DDoS Attack Detection Mechanism Based On Deep Learning Under SDN Network Architecture

The Internet of things has developed very well in recent years,the network traffic and the number of devices in the Internet of Things have also increased dramatically,which undoubtedly put great pressure on the security maintenance of the Internet of Things.The Software Defined Network provides an innovative solution to the security issues of the Internet of Things.However,due to the highly centralized network management of the SDN controller,once the SDN controller is attacked by the network,the network which it manages will be paralyzed due to loss of control.Therefore,ensuring the security of the SDN controller has become a top priority in the SDN network environment.One of the main security threats to SDN controllers is DDoS attacks,so how to quickly and accurately detect DDoS attacks has become a research hotspot in the field of SDN security.In addition,when the DDoS attack occurs,the extracted traffic information is more suitable for the detection of time series samples,and the classification prediction of samples with time series relationships is more suitable for the use of some deep learning methods that can process time series data.The DDoS attack monitoring mechanism proposed in this paper is based on deep learning.The attack detection mechanism combines the optimized LSTM model and SVM.In the normal operation stage of the network,after receiving the trigger request,optimizing LSTM deep learning can make classification judgments on the time series,and achieve detection and judgment through a period of traffic characteristics to reduce the single machine learning classifier caused by a single abnormal traffic of false alarms.In addition,the introduction of SVM can reduce the misjudgment rate caused by the sensitivity of the LSTM model to the data during the initial startup of the network and reduce the detection time and system burden.First,preprocess the data sets and the flow table feature extraction algorithm is used to extract the characteristics of the flow table information.After standardization and time window processing,the time series are formed and input to the optimized LSTM model for training.Then this paper proposes an improved genetic algorithm to optimize the LSTM model to find the optimal time window size and number of neurons.In the improved algorithm,the binary classification cross-entropy loss function is used instead of RMSE as the fitness value.The improved adaptive strategy is used to perform the crossover and mutation operations,and the Cauchy distribution function is introduced as the mutation probability function to further optimize the algorithm.In the actual test,it was found that due to the unstable initial network traffic and the LSTM being more sensitive to data,it is easy to misjudge the initial unstable normal traffic as the attack traffic.When the network environment starts to stabilize and enters a normal state,the judgment of the LSTM model tends to be normal,and the LSTM model can achieve high accuracy.The introduction of SVM can reduce the misjudgment rate caused by the sensitivity of the LSTM model to the data during the initial startup of the network.Finally,this paper builds an experimental simulation platform to verify the feasibility of the DDoS attack detection mechanism in the SDN network environment.