The Research Of Key Techiniques For Detecting Security Event In SDN Data Plane

As the infrastructure layer in the SDN(Software-Defined Network)structure,the data plane contains various types of network devices and is usually directly connected to the external network,so various security events are prone to occur inside.In addition,other abstraction layers in the SDN can also be affected by security events in the data plane.In order to ensure the safe,stable and long-lasting operating of the network,it is of great significance to research the detection techniques of security events in the SDN data plane.Firstly,this paper analyzes three types of security events around the features of the data plane,and gives an SDN test environment and its construction process.The network metadata related to the data plane is analyzed,and a security event detection framework oriented to the data plane is designed according to the characteristics of the data plane and the deficiencies of existing methods.Then,for the three types of network metadata related to the data plane,a general metric information construction process is firstly given.And a multi-type data timestamp alignment algorithm is proposed for the existing problem of timestamp non-synchronization in the distributed network metadata collection process.On the basis of the above,the corresponding metric information and its construction method are designed for the southbound interface,flow table and network traffic.After that,based on the metric information of the data plane,a security event detection model based on multivariate time series classification technology is designed.Based on this,a detection method based on series features original series are respectively designed.The current baseline algorithm of FCNs used for the original time series classification is also optimized,and better event detection capability is obtained.Finally,based on the event detection framework proposed in this paper,the security event detection system oriented to SDN data plane is designed and implemented by constructing the data plane metric and combining the security event detection model based on multivariate time series classification.The system test results prove that the system constructed in this paper can effectively detect multiple types of security events in the data plane.