Research And Implementation Of Software Defined Security Gateway Detection System

With the continuous development of Software Defined Networking(SDN),the security problems of SDN have become more prominent,and the security problems of SDN have become key issues in the SDN field.As a new type of network structure,SDN's technical core is to realize the separation of the control part and the data part of the network equipment,which can control the network more flexibly.The programmable idea of SDN provides new methods and means for abnormal traffic detection.At present,there are many anomaly detection architectures in SDN networks.This article proposes an industrial SDN network security gateway system that can flexibly detect attacks in the network.The security gateway is composed of a router and a processor,which has an important and unique protective function.It can prevent insecure factors in the external network from intruding into the internal network.However,due to the difference between traditional Ethernet and SDN networks,traditional security gateway systems cannot be directly transplanted to SDN networks.The design of the security gateway system in the SDN network has also become a major problem that needs to be faced.In order to solve this problem,many studies have proposed various abnormal traffic detection architectures at the three network architecture levels of SDN to ensure the security and reliability of the SDN network.Based on this,this paper proposes an SDN security gateway detection system.This paper first focuses on the basic principles of abnormal traffic detection,and then briefly summarizes the existing network abnormal traffic detection algorithms and SDN-oriented network anomaly detection mechanisms,and analyzed the advantages and disadvantages of various algorithms.Regarding the detection of abnormal traffic under SDN,this paper will study from the following two dimensions.One is the research of SDN anomaly detection algorithm,and the other is the design and implementation of SDN security gateway detection system.Most of the existing anomaly detection algorithms have slow real-time response.In view of the real-time requirements of abnormal traffic detection,considering the improvement of the algorithm time performance,the traditional approximate nearest neighbor algorithm takes a lot of time to calculate the minimum distance,and the vector found by the approximate nearest neighbor do not required it must be an accurate nearest neighbor,but it reduces the time consumption of the algorithm,so this article starts with the approximate nearest neighbor algorithm to study the anomaly detection algorithm.This paper uses the designed anomaly detection algorithm to design an SDN security gateway detection system based on feature detection.As a flexible security system,this system can capture network traffic data in a timely and effective manner and perform detection and analysis,and promptly report to users Feedback on abnormal traffic activity in the network.On this basis,a simulated industrial SDN network environment was designed and built,and system functional tests were carried out.Experiments show that the system proposed in this paper can effectively detect abnormal traffic in the network and provide feedback to users according to its characteristics,and actively respond to the abnormal traffic in the network,thereby defending and protecting system resources.The work of the anomaly detection algorithm is as follows:1.This paper proposes an algorithm that uses approximate nearest neighbors,applies the idea of approximate nearest neighbors to abnormal network traffic detection,and uses approximate nearest neighbor algorithms to classify traffic.Then conduct experiments based on the real data set KDD CUP99 and CIC-IDS-2017,and compare with other detection algorithms to verify the effectiveness of the algorithm.2.Experiments were performed using the attack data set in the industrial SDN network built by simulation to verify the feasibility of the algorithm. The design part of the security gateway detection system is as follows:1.Adapt the statistical methods of traffic characteristics of traditional networks to industrial networks.The data obtained from the SDN controller extracts the required feature information based on the statistical method,and constructs an 8-dimensional feature vector.2.The detection part uses the optimized approximate nearest neighbor detection algorithm for traffic detection.3.Design and implement real-time detection effect display,and display the detection results in real time.