| With the widespread application and development of network technology,it has had a very significant impact in various important areas such as economy,culture,education,and technology,and the importance of network resources is obvious.In today's complex network environment,how to identify various network attacks,especially unknown attacks,is a key issue that needs to be urgently addressed.The Intrusion Detection System(IDS)plays a vital role in this regard.It collects and analyzes network events or system call sequences in real time,and is widely used to protect computer systems and networks.However,the existing intrusion detection system not only has a high degree of coupling of software and hardware,but also these proprietary devices are independent of each other and difficult to cooperate with.They lack a unified deployment platform and standard management methods,and cannot adapt to today's rapidly developing network environment.The emergence of software-defined network(Software-Defined Network,SDN)technology provides a brand-new solution for solving security problems.This thesis studies intrusion detection system solutions and related technical theories,proposes a software-defined security(SDS)intrusion detection system architecture based on signature-based detection.As a comprehensive and flexible security development framework,SDS architecture can comprehensively evaluate and analyze captured network traffic or system events and generate security defense policies in a timely and efficient manner.Finally,the policy results are fed back to the SDN controller for flexible flow table generation.The flow table entry is also sent to the switch so as to block malicious flow.Then,we design and implement a distributed experimental environment based on the integration of Open Stack and Open Day Light and accomplish the testing of system function modules.The proposed architecture realizes rapid detection and response to internal or external attacks and defense and protection against computer systems and networks.In order to be able to identify unknown attacks at the same time and to improve the detection performance(such as accuracy,FPR)in the area of flow classification,this thesis designs and implements an intrusion detection algorithm based on self-organizing mapping neural network and convolutional neural network technology.The technology is deployed in the network as a type of security protection equipmentto achieve the purpose of deeply digging traffic information and improving detection performance.In order to measure the effectiveness of the algorithm and obtain the best network structure,this paper performed corresponding simulation tests on the KDD99 dataset based on CNN,SOM,CNN-SOM and their hybrid topologies,while using a dimensionality reduction algorithm to improve detection efficiency,and finally the performance evaluation was accomplished using various evaluation indexes in terms of accuracy,precision,recall,F1 score,etc.The results show that the algorithm implemented in this paper has higher detection performance. |
PDF Full Text Request