Research On SVM-based Abnormal Traffic Identification Technology In SDN

With the rapid development of the Internet,network topology has become more and more complex,and network attack monitoring has become quite difficult.The traditional passive defense strategy can not meet the needs of network information security.The software defined network(SDN)separates the network control and forwarding functions,making network control directly programmable,and proposes a new solution for network traffic management.How to effectively detect abnormal traffic of SDN has become an important issue in the field of computer security.Software Defined Network(SDN)separates control plane from data plane,and uses multiple controllers to resolve the extensibility and security of SDN.However,most research concentrates on the control layer architecture,ignoring the controllers placement problem.In this paper,we first define the total flow request cost that considers switch weights,switch-to controller routing costs,and inter-controller routing costs.Next,we propose controller-based load balance factor,with a known number of controllers,the position of the specific controllers is derived by minimizing the linear function of the load balance factor and the total flow request cost.Finally,when the burst traffic change in the control domain causes the controller to overload,the switch is migrated to release the overload problem.Through simulation,the controller layout scheme reduces the flow request cost of the SDN and achieves load balancing among the controllers.In order to improve the efficiency of SDN intrusion detection,this paper proposes FWP-SVMGA algorithm(Feature Selection,Weights and Parameters Optimization of Support Vector Machine Based on Genetic Algorithm)based on the characteristics of genetic algorithm(GA)and support vector machine(SVM)algorithm.The algorithm first optimizes the crossover probability and mutation probability of GA according to the population evolution algebra and fitness value;then,it subsequently uses a feature selection method based on the genetic algorithm with an innovation in the fitness function that decreases the SVM error rate and increases the true positive rate.Finally,according to the optimal feature subset,the feature weights and parameters of SVM are simultaneously optimized.The simulation results show that the algorithm accelerates the algorithm convergence,increases the true positive rate,decreases the error rate,and shortens the classification time.Compared with other SVM-based intrusion detection algorithms[74][55][75],the detection rate is higher and the false positive and false negative rates are lower.In this paper,the SDN abnormal traffic detection system is designed.The controller placement of SDN and an improved intrusion detection algorithm based on GA and SVM are applied to the system.The software-defined network environment is built by mininet simulator.The experimental results show that the proposed SDN anomaly traffic identification technology implements load balancing in the control domain and can effectively detect abnormal traffic.