Research Of Anomaly Traffic Detection Technology Based On KNN In SDN

With the development of Internet technology,the data traffic of the entire network environment has increased rapidly,and it is also facing the threat of various network attacks,which seriously affects the security of users.As a new network architecture,software defined network provides a new solution for network traffic management and optimization.How to monitor and detect diverse and complex network traffic in real-time and accurately in a software defined network environment has became a research hotspot in academia.In this paper,the principle of KNN-based anomaly traffic detection technology in software defined network is expounded.Through the in-depth analysis of related technologies at home and abroad,an improved anomaly traffic algorithm based on DPTCM-KNN is proposed for the existing problems.The detection algorithm defines the concept of independence.The singularity and the independence are used together as the standard of anomaly detection.The double p value is calculated to judge the probability of abnormal state of the flow.Under the premise of ensuring the time complexity of the algorithm,the false positive rate in the detection process is reduced and the accuracy is high.In order to improve the efficiency of anomaly detection,this paper also proposes an optimized feature selection algorithm based on FACO.We design feature selection fitness function,and optimize the ant colony path transition probability based on feature length and detection performance.At the same time,the two-stage pheromone update rule is adopted to increase the pheromone value of more paths to avoid local optimization in the feature selection process.Experiments show that the improved feature selection algorithm can effectively eliminate redundant features,screen out the optimal feature subsets,and improve the performance of the anomaly detection mechanism.In this paper,the anomaly traffic detection architecture under the software defined network is designed.The DPTCM-KNN detection algorithm and the FACO feature selection algorithm are applied to the architecture.The software defined network environment is built by the Mininet simulator and the Ryu controller to realize the detection of massive traffic.Experiments show that this scheme has good detection performance in software defined network environment and has strong practicability.