SDN中基于机器学习的DDoS攻击协同防御

现在电力系统业务越来越多,传统的网络架构缺乏全局观、控制能力不强。软件定义网络(SDN)是一种新兴的网络架构,将SDN运用到电力系统中去,可以改变以往电力通信网的静态化格局,实现真正意义上的智能电网。然而,SDN这种体系结构容易受到分布式拒绝服务(DDo S)的威胁。采用卷积神经网络和SVM支持向量机相结合的方法来检测攻击。利用SDN控制器全局管理的特性,通过控制器提取相邻交换机之间的关联特征,使得交换机可以协同运作,提高检测精度。此外,为了可以实时观测网络的安全状况,设计了基于Influxdb和Grafana的轻量级网络监控系统。通过模拟攻击和正常流量来获取大量数据集,并和其他检测方法进行对比试验。实验结果表明,该模型有更高的检测率和更低的误报率,数据也可以实时上传到监控系统中,给管理者提供整个网络的视图,使得网络的管理更加便捷。

Cooperative defense of DDoS attack based on machine learning in SDN

There is an ever increasing number of services in the power system, and the traditional network architecture lacks an overall view and its control ability is not strong. The Software Defined Network (SDN) is an emerging network architecture. The application of SDN in a power system can change the static pattern of the previous power communication network and realize a real smart grid. However, the architecture of SDN is vulnerable to Distributed Denial of Service (DDoS) threats. A combination of convolutional neural network and Support Vector Machine (SVM) is used to detect attacks. Based on the features of global management of an SDN controller, the association features between adjacent switches are extracted by the controller, so that switches can cooperate in operation and detection efficiency and accuracy can be improved. In addition, a lightweight network monitoring system based on Influxdb and Grafana is designed for real-time observation of network security. A large number of data sets are obtained by simulating attacks and normal traffic, and comparing with other detection methods. The results show that the model has a higher detection rate and a lower false alarm rate, and the data can also be uploaded to the monitoring system in real time to provide managers with a view of the whole network, making the management of the network more convenient. This work is supported by the Sicence and Technology Project of State Grid Corporation of China (No. SGHEXT00GCJS2000167) and the National Natural Science Foundation of China (No. 61971190).