| With the rapid development of the Internet,network security issues are particularly important.Among the endless network attacks,Do S attacks and DDo S attacks are the most rampant and are the focus of network security research.As a new type of network architecture,SDN have attracted the favor of many scholars and enterprise researchers because of its unique advantage,such as separation of control layer and data layer,programmable implementation,and high flexibility.Its centralized control feature provides new methods and means for network anomaly detection.This paper first introduces the principles related to traffic anomaly detection,and then summarizes the network anomaly detection algorithms and analyzes the advantages and disadvantages of various these algorithms.This paper mainly studies from two dimensions,one is the accuracy of anomaly detection,and the other is the real-time nature of anomaly detection.The specific work is as follows:Firstly,a method of combining machine learning(K-means + isolated forest algorithm)for network anomaly detection is proposed.Using isolated forest algorithm to classify traffic into normal and abnormal,combined with K-means clustering algorithm,further Classify the abnormal data into specific categories.To verify the advantages of the algorithm,we compare this algorithm with several other algorithms based on KDD CUP99 data set.Secondly,this paper proposes a time series graph mining algorithm based on the idea of frequent sub-graph mining.We extract traffic data into five-tuples,and constructs a time series graph with a time period of 30 seconds.The anomaly score for each sub-graph is calculated by the itemsets' support.The software defined network enviorment is built by the Mininet platform,and Scapy is used to simulate normal and abnormal traffic.Experiments show that the method we proposed has strong feasibility. |
PDF Full Text Request