研究论文

SDN中入侵检测方法研究进展

  • 刘瑞 , 1 ,
  • 王海凤 , 1, * ,
  • 郑承蔚 1 ,
  • 武文红 1 ,
  • 牛恒茂 2
展开
  • 1. 内蒙古工业大学信息工程学院, 呼和浩特 010080
  • 2. 内蒙古建筑职业技术学院建筑工程与测绘学院, 呼和浩特 010020
王海凤(通信作者),副教授,研究方向为计算机网络技术,电子信箱:

刘瑞,硕士研究生,研究方向为计算机网络技术,电子信箱:

收稿日期: 2024-05-27

  网络出版日期: 2025-06-25

基金资助

内蒙古自治区科技计划项目(2021GG0250)

内蒙古自治区自然科学基金(2021MS06029)

内蒙古自治区科技计划项目(2020GG0104)

版权

版权所有,未经授权,不得转载。

Research progress of intrusion detection methods in SDN

  • Rui LIU , 1 ,
  • Haifeng WANG , 1, * ,
  • Chengwei ZHENG 1 ,
  • Wenhong WU 1 ,
  • Hengmao NIU 2
Expand
  • 1. College of Information Engineering, Inner Mongolia University of Technology, Hohhot 010080, China
  • 2. Inner Mongolia Vocational and Technical College of Architecture, School of Architectural Engineering and Surveying and Mapping, Hohhot 010020, China

Received date: 2024-05-27

  Online published: 2025-06-25

Copyright

All rights reserved. Unauthorized reproduction is prohibited.

摘要

入侵检测作为软件定义网络(software defined networks,SDN)架构的关键安全防护手段,能有效保障SDN安全稳定运行。通过汇总基于机器学习、基于深度学习、基于强化学习和基于信息熵的入侵检测方法,总结并分析SDN环境中仍存在的问题总结并分析了SDN环境中仍存在的问题:单控制器易受网络威胁、缺乏可扩展性、缺乏缓解和预防的方法、缺乏低速率DDoS的攻击检测、缺乏用于训练的SDN特定数据集、应用层的防御方法较少,并指出了未来的研究方向。

本文引用格式

刘瑞 , 王海凤 , 郑承蔚 , 武文红 , 牛恒茂 . SDN中入侵检测方法研究进展[J]. 科技导报, 2025 , 43(10) : 76 -93 . DOI: 10.3981/j.issn.1000-7857.2024.05.00570

1
Liao H J , Lin C H R , Lin Y C , et al. Intrusion detection system: A comprehensive review[J]. Journal of Network and Computer Applications, 2013, 36 (1): 16- 24.

DOI

2
Software defined networking market size, share and global market forecast to 2025[EB/OL]. (2021-02-14)[2024-01-04]. https://www.marketsandmarkets.com/.

3
Kreutz D , Ramos F M V , Veríssimo P E , et al. Software-defined networking: A comprehensive survey[J]. Proceedings of the IEEE, 2015, 103 (1): 14- 76.

DOI

4
Aburomman A A, Bin Ibne Reaz M. Survey of learning methods in intrusion detection systems[C]//Proceedings of International Conference on Advances in Electrical, Electronic and Systems Engineering (ICAEES). Piscataway, NJ: IEEE, 2016: 362-365.

5
陈晓帆, 黎志勇, 李宁. 基于软件定义网络的恶意网站防护系统[J]. 科技导报, 2015, 33 (5): 93- 99.

DOI

6
翟亚红, 崔峻玮. 软件定义网络安全研究进展[J]. 科技导报, 2023, 41 (13): 76- 88.

DOI

7
Scott-Hayward S , Natarajan S , Sezer S . A survey of security in software defined networks[J]. IEEE Communications Surveys & Tutorials, 2016, 18 (1): 623- 654.

8
Braun W , Menth M . Software-defined networking using OpenFlow: Protocols, applications and architectural design choices[J]. Future Internet, 2014, 6 (2): 302- 336.

DOI

9
Hamarsheh A . An adaptive security framework for Internet of Things networks leveraging SDN and machine learning[J]. Applied Sciences, 2024, 14 (11): 4530.

DOI

10
Yungaicela-Naula N M , Vargas-Rosales C , Perez-Diaz J A . SDN-based architecture for transport and application layer DDoS attack detection by using machine and deep learning[J]. IEEE Access, 2021, 9: 108495- 108512.

DOI

11
Sheibani M , Konur S , Awan I , et al. A multi-layered defence strategy against DDoS attacks in SDN/NFV-based 5G mobile networks[J]. Electronics, 2024, 13 (8): 1515.

DOI

12
Abdi A H , Audah L , Salh A , et al. Security control and data planes of SDN: A comprehensive review of traditional, AI, and MTD approaches to security solutions[J]. IEEE Access, 2024, 12: 69941- 69980.

DOI

13
Hauser F , Schmidt M , Häberle M , et al. P4-MACsec: Dynamic topology monitoring and data layer protection with MACsec in P4-based SDN[J]. IEEE Access, 2020, 8: 58845- 58858.

DOI

14
Abdulkarem H S, Dawod A. DDoS attack detection and mitigation at SDN data plane layer[C]//Proceedings of 2nd Global Power, Energy and Communication Conference (GPECOM). Piscataway, NJ: IEEE, 2020: 322-326.

15
李道全, 杨乾乾, 鲁晓夫. 基于决策树的SDN网络入侵分类检测模型[J]. 计算机工程与设计, 2022, 43 (8): 2146- 2152.

16
Jeba Praba J , Sridaran R . An SDN-based decision tree detection (DTD) model for detecting DDoS attacks in cloud environment[J]. International Journal of Advanced Computer Science and Applications, 2022, 13 (7): 23- 40.

17
Janabi A H , Kanakis T , Johnson M . Overhead reduction technique for software-defined network based intrusion detection systems[J]. IEEE Access, 1851, 10: 66481- 66491.

18
Hadem P , Saikia D K , Moulik S . An SDN-based intrusion detection system using SVM with selective logging for IP traceback[J]. Computer Networks, 2021, 191: 108015.

DOI

19
Madathi M , Harini R , Monikaa R , et al. Detection of DDoS attack in SDN environment using KNN algorithm[J]. Inter-national Journal of Research and Analytical Reviews, 2022, 9 (2): 252- 257.

20
Qian H Z , Cai L L . Improved K-means-based solution for detecting DDoS attacks in SDN[J]. Physical Communication, 2024, 64: 102318.

DOI

21
Xu Y H , Sun H T , Xiang F , et al. Efficient DDoS detection based on K-FKNN in software defined networks[J]. IEEE Access, 2019, 7: 160536- 160545.

DOI

22
Sahoo K S , Tripathy B K , Naik K , et al. An evolutionary SVM model for DDOS attack detection in software defined networks[J]. IEEE Access, 2020, 8: 132502- 132513.

DOI

23
Sudar K M, Beulah M, Deepalakshmi P, et al. Detection of Distributed Denial of Service Attacks in SDN using Machine learning techniques[C]// Proceedings of International Conference on Computer Communication and Informatics (ICCCI). Piscataway, NJ: IEEE, 2021: 1-5.

24
Vetriselvi V, Shruti P S, Abraham S. Two-level intrusion detection system in SDN using machine learning[M]// Lecture Notes in Electrical Engineering. Singapore: Springer Singapore, 2018: 449-461.

25
胡睿, 徐芹宝, 王昌达. SDN中一种基于机器学习的DDoS入侵检测与防御方法[J]. 计算机与数字工程, 2023, 51 (7): 1590- 1596.

26
Singh A , Kaur H , Kaur N . A novel DDoS detection and mitigation technique using hybrid machine learning model and redirect illegitimate traffic in SDN network[J]. Cluster Computing, 2024, 27 (3): 3537- 3557.

DOI

27
Arthi R , Krishnaveni S , Zeadally S . An intelligent SDN-IoT enabled intrusion detection system for healthcare systems using a hybrid deep learning and machine learning approach[J]. China Communications, 2024, 21 (10): 1- 21.

28
Satheesh N , Rathnamma M V , Rajeshkumar G , et al. Flow-based anomaly intrusion detection using machine learning model with software defined networking for Open-Flow network[J]. Microprocessors and Microsystems, 2020, 79: 103285.

DOI

29
Santos-Neto M J , Bordim J L , Alchieri E A P , et al. DDoS attack detection in SDN: Enhancing entropy-based detection with machine learning[J]. Concurrency and Computation: Practice and Experience, 2024, 36 (11): e8021.

DOI

30
Makuvaza A , Jat D S , Gamundani A M . Deep neural network (DNN) solution for real-time detection of distributed denial of service (DDoS) attacks in software defined networks (SDNs)[J]. SN Computer Science, 2021, 2 (2): 107.

DOI

31
Al Razib M , Javeed D , Khan M T , et al. Cyber threats detection in smart environments using SDN-enabled DNN-LSTM hybrid framework[J]. IEEE Access, 2022, 10: 53015- 53026.

DOI

32
Albahar M . Recurrent neural network model based on a new regularization technique for real-time intrusion detection in SDN environments[J]. Security and Communication Networks, 2019, 2019: 8939041.

33
Ravi V , Chaganti R , Alazab M . Deep learning feature fusion approach for an intrusion detection system in SDN-based IoT networks[J]. IEEE Internet of Things Magazine, 2022, 5 (2): 24- 29.

DOI

34
ElSayed M S , Le-Khac N A , Ali Albahar M , et al. A novel hybrid model for intrusion detection systems in SDNs based on CNN and a new regularization technique[J]. Journal of Network and Computer Applications, 2021, 191: 103160.

DOI

35
Lee S. AE-NIDS: Automated evolving SDN-based network intrusion detection system[EB/OL]. [2023-02-02]. https://2020.eurosys.org/wp-content/uploads/2020/04/eurosys20posters-final35-abstract.pdf.

36
Yao R Z , Wang N , Liu Z H , et al. Intrusion detection system in the smart distribution network: A feature engineering based AE-LightGBM approach[J]. Energy Reports, 2021, 7: 353- 361.

DOI

37
Ezeh D A , de Oliveira J . An SDN controller-based frame-work for anomaly detection using a GAN ensemble algo-rithm[J]. Infocommunications Journal, 2023, 15 (2): 29- 36.

DOI

38
Khekare G , Kumar K P , Prasanthi K N , et al. Optimizing network security and performance through the integration of hybrid GAN-RNN models in SDN-based access control and traffic engineering[J]. International Journal of Advanced Computer Science and Applications, 2023, 14 (12): 117- 128.

39
吕星璇, 韩俐. SDN环境下基于PCA-DNN的扫描攻击检测模型研究[J]. 天津理工大学学报, 2022, 38 (1): 43- 48.

40
Alhilo A M J , Koyuncu H . Enhancing SDN anomaly detection: A hybrid deep learning model with SCA-TSO optimization[J]. International Journal of Advanced Computer Science and Applications, 2024, 15 (5): 98- 107.

41
Chen J, Cui M. Multi-class intrusion detection system in SDN based on hybrid LSTM model[M]// Communications in Computer and Information Science. Singapore: Springer Nature Singapore, 2024: 99-111.

42
Sri vidhya G , Nagarajan R . A novel bidirectional LSTM model for network intrusion detection in SDN-IoT network[J]. Computing, 2024, 106 (8): 2613- 2642.

DOI

43
Javeed D , Gao T H , Khan M T . SDN-enabled hybrid DL-driven framework for the detection of emerging cyber threats in IoT[J]. Electronics, 2021, 10 (8): 918.

DOI

44
Malik J , Akhunzada A , Bibi I , et al. Hybrid deep learning: An efficient reconnaissance and surveillance detection mechanism in SDN[J]. IEEE Access, 2020, 8: 134695- 134706.

DOI

45
Wang H M , Li W . DDosTC: A transformer-based network attack detection hybrid mechanism in SDN[J]. Sensors, 2021, 21 (15): 5047.

DOI

46
Goud K S, Rao G S. Towards an efficient DDoS attack detection in SDN: An approach with CNN-GRU fusion[C]// Proceedings of Fourth International Conference on Advances in Electrical, Computing, Communication and Sustainable Technologies (ICAECT). Piscataway, NJ: IEEE, 2024: 1-10.

47
Lee T H, Chang L H, Syu C W. Deep learning enabled intrusion detection and prevention system over SDN networks [C]//Proceedings of IEEE International Conference on Communications Workshops (ICC Workshops). Piscataway, NJ: IEEE, 2020: 1-6.

48
Chen L , Wang Z H , Huo R , et al. An adversarial DBN-LSTM method for detecting and defending against DDoS attacks in SDN environments[J]. Algorithms, 2023, 16 (4): 197.

DOI

49
Zhang Y L, Wu X M, Dong H M. TIBS: A deep-learning model for network intrusion detection for SDN environ-ments[C]//Proceedings of 9th International Conference on Computer and Communication Systems (ICCCS). Piscataway, NJ: IEEE, 2024: 419-426.

50
Clifton J , Laber E . Q-learning: Theory and applications[J]. Annual Review of Statistics and Its Application, 2020, 7: 279- 301.

DOI

51
Nguyen H H, Nguyen T G, Hoang D T, et al. CARS: Dynamic cyber-attack reaction in SDN-based networks with Q-learning[C]//Proceedings of International Conference on Advanced Technologies for Communications (ATC). Piscataway, NJ: IEEE, 2021: 156-161.

52
Phan T V , Bauschert T . DeepAir: Deep reinforcement learning for adaptive intrusion response in software-defined networks[J]. IEEE Transactions on Network and Service Management, 2022, 19 (3): 2207- 2218.

DOI

53
Arif F , Khan N A , et al. DQQS: Deep reinforcement learning-based technique for enhancing security and performance in SDN-IoT environments[J]. IEEE Access, 2024, 12: 60568- 60587.

DOI

54
Mnih V , Kavukcuoglu K , Silver D , et al. Human-level control through deep reinforcement learning[J]. Nature, 2015, 518 (7540): 529- 533.

DOI

55
Phan T V , Nguyen T G , Dao N N , et al. DeepGuard: Efficient anomaly detection in SDN with fine-grained traffic flow monitoring[J]. IEEE Transactions on Network and Service Management, 2020, 17 (3): 1349- 1362.

DOI

56
Schulman J, Wolski F, Dhariwal P, et al. Proximal policy optimization algorithms[EB/OL]. [2024-01-05]. https://arxiv.org/abs/1707.06347v2.

57
Shen J H, Zhang T, Zhang B C, et al. PPO-RM: Proximal policy optimization based route mutation for multimedia services[C]//Proceedings of International Wireless Commu-nications and Mobile Computing (IWCMC). Piscataway, NJ: IEEE, 2021: 35-40.

58
Zolotukhin M, Kumar S, Hämäläinen T. Reinforcement learning for attack mitigation in SDN-enabled networks [C]//Proceedings of 6th IEEE Conference on Network Soft-warization (NetSoft). Piscataway, NJ: IEEE, 2020: 282-286.

59
Li M , Deng S X , Zhou H C , et al. A path selection scheme for detecting malicious behavior based on deep reinforcement learning in SDN/NFV-Enabled network[J]. Computer Networks, 2023, 236: 110034.

DOI

60
Allakany A, Yadav G, Paul K, et al. Detection and mitigation of LFA attack in SDN-iot network[C]//Web, artificial intelligence and network applications: Proceedings of the workshops of the 34th international conference on advanced information networking and applications(WAINA-2020). Cham: Springer International Publishing, 2020: 1087-1096.

61
Wang J S , Liu Y , Zhang W T , et al. ReLFA: Resist link flooding attacks via renyi entropy and deep reinforcement learning in SDN-IoT[J]. China Communications, 2022, 19 (7): 157- 171.

DOI

62
Sampaio L S R, Faustini P H A, Silva A S, et al. Using NFV and reinforcement learning for anomalies detection and miti-gation in SDN[C]//Proceedings of IEEE Symposium on Computers and Communications (ISCC). Piscataway, NJ: IEEE, 2018: 432-437.

63
Kim S , Yoon S , Lim H . Deep reinforcement learning-based traffic sampling for multiple traffic analyzers on software-defined networks[J]. IEEE Access, 2021, 9: 47815- 47827.

DOI

64
Dake D K , Gadze J D , Klogo G S , et al. Multi-agent rein-forcement learning framework in SDN-IoT for transient load detection and prevention[J]. Technologies, 2021, 9 (3): 44.

DOI

65
Mohanad M , et al. Intrusion detection in software-defined networks: Leveraging deep reinforcement learning with graph convolutional networks for resilient infrastructure[J]. Fusion: Practice and Applications, 2024, 15 (1): 78- 87.

DOI

66
Paidipati K K , Kurangi C , Uthayakumar J , et al. Ensemble of deep reinforcement learning with optimization model for DDoS attack detection and classification in cloud based soft-ware defined networks[J]. Multimedia Tools and Applications, 2024, 83 (11): 32367- 32385.

67
Dey S K, Uddin M R, Rahman M M. Performance analysis of SDN-based intrusion detection model with feature selection approach[M]//Uddin M S, Bansal J C, eds. Algorithms for Intelligent Systems. Singapore: Springer Nature Singapore, 2019: 483-494.

68
Yadav A, Kori A S, G N D, et al. A hybrid approach for detection of DDoS attacks using entropy and machine learning in software defined networks[C]//Proceedings of 12th International Conference on Computing Communication and Networking Technologies (ICCCNT). Piscataway, NJ: IEEE, 2021: 1-7.

69
Mohammad H M, Abdullah A A. DDoS attack mitigation using entropy in SDN-IoT environment[C]//Proceedings of AIP Conference Proceedings", "AL-Kadhum 2ND International Conference on Modern Applications of Information and Communication Technology. Baghdad: AIP Publishing, 2023: 56-67.

70
Zhang L , Wang J S . A hybrid method of entropy and SSAE-SVM based DDoS detection and mitigation mechanism in SDN[J]. Computers & Security, 2022, 115: 102604.

71
Shohani R B , Mostafavi S , Hakami V . A statistical model for early detection of DDoS attacks on random targets in SDN[J]. Wireless Personal Communications, 2021, 120 (1): 379- 400.

DOI

72
Fan C , Kaliyamurthy N M , Chen S , et al. Detection of DDoS attacks in software defined networking using entropy[J]. Applied Sciences, 2021, 12 (1): 370.

DOI

73
Niknami N , Wu J . Entropy-KL-ML: Enhancing the entropy-KL-based anomaly detection on software-defined networks[J]. IEEE Transactions on Network Science and Engineering, 2022, 9 (6): 4458- 4467.

DOI

74
Liu Y , Zhi T , Shen M , et al. Software-defined DDoS detection with information entropy analysis and optimized deep learning[J]. Future Generation Computer Systems, 2022, 129: 99- 114.

DOI

75
Aladaileh M , Anbar M , Hasbullah I H , et al. Entropy-based approach to detect DDoS attacks on software defined networking controller[J]. Computers, Materials & Continua, 2021, 69 (1): 373- 391.

76
Ujjan R M , Pervez Z , Dahal K , et al. Entropy based features distribution for anti-DDoS model in SDN[J]. Sustainability, 2021, 13 (3): 1522.

DOI

77
Ladigatti A, Merawade V, Jain S, et al. Mitigation of DDoS attacks in SDN using access control list, entropy and puzzle-based mechanisms[C]//Proceedings of International Conference on Applied Intelligence and Sustainable Computing (ICAISC). Piscataway, NJ: IEEE, 2023: 1-8.

78
Tian Q W , Miyata S . A DDoS attack detection method using conditional entropy based on SDN traffic[J]. IoT, 2023, 4 (2): 95- 111.

DOI

79
Ahalawat A , Babu K S , Turuk A K , et al. A low-rate DDoS detection and mitigation for SDN using Renyi Entropy with Packet Drop[J]. Journal of Information Security and Applications, 2022, 68: 103212.

DOI

80
Mhamdi L , Isa M M . Securing SDN: Hybrid autoencoder-random forest for intrusion detection and attack mitigation[J]. Journal of Network and Computer Applications, 2024, 225: 103868.

DOI

81
Hassan A I , El Reheem E A , Guirguis S K . An entropy and machine learning based approach for DDoS attacks detection in software defined networks[J]. Scientific Reports, 2024, 14 (1): 18159.

DOI

82
肖建平, 龙春, 赵静, 等. 基于深度学习的网络入侵检测研究综述[J]. 数据与计算发展前沿, 2021, 3 (3): 59- 74.

83
Bawany N Z , Shamsi J A , Salah K . DDoS attack detection and mitigation using SDN: Methods, practices, and solutions[J]. Arabian Journal for Science and Engineering, 2017, 42 (2): 425- 441.

DOI

84
Akyildiz I F , Lee A , Wang P , et al. Research challenges for traffic engineering in software defined networks[J]. IEEE Network, 2016, 30 (3): 52- 58.

DOI

85
Santos da Silva A, Wickboldt J A, Granville L Z, et al. ATLANTIC: A framework for anomaly traffic detection, classification, and mitigation in SDN[C]//Proceedings of NOMS 2016-2016 IEEE/IFIP Network Operations and Management Symposium. Piscataway, NJ: IEEE, 2016: 27-35.

86
Tuan N N , Hung P H , Nghia N D , et al. A DDoS attack mitigation scheme in ISP networks using machine learning based on SDN[J]. Electronics, 2020, 9 (3): 413.

DOI

87
Pérez-Díaz J A , Valdovinos I A , Choo K K R , et al. A flexible SDN-based architecture for identifying and mitigating low-rate DDoS attacks using machine learning[J]. IEEE Access, 2020, 8: 155859- 155872.

DOI

88
Tang T A , Mhamdi L , McLernon D , et al. DeepIDS: Deep learning approach for intrusion detection in software defined networking[J]. Electronics, 2020, 9 (9): 1533.

DOI

89
Zhou L , Liao M C , Yuan C , et al. Low-rate DDoS attack detection using expectation of packet size[J]. Security and Communication Networks, 2017, 2017: 3691629.

90
Cui Y H , Qian Q , Guo C , et al. Towards DDoS detection mechanisms in software-defined networking[J]. Journal of Network and Computer Applications, 2021, 190: 103156.

DOI

91
Phan T V , Park M . Efficient distributed denial-of-service attack defense in SDN-based cloud[J]. IEEE Access, 2019, 7: 18701- 18714.

DOI

92
Wu Z J , Xu Q , Wang J J , et al. Low-rate DDoS attack detection based on factorization machine in software defined network[J]. IEEE Access, 2020, 8: 17404- 17418.

DOI

文章导航

/