当前位置:
X-MOL 学术
›
IEEE Trans. Netw. Serv. Manag.
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
DeepGuard: Efficient Anomaly Detection in SDN with Fine-grained Traffic Flow Monitoring
IEEE Transactions on Network and Service Management ( IF 5.3 ) Pub Date : 2020-09-01 , DOI: 10.1109/tnsm.2020.3004415 Trung V. Phan , Tri Gia Nguyen , Nhu-Ngoc Dao , Truong Thu Huong , Nguyen Huu Thanh , Thomas Bauschert
IEEE Transactions on Network and Service Management ( IF 5.3 ) Pub Date : 2020-09-01 , DOI: 10.1109/tnsm.2020.3004415 Trung V. Phan , Tri Gia Nguyen , Nhu-Ngoc Dao , Truong Thu Huong , Nguyen Huu Thanh , Thomas Bauschert
Software-Defined Networking (SDN) leverages the implementation of reliable, flexible and efficient network security mechanisms which make use of novel techniques such as artificial intelligence (AI) and machine learning (ML). In particular, these techniques - together with SDN - are the key enablers for the design of anomaly detection methods which are based on efficient traffic flow monitoring. In this paper, we tackle this problem by proposing an efficient anomaly detection framework, denoted as DeepGuard, which improves the detection performance of cyberattacks in SDN based networks by adopting a fine-grained traffic flow monitoring mechanism. Specifically, the proposed framework utilizes a deep reinforcement learning technique, i.e., Double Deep ${Q}$ -Network (DDQN), to learn traffic flow matching strategies maximizing the traffic flow granularity while proactively protecting the SDN data plane from being overloaded. Afterwards, by implementing the learned optimal traffic flow matching control policy, the most beneficial traffic information for anomaly detection is acquired at runtime—thereby improving the cyberattack detection performance. The performance of the proposed framework is validated by extensive experiments, and the results show that DeepGuard yields significant performance improvements compared to existing traffic flow matching mechanisms regarding the level of traffic flow granularity. In the case of distributed denial-of-service (DDoS) attacks, DeepGuard achieves a remarkable attack detection performance while effectively preventing forwarding performance degradation in the SDN data plane.
中文翻译:
DeepGuard:具有细粒度流量监控的 SDN 中的高效异常检测
软件定义网络 (SDN) 利用可靠、灵活和高效的网络安全机制的实施,这些机制利用人工智能 (AI) 和机器学习 (ML) 等新技术。特别是,这些技术与 SDN 一起是设计基于高效交通流监控的异常检测方法的关键推动因素。在本文中,我们通过提出一种高效的异常检测框架(称为 DeepGuard)来解决这个问题,该框架通过采用细粒度的流量监控机制来提高基于 SDN 网络中网络攻击的检测性能。具体来说,所提出的框架利用了一种深度强化学习技术,即 Double Deep ${Q}$ -Network (DDQN),学习流量匹配策略,最大限度地提高流量粒度,同时主动保护 SDN 数据平面免于过载。之后,通过实施学习到的最优交通流匹配控制策略,在运行时获取对异常检测最有益的交通信息,从而提高网络攻击检测性能。所提出框架的性能通过大量实验得到验证,结果表明,与现有流量匹配机制相比,DeepGuard 在流量粒度级别上产生了显着的性能改进。在分布式拒绝服务 (DDoS) 攻击情况下,DeepGuard 实现了卓越的攻击检测性能,同时有效防止了 SDN 数据平面的转发性能下降。
更新日期:2020-09-01
中文翻译:
DeepGuard:具有细粒度流量监控的 SDN 中的高效异常检测
软件定义网络 (SDN) 利用可靠、灵活和高效的网络安全机制的实施,这些机制利用人工智能 (AI) 和机器学习 (ML) 等新技术。特别是,这些技术与 SDN 一起是设计基于高效交通流监控的异常检测方法的关键推动因素。在本文中,我们通过提出一种高效的异常检测框架(称为 DeepGuard)来解决这个问题,该框架通过采用细粒度的流量监控机制来提高基于 SDN 网络中网络攻击的检测性能。具体来说,所提出的框架利用了一种深度强化学习技术,即 Double Deep ${Q}$ -Network (DDQN),学习流量匹配策略,最大限度地提高流量粒度,同时主动保护 SDN 数据平面免于过载。之后,通过实施学习到的最优交通流匹配控制策略,在运行时获取对异常检测最有益的交通信息,从而提高网络攻击检测性能。所提出框架的性能通过大量实验得到验证,结果表明,与现有流量匹配机制相比,DeepGuard 在流量粒度级别上产生了显着的性能改进。在分布式拒绝服务 (DDoS) 攻击情况下,DeepGuard 实现了卓越的攻击检测性能,同时有效防止了 SDN 数据平面的转发性能下降。
京公网安备 11010802027423号