基于SDN的网络流量异常检测技术
Anomaly Detection Technology of Network Traffic in SDN
摘要: 软件定义网络(Software-Defined Networking, SDN)作为一种新型的网络架构,已经成功地被商业化开发。但由于信息化社会的网络流量越来越大,种类越来越多,对于网络流量的异常检测日趋重要。为了实现在SDN网络环境下对流量进行异常检测,本文提出了一种基于支持向量回归(Support Vec-tor Regression, SVR)和自回归积分滑动平均模型(Auto-Regressive Integrated Moving Average, ARIMA)的算法。该算法充分发挥SDN网络的特性,周期性的获取网络流量,并利用ARIMA模型对流量进行预测,之后通过SVR模型将预测结果进行校正。试验结果表明,相较于ARIMA模型,ARIMA-SVR模型拥有较高的准确率和检测率;相较于支持向量机模型,ARIMA-SVR模型能够快速地检测出未知类型的异常流量。
Abstract: Software-Defined Networking (SDN) is a novel network architecture that has been successfully developed commercially. However, due to the increasing number and variety of network flows in the information society, abnormal detection of network traffic is becoming important. To realize anomaly detection of traffic in SDN network environment, this paper presents an algorithm based on Support Vector Regression (SVR) and Auto-Regressive Integrated Moving Average (ARIMA). The algorithm makes full use of the characteristics of SDN network, obtains the running state of the network periodically, and uses the ARIMA model to predict, then corrects the prediction results through the SVR model. The experimental results show that ARIMA-SVR model has higher accuracy and detection rate than ARIMA model; and compared with Support Vector Machine (SVM) model, ARIMA-SVR model can detect unknown types of abnormal traffic quickly.
文章引用:刘雷杰, 陈雯, 陈聪. 基于SDN的网络流量异常检测技术[J]. 计算机科学与应用, 2018, 8(11): 1696-1705.

参考文献

[1] Kreutz, D., Ramos, F.M.V., Esteves, V.P., et al. (2014) Software-Defined Networking: A Comprehensive Survey. Proceedings of the IEEE, 103, 10-13.
[2] Liu, C., Hoi, S.C.H., Zhao, P., et al. (2016) Online ARIMA Algorithms for Time Series Prediction. 30th AAAI Conference on Artificial Intelligence, AAAI Press, 1867-1873.
[3] Qian, Y.K. and Chen, M. (2011) MOADA-SVR: A Multivariate Online Anomaly Detection Algorithm Based on SVR. Journal on Communications, 32, 106-113.
[4] Box, G.E.P., Jenkins, G.M., Reinsel, G.C., et al. (2015) Time Series Analysis: Forecasting and Control. 5th Edition, John Wiley and Sons Inc., Hoboken, pp. 712.
[5] 杨连群, 宋津旭, 李翔宇. 网络日志和流量关联分析的必要性[J]. 电子技术与软件工程, 2017(14): 11.
[6] 王珣. 基于Netflow的局域网流量异常检测系统的设计与实现[J]. 信息与电脑(理论版), 2016(21): 186-188.
[7] 曾建华. 一种基于核PCA的网络流量异常检测算法[J]. 计算机应用与软件, 2018, 35(3): 140-144.
[8] 王强. SDN网络路由算法及流量监控方法的研究与应用[D]: [硕士学位论文]. 大连: 大连海事大学, 2016.
[9] Wang C., Mei W., Qin X., et al. (2017) Quantum Entropy Based Tabu Search Algorithm for Energy Saving in SDWN. Science China (Information Sciences), 60, 040307. [Google Scholar] [CrossRef
[10] 王文涛, 王玲霞, 黄烨. SDN环境下基于Renyi熵的低速率分布式拒绝攻击的检测[J]. 中南民族大学学报(自然科学版), 2017, 36(3): 131-136.
[11] Carvalho, L.F., Fernandes, G., Rodrigues, J.J.P.C., et al. (2017) A Novel Anomaly Detection System to Assist Network Management in SDN Environment. IEEE International Conference on Communications, Paris, 21-25 May 2017, 1-6. [Google Scholar] [CrossRef
[12] Silva, A.S.D., Wickboldt, J.A., Granville, L.Z., et al. (2016) ATLANTIC: A Framework for Anomaly Traffic Detection, Classification, and Mitigation in SDN. IEEE/IFIP Network Operations and Management Symposium, Istanbul, 25-29 April 2016, 27-35.
[13] Boero, L., Marchese, M. and Zappatore, S. (2017) Support Vector Machine Meets Software Defined Networking in IDS Domain. 29th International Teletraffic Congress (ITC 29), Genoa, 4-8 September 2017, 25-30. [Google Scholar] [CrossRef
[14] 王晓瑞, 庄雷, 胡颖, 等. SDN环境下基于BP神经网络的DDoS攻击检测方法[J]. 计算机应用研究, 2018, 35(3).
[15] 王伟. 基于深度学习的网络流量分类及异常检测方法研究[D]: [博士学位论文]. 北京: 中国科学技术大学, 2018.
[16] 徐毅, 曾文兵. Openstack虚拟化流量平台监控系统[J]. 计算机系统应用, 2018(2).
[17] Le, L., Sinh, D., Lin, B.P., et al. (2018) Applying Big Data, Machine Learning, and SDN/NFV to 5G Traffic Clustering, Forecasting, and Management. 4th IEEE Conference on Network Softwarization and Workshops (NetSoft), IEEE, 168-176.
[18] Kataoka, K., Gangwar, S. and Podili, P. (2018) Trust List: Internet-Wide and Distributed IoT Traffic Management Using Blockchain and SDN. IEEE 4th World Forum on Internet of Things (WF-IoT), Singapore, 5-8 February 2018, 296-301. [Google Scholar] [CrossRef
[19] Monshizadeh, M., Khatri, V. and Kantola, R. (2017) An Adaptive Detection and Prevention Architecture for Unsafe Traffic in SDN Enabled Mobile Networks. IFIP/IEEE Symposium on Integrated Network and Service Management (IM), Lisbon, 8-12 May 2017.
[20] Nguyen, T.H. and Yoo, M. (2017) Analysis of Link Discovery Service At-tacks in SDN Controller. International Conference on Information Networking, Da Nang, 11-13 January 2017.