Deep Learning Based Anomaly Traffic Detection Model In SDN

The Internet’s popularity has grown in tandem with the rapid advancement of information technology,and the network has become one of the important tools indispensable in our daily life.However,with the increasing complexity of the network environment and the increasing number of global network security incidents,the traditional anomalous traffic detection techniques can no longer meet the current complex and changing network environment,and with the emergence of new types of traffic such as Do H(DNS-over-HTTPS)traffic,the current anomalous traffic detection techniques are facing greater challenges.Although the popular machine learning and deep learning techniques for anomalous traffic detection have achieved some success in recent years,they also face some problems,such as machine learning algorithms relying too much on expert features and deep learning algorithms with low detection efficiency and relatively low accuracy.In addition,the emergence of Software Defined Network(SDN)to meet the diverse needs of users for network bandwidth,network performance and services,is a new network architecture,but the traditional anomalous traffic detection model in the SDN environment still has limitations,in addition to this SDN environment in the face of large-scale attacks exist in the detection of limited scope,efficiency and other security issues should not be underestimated.In addition,the limited detection range and inefficiency of this SDN environment in the face of large-scale attacks should not be underestimated,so it is also necessary to explore the anomalous traffic detection technology in SDN network environment.In the face of the increasingly complex network security issues,this paper constructs three models,FS-I1DCNN-based anomaly traffic detection model,FS-DI1DCNN-based malicious Do H traffic detection model,and anomaly traffic detection model under SDN network,for the three cases of anomaly traffic detection in normal network environment,Do H malicious traffic detection,and anomaly traffic detection under SDN network,respectively.The first model uses oversampling,undersampling and mean square normalization preprocessing methods to process the original data set,and then uses the XGboost feature selection method to filter the processed data to get the features with higher contribution,and proposes an improved one-dimensional convolutional neural network method,while using the Adam optimization algorithm to dynamically adjust the model parameters The second model adds the method of removing the feature values of specific network identification attributes to the data preprocessing on the basis of the first model,and proposes a DI1 DCNN malicious Do H traffic detection model based on the characteristics of Do H traffic;the third model first builds the SDN network in the Mininet platform and collects the switch flow table information in the environment and saves it to get SDN flow table dataset,and calculate the artificial features applicable to the detection environment based on the features in the SDN flow table dataset and add them to the original dataset,while building an abnormal traffic detection method applicable to SDN flow table data based on the FS-DI1 DCNN malicious Do H traffic detection model and using the DI1 DCNN detection algorithm in it as the core.Through the research content of this paper,we solve the problems that machine learning algorithms rely too much on expert features and deep learning algorithms have low detection efficiency and relatively low accuracy in the traditional network environment for anomalous traffic detection,and design a suitable detection model for malicious Do H traffic,and also provide an anomalous traffic detection model for SDN flow table data in SDN environment,which solves the problem of its limited detection range in the face of large-scale It also provides an anomalous traffic detection model for SDN flow table data,which solves the security problems of limited detection range and low efficiency when facing large-scale attacks.