Research On SDN-oriented LDoS Attack Detection Method

Modern society is highly dependent on the Internet.People enjoying the convenience of network services are also subject to the risks of network attacks.Low-rate denial of ser-vice(LDoS)attack is a new type of network attack.It has the characteristics such as low attack rate,strong concealment and difficult detection.Software Defined Network(SDN)decouples the data plane and control plane.It controls the network in a software-defined way,and provides more flexible network management.However,this new network architecture makes SDN also face the threat of LDoS attacks.Detecting LDoS attacks is very important to SDN security.Therefore,this paper proposes a detection method of LDoS attacks based on a hybrid deep learning model CNN-GRU:the Convolutional Neural Network and the Gated Recurrent Unit.The main work is as follows:(1)Since the combination of spatio-temporal features of LDoS data in SDN,an LDoS attack detection method based on the hybrid deep learning model CNN-GRU is proposed This model connects CNN and GRU in parallel.CNN and GRU are adopted to extract spatial and temporal features of input data,respectively.These features are merged to achieve accurate detection of the LDoS attack(2)The dimension of the traffic packet in SDN is large.If all fields are adopted as the input data of the CNN-GRU detection model,irrelevant and redundant features will greatly increase the computational complexity.9 field values such as n_packets and n_bytes from the flow table are extracted as the input data of the hybrid model.In addition,the packets and bytes of the attack traffic are smaller.To improve the detection effect,the average numbers of packets and bytes are also constructed as input data(3)Manually setting the hyperparameters of CNN and GRU has the disadvantage of consuming time and it is difficult to select the most suitable hyperparameters.An advanced sailfish algorithm(ASFO)is proposed to automatically optimize hyperparameters of CNN-GRU detection model.First,to enhance the optimization performance of the sailfish algorithm,the circle mapping and normal mutation operator are introduced to improve the sailfish algorithm.Then,ASFO is employed to automatically optimize the hyperparameters of CNN-GRU detection model and the optimal hyperparameter values of the detection model are selectedThis paper employs two datasets,including the dataset collected by simulating LDoS attacks in real scenarios and the benchmark dataset called CIC LDOS 2017,to verify the effectiveness of the proposed method and compares CNN-GRU model with NB,LR,SVM,DT,LSTM,GRU,and CNN algorithms in terms of accuracy,recall,and false positive rate The accuracy,recall,and false positive rate of CNN-GRU model are 0.9556,0.9659,and 0.07 on the dataset collected by simulating LDoS attacks in real scenarios,respectively,as well as 0.9506,0.9485,and 0.0445 on the CIC LDOS 2017 dataset.Compared with traditional machine learning algorithms,our method has advantages in multiple evaluation metrics.Then,this paper utilizes PSO,FA,SFO and ASFO to optimize the hyperparameters of the CNN-GRU model,respectively.The accuracy and recall rate of the CNN-GRU model optimized by ASFO increase to 0.9895 and 0.9904 on the dataset collected by simulating LDoS attacks in real scenarios,and the false positive rate decreases to 0.0127.Its accuracy rate and recall rate increase to 0.9914 and 0.9896 on the CIC LDOS 2017 dataset,respectively,the false positive rate decreases to 0.0046.Compared with PSO,FA and SFO,the CNN-GRU model optimized by ASFO has better classification performance.