Research On Anomaly Traffic Detection Algorithm Based On Data Mining In SDN

The rapid development of Internet technology has brought more network traffic.Network security is a very important issue for network managers.It is of long-term significance to improve the level of network security protection and to study network malicious traffic detection.As a new network architecture,SDN separates the control plane and the data plane compared with the traditional IP network.By utilizing its programmable and scalable,it is convenient to centralize the control of the whole network and provides a new opportunity for malicious traffic detection.Taking full advantage of the characteristics of SDN network environment,this paper designs and validates an anomaly traffic detection system including data preprocessing and classification on the basis of research of existing anomaly traffic detection technology based on data mining.Considering that SDN has large data traffic and limited network resources,in order to avoid excessive traffic load in the network,it is impossible to transfer all the data in the flow table to anomaly detection server,so this paper proposes a traffic sampling method based on genetic algorithm.This method constructs an optimization model with the sum of false-positive rates for all data flows as the objective function,and then uses genetic algorithm to solve the model to obtain the optimal sampling probability of sampling points.Experiments show that the proposed traffic sampling method improves the efficiency of intrusion detection under low network load and achieves the purpose of capturing malicious data packets efficiently.After determining the appropriate sampling probability,SDN controller uses data mining algorithm to detect malicious traffic.We analyze the impact of the choice of kernel functions and parameters on the performance of SVM,then propose an optimized weighted mixed kernel function of SVM based on information entropy,in order to classify network traffic and detect malicious traffic.The algorithm uses the information entropy to improve the contribution of the features that are conducive to classification firstly to mitigate falling into a local optimum,then learn from the idea of multi-core learning to enhance the adaptability of the algorithm.The optimal genetic algorithm is used to select the type of mixed kernel function,kernel function parameters and error penalty factor.The experimental results show that compared with other similar algorithms,this algorithm has a higher classification accuracy rate and faster convergence speed.Finally,a new SDN architecture is proposed,then the deployment of IDS module and the structure model of control plane in SDN are summarized.The overall design and module design of SDN anomaly traffic detection system are introduced.Build a real SDN environment using Mininet and simulate DDoS attacks for simulation experiments.The experimental results show that the anomaly traffic detection system based on data mining proposed in this paper has strong adaptability to the network environment and the detection effect of malicious traffic is good.