Abstract
Compared with traditional network, the network architecture and equipment function of SDN have changed dramatically. Thus it is necessary to research more targeted network security strategies. Abnormal traffic detection is the foundation of intrusion detection and intrusion prevention. For this reason, This paper proposes a specific abnormal flow detection method aimed at SDN. The method makes full use of flow-table in SDN switch to extract the features of abnormal flows, and applies information entropy to process non-numerical features of a flow into numerical features. Finally, a BP neural network model previously trained by these numerical features are used for abnormal flows detection. The contrast experiment results show that, this method can detect abnormal traffic in SDN effectively.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
McKeown, N., Anderson, T., Balakrishnan, H., et al.: OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Comput. Commun. Rev. 38(2), 69–74 (2008)
Huang, H., Deng, H., Chen, J., et al.: Automatic multi-task learning system for abnormal network traffic detection. Int. J. Emerg. Technol. Learn. (iJET) 13(4), 4–20 (2018)
Zhu, M.-J., Guo, N.-W.: Abnormal network traffic detection based on semi-supervised machine learning. DEStech Trans. Eng. Technol. Res. (2017). (ecame)
Kong, L., Huang, G., Wu, K.: Identification of abnormal network traffic using support vector machine. In: International Conference on Parallel and Distributed Computing, Applications and Technologies, pp. 288–292. IEEE Computer Society (2017)
Cheng, R., Xu, R., Tang, X., Sheng, V.S., Cai, C.: An abnormal network flow feature sequence prediction approach for DDoS attacks detection in big data environment. CMC: Comput. Mater. Continua 55(1), 095–119 (2018)
Chang, S., Qiu, X., Gao, Z., et al.: A flow-based anomaly detection method using sketch and combinations of traffic features. In: International Conference on Network and Service Management, pp. 302–305. IEEE (2011)
Wan, M., Yao, J., Jing, Y., Jin, X.: Event-based anomaly detection for non-public industrial communication protocols in SDN-based control systems. CMC: Comput. Mater. Continua 55(3), 447–463 (2018)
Zhang, Y.: An adaptive flow counting method for anomaly detection in SDN. In: Proceedings of the Ninth ACM Conference on Emerging Networking Experiments and Technologies, pp. 25–30. ACM (2013)
Braga, R., Mota, E., Passito, A.: Lightweight DDoS flooding attack detection using NOX/OpenFlow. In: IEEE Local Computer Network Conference, pp. 408–415. IEEE Computer Society (2010)
Giotis, K., Argyropoulos, C., Androulidakis, G., et al.: Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Comput. Netw. 62(5), 122–136 (2014)
Mehdi, S.A., Khalid, J., Khayam, S.A.: Revisiting traffic anomaly detection using software defined networking. In: Sommer, R., Balzarotti, D., Maier, G. (eds.) RAID 2011. LNCS, vol. 6961, pp. 161–180. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23644-0_9
Zuo, Q., Chen, M., Wang, X., et al.: Online traffic anomaly detection method for SDN. J. Xidian Univ. (Nat. Sci.) 42(1), 155–160 (2015). (in Chinese)
Chi, S., Zhou, S.: Research on defend against DDoS attacks. Netinfo Secur. (5), 27–31 (2012). (in Chinese)
Jouet, S., Perkins, C., Pezaros, D.: OTCP: SDN-managed congestion control for data center networks. In: Network Operations and Management Symposium, pp. 171–179. IEEE (2016)
Noormohammadpour, M., Raghavendra, C.S.: Datacenter traffic control: understanding techniques and trade-offs. IEEE Commun. Surv. Tutor. 20(2), 1492–1525 (2017)
Sasaki, T., Pappas, C., Lee, T., et al.: SDNsec: forwarding accountability for the SDN data plane. In: International Conference on Computer Communication and Networks, pp. 1–10. IEEE (2016)
Wang, X., Shang, Z., Chen, L.: Feature selection algorithm toward abnormal traffic detection. Comput. Eng. Appl. 46(28), 125–127 (2010). (in Chinese)
DARPA Intrusion Detection Data Sets. http://www.ll.mit.edu/ideval/data/index.html
LOIC: Low Orbit Ion Cannon. http://sourceforge.net/projects/loic/
Acknowledgement
This work was supported by the National Natural Science Foundation of China Nos. 61672101, the Beijing Key Laboratory of Internet Culture and Digital Dissemination Research (ICDDXN004)* and Key Lab of Information Network Security, Ministry of Public Security, No. C18601.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Xu, Y., Cui, C., Xu, T., Li, Y. (2019). Research on Detection Method of Abnormal Traffic in SDN. In: Sun, X., Pan, Z., Bertino, E. (eds) Artificial Intelligence and Security. ICAIS 2019. Lecture Notes in Computer Science(), vol 11632. Springer, Cham. https://doi.org/10.1007/978-3-030-24274-9_22
Download citation
DOI: https://doi.org/10.1007/978-3-030-24274-9_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-24273-2
Online ISBN: 978-3-030-24274-9
eBook Packages: Computer ScienceComputer Science (R0)