Research On Network Traffic Classification Based On Machine Learning In SDN

Software Defined Networking(SDN)is a new network architecture designed on the basis of the traditional network model.In traditional networks,control and forwarding are integrated on the same hardware device.When the amount of data requests in the network is large,the load of the forwarding device may be too high.SDN will split the control authority from the forwarding device,and the controller will perform unified management.The load of the forwarding device will be reduced,and it is only responsible for the forwarding of data packets.In addition,the northbound interface of the SDN network is open to the outside world.Developers can dynamically configure the SDN network according to their own application requirements,so as to make the network more intelligent.The above two features also provide more possibilities for researchers to classify and detect traffic in SDN networks.In the early research of SDN network traffic classification,most of the traffic was classified by analyzing the To S field to obtain the service type corresponding to the packet.However,the classification accuracy of this method is low,and it has been unable to cope with the increasingly complex and changeable network traffic.In recent years,with the widespread popularity of the Internet and the continuous development of artificial intelligence technology,the types of traffic in the network are also increasing,and it is inevitable that malicious traffic will be included.So how to use machine learning technology to quickly and accurately identify malicious traffic has become the focus of current research.Starting from the security of SDN network,this paper mainly studies the traffic classification detection and DDo S attack detection in SDN network.The main work and innovation are as follows:(1)Firstly,the research background,significance and current situation of SDN network are described,and has briefly described the research content and innovation points.In the research status,the current research progress of network traffic classification detection and DDo S attack detection is introduced and analyzed in detail.Then this paper introduces the SDN network,feature selection,K-nearest neighbor algorithm,ensemble learning and other related technologies,which lays a solid theoretical foundation for the subsequent research on the classification detection of SDN network traffic and DDo S attack detection.(2)Aiming at the problem of traffic classification in SDN network,this paper deploys relevant modules in the application layer of SDN network,and transmits the collected traffic data to each module of the application layer in real time by issuing commands through the northbound interface.The corresponding modules complete the corresponding functions,thus realizing the classification detection of traffic.The specific implementation process is as follows: the adaptive feature selection module: firstly,the concept of feature selection tendency is proposed by combining cosine similarity and mutual information,and all features of the dataset are sorted by this index.Then,the features with the lowest filtering propensity are continuously eliminated to form a new feature subset.Finally,the optimal feature subset is automatically selected according to the feature fitness of each feature subset.KNN classification module: first of all,the multi-classification problem is decomposed according to the distance between different types of traffic,and then the improved KNN algorithm is used to classify the traffic.The experimental results show that the feature selection technology proposed in this paper effectively reduces the redundancy between the selected features,and the improved KNN can significantly improve the classification effect of similar traffic with unbalanced samples.This method is applicable to the real network environment.(3)Aiming at the problem of DDo S attack detection and traffic forwarding in SDN networks,a DDo S anomaly traffic detection architecture based on ensemble learning is proposed.The architecture mainly includes the following two modules,DDo S detection module: first and foremost,extract the relevant features from the flow table information according to the characteristics of DDo S attacks,then filter out the "best" quaternion features from many features through multiple comparative tests,and finally use the integrated voting algorithm to detect the DDo S traffic,achieving a good detection effect with a small number of features.Data forwarding module: propose a Multi-object Flow Routing scheme to provide an optimized path with high bandwidth and low latency for the classified normal traffic.The addition of this module effectively reduces the delay in the data transmission process and improves the user experience.