Research On SDN Intrusion Detection Technology Based On Convolutional Neural Network

In recent years,with the rapid development of the mobile Internet and the Internet of Things industry,cloud computing,big data,and artificial intelligence have become the research hotspots and key research and development directions.As the pressure of network bandwidth is increasing,the spatial distribution of network traffic becomes highly dynamic,traditional network architectures are increasingly difficult to meet the diverse needs of users for network bandwidth,network performance and network services.This also promotes the development of software-defined network technology.The basic idea of SDN is the separation of control and forwarding.The traditional network architecture based on TCP/IP protocol cluster is decoupled into forwarding layer,control layer and application layer to achieve logical entralized control and management of the network,programmable network control features have greatly improved the flexibility of network management,and has attracted widespread attention in the academic community.Although SDN effectively simplifies the network management process,its open programmable architecture also provides convenience for attackers.They only need to use software programming to attack the network easily.At the same time,centralized control mode makes the SDN controller easier to become the target of the attack.Compared with the traditional network architecture,the SDN controller is more threatened by the network security problem caused by the attack,so the security problem has gradually become a key factor restricting the development of SDN.However,because the SDN architecture not only faces the threat of traditional network attacks,but also faces the security problems brought by the architecture itself,the intrusion detection system under the traditional network architecture is not well applied to the SDN environment.Based on the above problems,this paper designs an intrusion detection model convolutional neural network for the intrusion detection requirements in SDN environment,and uses the advantages of centralized control of SDN logic to solve the intrusion detection problem in SDN environment.content include:(1)The overall architecture design of the program.Study the architecture and principle of SDN,and design the intrusion detection model under SDN environment for its intrusion detection requirements,including four modules: data acquisition,data preprocessing,feature selection and intrusion detection.The data acquisition module is responsible for collecting the data set,including the flow table item data set and the NSL-KDD data set;the data preprocessing module is responsible for digitizing and standardizing the collected data;the feature selection module is responsible for screening and synthesizing the new feature vector.The intrusion detection module determines whether an intrusion occurs by using a neural network.(2)Design and implementation of data acquisition module.Data collection includes two parts.First,for SDN-specific attacks,using the advantages of centralized control of SDN controllers,by designing a flow table entry collection model,collecting flow entries under different network behaviors,and forming a data set;Traditional cyber attacks use the NSLKDD data set as input.(3)Feature screening method design.In the field of deep learning,redundant features in feature vectors can cause problems such as over-complexity,easy over-fitting,and waste of computing resources.Therefore,feature engineering is an important part of deep learning technology.This paper proposes a feature filtering method based on decision tree and gain rate.The decision tree pruning and gain rate are used to screen the original data features twice to realize the feature screening of intrusion detection data.(4)Design and implement of intrusion detection module.Aiming at the requirements of intrusion detection in SDN environment,an intrusion detection model based on convolutional neural network is designed.This model also supports the identification of SDN-specific attacks and traditional network attacks.Starting from the convergence speed and stability of model training,the algorithm of convolutional neural network is optimized,and an enhanced training technique is proposed to improve the accuracy of small sample data detection.