J4 ›› 2015, Vol. 42 ›› Issue (1): 155-160.doi: 10.3969/j.issn.1001-2400.2015.01.025

• 研究论文 • 上一篇    下一篇

一种基于SDN的在线流量异常检测方法

左青云;陈鸣;王秀磊;刘波   

  1. (解放军理工大学 指挥信息系统学院,江苏 南京  210007)
  • 收稿日期:2013-09-11 出版日期:2015-02-20 发布日期:2015-04-14
  • 通讯作者: 左青云
  • 作者简介:左青云(1986-),男,解放军理工大学博士研究生,E-mail:zuoqy@163.com.
  • 基金资助:

    国家“973”重点基础研究计划基金资助项目(2012CB315806);国家自然科学基金资助项目(61070173,61103225)

Online traffic anomaly detection method for SDN

ZUO Qingyun;CHEN Ming;WANG Xiulei;LIU Bo   

  1. (College of Command Information Systems, PLA Univ. of Science and Technology, Nanjing  210007, China)
  • Received:2013-09-11 Online:2015-02-20 Published:2015-04-14
  • Contact: ZUO Qingyun

摘要:

基于软件定义网络的集中管控平面,提出了一种在线流量异常检测方法.首先在控制器上在线获取OpenFlow交换机的流表信息,并构造整个网络的流量矩阵与样本熵矩阵进行组合,然后采用主成分分析方法检测异常流量.实验结果表明,相比于传统网络中利用主成分分析方法分别单独处理离线的流量矩阵或样本熵矩阵的方法,在线流量异常检测方法实现和处理方式简单、有效,异常流量能够得到快速隔离,是基于软件定义网络的一种轻量级在线流量异常检测方法.

关键词: 在线流量异常检测方法网络, 软件定义网络, 流量异常, 在线检测, 主成分分析

Abstract:

Based on the centralized control plane in SDN, an online traffic anomaly detection method (OpenTAD) is proposed. Firstly the flow table statistic is collected from the controller online, and the traffic matrix and sample entropy matrix are constructed and assembled. Then the PCA method is used to detect the abnormal traffic. The result of experiments show that, compared with the traditional PCA method which disposes the traffic matrix or the entropy matrix respectively offline, the OpenTAD is simple and effective, and traffic anomaly could be isolated rapidly. This method is a lightweight online traffic anomaly detection method for SDN.

Key words: OpenFlow network, software defined network, traffic anomaly, online detection, principal component analysis

中图分类号: 

  • TP393