Research On Network Anomaly Detection Technology Based On Traffic Measurement In SDN

Software defined network is a subversive innovation in the network field,so SDN anomaly detection has become a research hotspot.The contradiction between measurement resources and detection accuracy in SDN has not been solved,but the primary task of the existing SDN anomaly detection scheme is to optimize the accuracy of the detection model,without considering the impact of model complexity on network communication performance,and the practical application effect is limited.On the other hand,most network anomalies are likely to be hidden in real-time communication data,and coarse-grained measurement methods such as sampling can't ensure the small flow proportion of flow length distribution.The existing SDN anomaly detection scheme separates the relationship between network measurement and anomaly detection,resulting in deviation of detection results.Therefore,this paper focuses on network anomaly detection technology based on traffic measurement in SDN.Firstly,the optimized network measurement node selection method reduces the occupation of measurement resources.Secondly,the statistical data of traffic in the measurement cycle is used to speculate the incomplete flow,which improves the accuracy of small flow as a whole.Finally,all small flows are aggregated in different dimensions to identify common network anomalies.The main work of this paper is as follows:(1)A measurement node selection method based on ant colony optimization is proposed in SDN network.Aiming at the load state and selection efficiency of measurement nodes in SDN network,the ACO algorithm with improved candidate set and pheromone update strategy is used to search the initial measurement set from the given network topology,in order to improve the accuracy and convergence of measurement node selection.After online load statistics based on Open Flow protocol,NS algorithm is used to filter,replace and check redundant of the initial measurement set in turn,so as to eliminate overload nodes as much as possible.(2)Then a network anomaly detection mechanism based on small flow speculation is proposed.In view of the low measurement resource consumption and small flow accuracy in estimating the flow length in SDN network,the measurement node of the flow transmission path defines a specific flow table,and only the measurement node reports the flow deletion information in a single direction,which greatly reduces the processing overhead imposed by the expired flow on the SDN controller;Based on the statistical information of flow in the measurement period,the incomplete flow is speculated to improve the estimation accuracy of small flow set;Finally,small flow sets are aggregated according to different dimensions to identify specific network exceptions.(3)The SDN test environment is constructed by Ryu controller,Open vSwitch switch and Mininet topology simulator to verify the method and mechanism proposed.The experimental results show that ACO-NS method can select effective measurement nodes in a short time;The anomaly detection mechanism based on small flow speculation can improve the accuracy of small flow estimation with less processing overhead,and then provide effective data source for SDN anomaly detection.