Research On Intrusion Detection Technology Based On Deep Learning In SDN Environment

With the increasing number of network attacks,traditional intrusion detection methods have gradually revealed their drawbacks,and deep learning models are gradually applied to the field of intrusion detection due to their excellent feature extraction and classification capabilities.SDN(Software Defined Network)network solves many pain points such as lack of flexibility and deployment difficulties of traditional networks through its characteristics of separation of forwarding and control and programmable management,but also brings new security challenges.First,the network structure and network protocols of SDN differ greatly from those of traditional networks,so deep learning-based intrusion detection algorithms under traditional networks have compatibility problems in the SDN environment.Second,some deep learning-based detection algorithms are slow to converge and have low detection rates.Third,in the case of unbalanced training samples,many detection models cannot guarantee the detection accuracy for unbalanced data.In this thesis,we address the compatibility problem by using SDN environment datasets.For the other two problems,the main work of this thesis is as follows.(1)In order to address the problem of slow convergence and low accuracy of detection algorithms,Chapter 3 of this thesis proposes an intrusion detection model based on attention mechanism optimized convolutional neural network for SDN environment.The model first uses a deep auto-encoder to reduce the dimensionality of the input data to reduce feature redundancy and noise.And the key features of the input traffic are extracted by convolutional neural network with attention mechanism at multiple levels to reduce the influence of weak features on the model classification and improve the convergence speed and accuracy of the intrusion detection model.Experimental results on the In SDN dataset show that this model has significant improvement in accuracy and convergence speed over the convolutional neural network model,the long short term memory neural network model and the hybrid model of both.(2)In order to improve the detection capability of the model for unbalanced datasets,a GAN(Generative Adversarial Network)network intrusion detection model based on data augmentation is proposed in Chapter 4 of this thesis.In the pre-training part,the samples are subjected to normalization and regularization.Then the dataset dimensionality is reduced using a deep auto-encoder to reduce the pressure on the model training in the later stage.The GAN network generator and discriminator are trained alternately using Wasserstein distance with gradient penalty to achieve Nash equilibrium.The generator is then used to mix in Gaussian noise and generate new data with a distribution close to that of the original data.The generated data are blended into the original data and a variety of traffic is classified by training the random forest algorithm.Experimental results on the In SDN dataset show that the method improves the detection rate significantly on the imbalanced data.It outperforms convolutional neural networks,long short term memory networks and hybrid models of both in terms of accuracy,recall and F1 score.