SDN中基于ConvLSTM和ResNet的DDoS攻击检测方法
DDoS attack detection method based on ConvLSTM and ResNet in SDN
杨肖敬 1王海珍 1李锶琪1
作者信息
- 1. 齐齐哈尔大学计算机与控制工程学院,黑龙江省重点实验室大数据网络安全检测分析,黑龙江齐齐哈尔 161006
- 折叠
摘要
随着软件定义网络的不断发展,面临的安全挑战日益增多,其中最为普遍的是分布式拒绝服务攻击.深入分析软件定义网络当前存在的安全问题,特别关注了在检测分布式拒绝服务攻击时时序数据特征提取不足的问题,提出一种基于深度学习的攻击检测方法.首先,引入卷积长短时记忆网络,并结合多头注意力机制,同时捕捉网络数据的空间和时间特征.然后,通过改进的残差网络,解决神经网络训练过程中的梯度消失问题,并再次强化数据特征的提取能力.最后,采用Sigmoid函数进行分类,判断输入数据是正常流量还是恶意攻击.实验结果表明,该模型具有良好的性能.
Abstract
With the continuous development of software-defined networks,security challenges are increasing,the most common of which is distributed denial of service attack.In this paper,we deeply analyze the security problems of software-defined networks,especially the lack of feature extraction of time series data in detecting distributed denial-of-service attacks.To solve this problem,this paper proposes an attack detection method based on deep learning.In this method,convolutional long and short time memory network is first introduced,and multi-head attention mechanism is combined to capture spatial and temporal characteristics of network data at the same time.Then,through the improved residual network,the problem of gradient disappearance in the training process of neural network is solved,and the ability of data feature extraction is strengthened again.Finally,the sigmoid function is used to classify the input data to determine whether it is normal traffic or malicious attacks.The experimental results show that the proposed model has excellent performance.
关键词
软件定义网络/分布式拒绝服务/卷积长短时记忆网络/多头注意力机制/残差网络Key words
software-defined networking/distributed denial of service/convolutional long short-term memory network/multi-head attention mechanism/residual network引用本文复制引用
基金项目
黑龙江省省属高等学校基本科研业务费科研项目(145209126)
出版年
2024
NETL
NSTL
万方数据