一种基于SDN的在线流量异常检测方法

doi:10.3969/j.issn.1001-2400.2015.01.025

Abstract

Abstract:

Based on the centralized control plane in SDN, an online traffic anomaly detection method (OpenTAD) is proposed. Firstly the flow table statistic is collected from the controller online, and the traffic matrix and sample entropy matrix are constructed and assembled. Then the PCA method is used to detect the abnormal traffic. The result of experiments show that, compared with the traditional PCA method which disposes the traffic matrix or the entropy matrix respectively offline, the OpenTAD is simple and effective, and traffic anomaly could be isolated rapidly. This method is a lightweight online traffic anomaly detection method for SDN.

Key words: OpenFlow network, software defined network, traffic anomaly, online detection, principal component analysis

CLC Number:

TP393

ZUO Qingyun;CHEN Ming;WANG Xiulei;LIU Bo. Online traffic anomaly detection method for SDN[J].J4, 2015, 42(1): 155-160.

References

［1］ Open Networking Fundation. SDN ［EB/OL］. ［2013-08-03］. https://www.opennetworking.org.
［2］ Tootoonchian A, Ghobadi M, Ganjali Y. OpenTM: Traffic Matrix Estimator for OpenFlow Networks ［C］//Proceedings of the 11th International Conference on Passive and Active Measurement (PAM). Heidelberg: Springer, 2010: 201-210.
［3］ Jose L, Yu M, Rexford J. Online Measurement of Large Traffic Aggregates on Commodity Switches ［C］//Proceedings of the 11th USENIX Conference on Hot Topics in Management of Internet, Cloud, and Enterprise Networks and Services (Hot-ICE). Berkeley: USENIX Association, 2011: 13.
［4］ Braga R, Mota E, Passito A. Lightweight DDoS Flooding Attack Detection Using NOX/OpenFlow ［C］//IEEE 35th Conference on Local Computer Networks. Piscataway: IEEE, 2010: 408-415.
［5］ Mehdi S A, Khalid J, Khayam S A. Revisiting Traffic Anomaly Detection Using Software Defined Networking ［C］//Proceedings of the 14th International Conference on Recent Advances in Intrusion Detection. Heidelberg: Springer, 2011: 161-180.
［6］ Mckeown N, Anderson T, Balakrishnan H, et al. OpenFlow: Enabling Innovation in Campus Networks ［J］. ACM SIGCOMM Computer Communication Review, 2008, 38(2): 69-74.
［7］ Nychis G, Sekar V, Andersen D G, et al. An Empirical Evaluation of Entropy-based Traffic Anomaly Detection ［C］//Proceedings of the 8th ACM SIGCOMM Conference on Internet Measurement. New York: ACM, 2008: 151-156.
［8］ Lakhina A, Crovella M, Diot C. Diagnosing Network-wide Traffic Anomalies ［C］//Proceedings of the ACM SIGCOMM. New York: ACM, 2004: 219-230.
［9］ Lakhina A, Crovella M, Diot C. Mining Anomalies Using Traffic Feature Distributions ［C］//Proceedings of the ACM SIGCOMM. New York: ACM, 2005: 134-145.
［10］ Soule A, Salamatian K, Taft N. Combining Filtering and Statistical Methods for Anomaly Detection ［C］//Proceedings of the 5th ACM SIGCOMM Conference on Internet Measurement. Berkeley: USENIX Association, 2005: 31.
［11］ Gude N, Koponen T, Pettit J, et al. Nox: Towards an Operating System for Networks ［J］. ACM SIGCOMM Computer Communication Review, 2008, 38(3):105-110.
［12］ Handigol N, Heller B, Jeyakumar V, et al. Reproducible Network Experiments Using Container-based Emulation ［C］//Proceedings of the 8th International Conference on Emerging Networking Experiments and Technologies. New York: ACM, 2012: 253-264.

[1]	CHAI Yanna,LI Kunlun,SONG Huansheng. On the security of the intrusion detection system in smart vehicles [J]. Journal of Xidian University, 2021, 48(3): 31-39.
[2]	ZHEN Yan,ZHAO Hu. Resource scheduling strategy in hierarchical software defined wireless sensor networks [J]. Journal of Xidian University, 2019, 46(4): 87-98.
[3]	LIU Daohua,CUI Yushuang,ZHAO Yansong,SONG Yuting,WANG Jinghui. Method for retrieving the teaching image based on the improved convolutional neural network [J]. Journal of Xidian University, 2019, 46(3): 52-58.
[4]	LI Hui,XI Yuanyuan,MA Yuxin,ZHANG Ruimei. Traffic flow cycle prediction based on the PCA-ESN model [J]. Journal of Xidian University, 2019, 46(1): 20-26.
[5]	WANG Xing;HUANG Xiaoyu;LIU Xuanpu;KONG Xianguang;NIU Meng. Multi-layer incremental feature extraction method for industrial big data [J]. Journal of Xidian University, 2018, 45(4): 106-111.
[6]	XIONG Yu;ZHANG Zhenzhen;SHI Jin;WU Dapeng. Global resource allocation mechanism based on software-defined of TWDM-PON [J]. Journal of Xidian University, 2017, 44(5): 140-146.
[7]	ZHANG Jujie;FANG Min;GUO Jin. New method for multi-label feature extraction [J]. Journal of Xidian University, 2016, 43(6): 62-67.
[8]	KONG Xianguang;ZHANG Xiong;MA Hongbo;CHANG Jiantao;NIU Meng. Real time feature extraction method for complex industrial big data [J]. Journal of Xidian University, 2016, 43(5): 70-74+152.
[9]	SHI Hehuan;XU Yuelei;MA Shiping;LI Yueyun;LI Shuai. Convolutional neural networks recognition algorithm based on PCA [J]. Journal of Xidian University, 2016, 43(3): 161-166.
[10]	LIANG Wei;ZENG Ping;ZHENG Haihong;LUO Xuemei. Multispectral image compression algorithm based on composite transform [J]. J4, 2015, 42(4): 33-40.
[11]	ZHAO Yangyang;ZHOU Shuisheng;WU Yajing. Non-iterative GLRAM algorithm for face recognition [J]. J4, 2014, 41(2): 144-150.
[12]	YANG Xi;LI Jie;HAN Bing;GAO Xinbo. Wavelet hierarchical model for aurora images classification [J]. J4, 2013, 40(2): 18-24.
[13]	CAO Xiang-hai;LIU Hong-wei;WU Shun-jun. Incremental principal component analysis using the approximated covariance matrix [J]. J4, 2010, 37(3): 459-463.
[14]	WEN Hao;LU Zhao-yang;GAO Quan-xue. Face recognition algorithm based on wavelet preprocessing and tensor PCA [J]. J4, 2009, 36(4): 602-607.
[15]	TONG Ming;YAN Tao;JI Hong-bing. Strong anti-robust watermarking algorithm [J]. J4, 2009, 36(1): 22-27.

Online traffic anomaly detection method for SDN

PDF (PC)

Like

Knowledge

Cited

Abstract

Cite this article

share this article

References

Related Articles 15

Metrics

Comments

Recommended 0