Research And Implementation Of 5G Slice Security Operation And Maintenance System Based On Traffic Attack Detection And Defense

With the advent of 5G era,higher requirements for network throughput,latency and reliability are put forward to support a variety of application scenarios and meet the needs of vertical industry differentiation.Network slicing,which combines software-defined network(SDN)and network function virtualization(NFV),has become one of the key technologies for5 G network service diversification.Through network slicing,network operators can build up multiple independent logical networks on the basis of the same physical network to meet the specific needs of different services.However,while expanding the service scope,5G networks are also facing a wider range of attacks,which increases the risk of malicious attacks such as distributed denial of service(DDoS).For example,because the SDN architecture decouples the control plane from the data plane to centrally control network resources,DDoS attackers can use this feature to launch attacks on the SDN control plane,causing it to drop valid packets,thus affecting the performance of the SDN architecture.With the wide application of SDN architecture in 5G network slicing,how to ensure the security of network slicing has become a top priority.Based on the above background,this thesis designs a 5G slice security operation and maintenance system based on traffic attack detection and defense.The specific work is as follows:(1)This thesis studies the existing DDoS attack detection algorithms with deep learning framework,analyzes the SDN architecture and the characteristics of DDoS attacks,and then proposes a detection method that combines Long Short-Term Memory(LSTM)and selfattention mechanism.Compared with the traditional deep learning detection algorithm,this method calculates the dependence relationship between each feature through the self-attention mechanism,and learns the weight distribution of each feature information in traffic detection,so as to solve the problem that the accuracy of DDoS detection decreases when the time serialization step of LSTM model is too large.(2)The DDoS attack detection module is deployed in the SDN controller,and combined with the blacklist and whitelist mechanism,the DDoS traffic attack detection and defense system in SDN environment is designed.The SDN simulation environment and network topology are built by using Mininet network simulation tool,Open Daylight controller and Open v Switch switch,and different DDoS detection algorithms are compared.The experimental results show that the proposed DDoS traffic attack detection method has high accuracy and low error rate.(3)Based on the proposed attack detection algorithm and SDN controller,a 5G slice security operation and maintenance system is developed.The system realizes the network isolation in the slice through the combination of Open Stack platform and SDN architecture,and collects the network status information in the slice in real time to detect whether the DDoS attack occurs in the environment.Finally,the layui framework visualization page is used to provide operation and maintenance services for users.