduce the time spent in the clustering process on the premise of ensuring accuracy.Finally,simulation was carried out in Mininet and Pox,and this algorithm can effectively detect malicious data.Although many machine learning algorithms have been used in SDN to solve the security problems,but they all need expert extract features from the original data,that is,they need a lot of human-computer interaction.To some certain extent,it reduce the detection accuracy.And the algorithm based on clustering has no detection ability for some data stream with no obvious statistical characteristic.In view of the above problems,a malicious network flow classification method based on convolutional neural network(CNN)and recurrent neural network(RNN)is proposed.Our method is implemented in the TensorFlow supported by the graphics processing unit(GPU),and evaluated in CTU-13,CISC2010 and our simulated data.Our method has achieved good results,and is superior to the existing methods in detection accuracy and stability,and having a strong potential application in SDN network security. |
PDF Full Text Request