Research On Intrusion Detection Algorithm Under Software Defined Network

With the rapid development of the network,traditional network architectures cannot adapt to the constantly changing complex environment of modern networks.Software Defined Network(SDN)has emerged to address these issues.This technology achieves flexible control of network traffic,but at the same time,its centralized control,open interface,and network virtualization characteristics also bring new security issues.The practical application of SDN networks not only needs to solve the security problems caused by traditional network attacks,but also to address its inherent security threats.In summary,there is an urgent need to conduct indepth research on the characteristics of SDN networks and develop more efficient and professional intrusion detection mechanisms.Based on the above problems,this paper proposes two schemes for the unique attack forms in the SDN architecture and traditional network attacks,and validates them in NSL-KDD,UNSW-NB15 dataset and SDN environment.The specific work content is as follows:(1)In order to make fast detection of distributed denial-of-service attacks in SDNs,this paper proposes an intrusion detection algorithm based on improved genetic algorithm optimized random forest,which improves the global search capability of the algorithm by improving the adaptive genetic algorithm variation operation.In addition,this paper also builds an SDN environment and collects raw flow table datasets by taking advantage of the centralized control of SDN,and proposes an SDN-oriented online detection method for distributed denial-of-service attacks.Finally,experiments are conducted in NSL-KDD dataset and SDN environment,which effectively verify the real-time and effectiveness of the proposed algorithm in this paper.(2)Since the intrusion detection system under SDN should also consider traditional network attack techniques,in order to improve the detection accuracy of massive high-dimensional network traffic,this paper implements a deep residual network model for network anomaly detection in a distributed architecture by proposing an intrusion detection algorithm based on federated learning and optimization of deep residual networks,so that the model still has the ability to collaboratively train global while protecting the privacy and security of each node The model has the ability to collaboratively train the global model while protecting the privacy of each node.In addition,this paper introduces multi-scale convolution and channel attention mechanisms to optimize the deep residual network model and learn the correlation between channels to fully extract the feature information of complex network traffic data.