Research On Attack Detection Mechanism Based On Improved CS-SVM In SDN Network Environment

In recent years,with the rapid development of Internet users,the rapid development of various applications,network security incidents have also occurred frequently,and network security issues are gradually being emphasized.The emergence of Software-defined Networking(SDN)has produced network security problems in the new environment.The hierarchical architecture of SDN realizes the automation and programmability of network configuration,but because of the importance and particularity of controller in SDN,it also brings opportunity for attackers.If the SDN is attacked by DDo S,the controller module will be flooded with a large number of Packet-In packets,which may cause the breakdown of the whole network.Therefore,the security of SDN is a problem worthy of attention.For the SDN network environment,a new attack detection mechanism is proposed to help improve the security protection performance of the network.Based on the research and analysis of the characteristics of open flow protocol and DDo S attacks in SDN network,this paper presents a five-tuple feature detection method based on source IP,target IP,source port,target port and protocol type,the Packet-In packet features collected by the controller are regarded as a queue,and Shannon entropy of each feature is calculated and input into the support vector machine model for detection.Aiming at the problem of poor detection performance of pure SVM model,this paper proposes a method to optimize the penalty factor and kernel parameters of SVM by using cuckoo search(CS)algorithm,and proposes an improved strategy based on CS algorithm,including the introduction of neighborhood individual attraction mechanism and the use of dynamic Levy flight steps,the improved algorithm is called ICS.Finally,the traffic classification model of ICS-SVM is established to detect whether the network is attacked.Standard test functions are introduced to test CS and ICS,and ICS is found to be better than CS.Then SVM,CS-SVM and ICS-SVM are tested on UCI data sets,and the results show that ICS-SVM is the best.The simulation system is built by mininet network simulation tool and floodlight controller,then the normal background traffic is manufactured by D-ITG,and the attack is launched by hping3 tool.Finally,the detection ability of the system is verified.SDN online data were collected and tested on SVM,CS-SVM and ICS-SVM.Compared with SVM and CS-SVM,the accuracy of ICS-SVM in the collected data set was improved by 2.9% and 0.8% respectively,and the precision,recall rate and F1 score were also significantly improved.Experimental results show that the ICS-SVM is the best for attack detection.