基于深度学习的SDN异常流量分布式检测方法

Distributed abnormal traffic detection method for SDN based on deep learning

王坤 ¹付钰 ²段雪源 ³俞艺涵 ⁴刘涛涛²

扫码查看

作者信息

1. 海军工程大学信息安全系,湖北武汉 430033;信阳职业技术学院信息与通信工程学院,河南信阳 464000
2. 海军工程大学信息安全系,湖北武汉 430033
3. 信阳师范大学计算机与信息技术学院,河南信阳 464000;河南省教育大数据分析与应用重点实验室,河南信阳 464000
4. 海军工程大学作战运筹与规划系,湖北武汉 430033
折叠

摘要

针对传统异常流量检测方法在执行大规模软件定义网络(SDN)的检测任务时,存在运算开销大、共享链路繁忙,容易引起网络设备单点故障,导致软件定义网络服务质量下降甚至网络瘫痪等问题,提出一种基于深度学习的SDN异常流量分布式检测方法.该方法将部署在云端服务器的判别器与若干部署在SDN控制器的生成器构造为"一对多"的分布式生成对抗网络(D-VAE-WGAN),利用正常流量样本完成对D-VAE-WGAN的协同训练,在控制器上生成具有独立检测功能的异常流量检测代理,以实现大规模SDN环境下各控制器子网中异常流量的分布式检测.实验结果表明,该方法可以快速、准确地检测出大规模SDN中的异常样本,在准确率、召回率等检测指标上优于传统方法;并且具备对未知异常的检测能力.

Abstract

Addressing the high computational expenses,congested shared links,and propensity for single-point failures in network devices that can lead to a degradation of software defined network(SDN)service quality or even network pa-ralysis during the execution of large-scale SDN detection tasks by traditional abnormal traffic detection methods,a dis-tributed abnormal traffic detection method for SDN based on deep learning was proposed.This method constructed a"one-to-many"distributed generative adversarial network(D-VAE-WGAN)with a discriminator deployed on a cloud server and multiple generators deployed on SDN controllers.Utilizing normal traffic samples,collaborative training of the D-VAE-WGAN was completed,resulting in independent abnormal traffic detection proxies on controllers,enabling distributed detection of abnormal traffic within each controller's subnet in a large-scale SDN environment.Experimental results indicate that this method can rapidly and accurately detect abnormal samples in large-scale SDN,outperforming traditional methods in detection metrics such as accuracy and recall rate,and can detect unknown anomalies.

关键词

深度学习/软件定义网络/分布式/异常流量检测

Key words

deep learning/software defined network/distributed/abnormal traffic detection

引用本文复制引用

出版年

2024

通信学报

中国通信学会

通信学报

CSTPCDCSCD北大核心

影响因子：1.265

ISSN：1000-436X

段落导航