Journal of Computer Applications ›› 2020, Vol. 40 ›› Issue (1): 116-122.DOI: 10.11772/j.issn.1001-9081.2019061125

• Cyber security • Previous Articles     Next Articles

Design and implementation of intrusion detection model for software defined network architecture

CHI Yaping1,2, MO Chongwei1,2, YANG Yintan2, CHEN Chunxia1   

  1. 1. Department of Cyberspace Security, Beijing Electronic Science and Technology Institute, Beijing 100070, China;
    2. College of Communication Engineering, Xidian University, Xi'an Shaanxi 710071, China
  • Received:2019-06-28 Revised:2019-09-24 Online:2020-01-10 Published:2019-10-11
  • Supported by:
    This work is partially supported by the National Key Research and Development Program of China (2018YFB1004100).

面向软件定义网络架构的入侵检测模型设计与实现

池亚平1,2, 莫崇维1,2, 杨垠坦2, 陈纯霞1   

  1. 1. 北京电子科技学院 网络空间安全系, 北京 100070;
    2. 西安电子科技大学 通信工程学院, 西安 710071
  • 通讯作者: 莫崇维
  • 作者简介:池亚平(1969-),女,北京人,教授,博士,CCF高级会员,主要研究方向:虚拟化安全、可信计算、加密技术、网络安全、软件定义网络、云计算安全;莫崇维(1989-),男,广西来宾人,硕士研究生,主要研究方向:软件定义网络、云计算、网络安全;杨垠坦(1993-),男,河南南阳人,硕士研究生,主要研究方向:软件定义网络、云计算、网络安全;陈纯霞(1996-),女,广东汕头人,硕士研究生,主要研究方向:云计算、网络安全、加密技术。
  • 基金资助:
    国家重点研发计划项目(2018YFB1004101)。

Abstract: Concerning the problem that traditional intrusion detection method cannot detect the specific attacks aiming at Software Defined Network (SDN) architecture, an intrusion detection model based on Convolutional Neural Network (CNN) was proposed. Firstly, an feature extraction method was designed based on SDN flow table entry. The SDN specific attack samples were collected to form the attack flow table dataset. Then, the CNN was used for training and detection. And focusing on the low recognition rate caused by small sample size of SDN attacks, a reinforcement learning method based on probability was proposed. The experimental results show that the proposed intrusion detection model can effectively detect the specific attacks aiming at SDN architecture with high accuracy, and the proposed reinforcement learning method can effectively improve the recognition rate of small probability attacks.

Key words: intrusion detection, Convolutional Neural Network (CNN), Software Defined Network (SDN), network security, reinforcement learning

摘要: 针对传统入侵检测方法无法检测软件定义网络(SDN)架构的特有攻击行为的问题,设计一种基于卷积神经网络(CNN)的入侵检测模型。首先,基于SDN流表项设计了特征提取方法,通过采集SDN特有攻击样本形成攻击流表数据集;然后,采用CNN进行训练和检测,并针对SDN攻击样本量较小而导致的识别率低的问题,设计了一种基于概率的加强训练方法。实验结果表明,所提的入侵检测模型可以有效检测面向SDN架构的特有攻击,具有较高的准确率,所提的基于概率的加强学习方法能有效提升小概率攻击的识别率。

关键词: 入侵检测, 卷积神经网络, 软件定义网络, 网络安全, 加强学习

CLC Number: