SDN中入侵检测方法研究进展

刘瑞; 王海凤; 郑承蔚; 武文红; 牛恒茂

doi:10.3981/j.issn.1000-7857.2024.05.00570

科技导报 >

2025 , Vol. 43 >Issue 10: 76 - 93

DOI: https://doi.org/10.3981/j.issn.1000-7857.2024.05.00570

研究论文

SDN中入侵检测方法研究进展

刘瑞 ^,¹ ,
王海凤 ^,¹^,* ,
郑承蔚 ¹ ,
武文红 ¹ ,
牛恒茂 ²

展开

1. 内蒙古工业大学信息工程学院, 呼和浩特 010080
2. 内蒙古建筑职业技术学院建筑工程与测绘学院, 呼和浩特 010020

王海凤（通信作者），副教授，研究方向为计算机网络技术，电子信箱：wanghf@imut.edu.cn

刘瑞，硕士研究生，研究方向为计算机网络技术，电子信箱：535426192@qq.com

收稿日期: 2024-05-27

网络出版日期: 2025-06-25

基金资助

内蒙古自治区科技计划项目(2021GG0250)

内蒙古自治区自然科学基金(2021MS06029)

内蒙古自治区科技计划项目(2020GG0104)

版权

收起

Research progress of intrusion detection methods in SDN

Rui LIU ^,¹ ,
Haifeng WANG ^,¹^,* ,
Chengwei ZHENG ¹ ,
Wenhong WU ¹ ,
Hengmao NIU ²

Expand

1. College of Information Engineering, Inner Mongolia University of Technology, Hohhot 010080, China
2. Inner Mongolia Vocational and Technical College of Architecture, School of Architectural Engineering and Surveying and Mapping, Hohhot 010020, China

Received date: 2024-05-27

Online published: 2025-06-25

Copyright

Fold

摘要

入侵检测作为软件定义网络(software defined networks，SDN)架构的关键安全防护手段，能有效保障SDN安全稳定运行。通过汇总基于机器学习、基于深度学习、基于强化学习和基于信息熵的入侵检测方法，总结并分析SDN环境中仍存在的问题总结并分析了SDN环境中仍存在的问题：单控制器易受网络威胁、缺乏可扩展性、缺乏缓解和预防的方法、缺乏低速率DDoS的攻击检测、缺乏用于训练的SDN特定数据集、应用层的防御方法较少，并指出了未来的研究方向。

关键词： 软件定义网络; 入侵检测; 机器学习; 深度学习; 强化学习; 信息熵

本文引用格式

刘瑞 , 王海凤 , 郑承蔚 , 武文红 , 牛恒茂 . SDN中入侵检测方法研究进展[J]. 科技导报, 2025 , 43(10) : 76 -93 . DOI: 10.3981/j.issn.1000-7857.2024.05.00570

参考文献

原文顺序 | 文献年度倒序 | 文中引用次数倒序

1	Liao H J , Lin C H R , Lin Y C , et al. Intrusion detection system: A comprehensive review[J]. Journal of Network and Computer Applications, 2013, 36 (1): 16- 24. DOI

2	Software defined networking market size, share and global market forecast to 2025[EB/OL]. (2021-02-14)[2024-01-04]. https://www.marketsandmarkets.com/.

3	Kreutz D , Ramos F M V , Veríssimo P E , et al. Software-defined networking: A comprehensive survey[J]. Proceedings of the IEEE, 2015, 103 (1): 14- 76. DOI

4	Aburomman A A, Bin Ibne Reaz M. Survey of learning methods in intrusion detection systems[C]//Proceedings of International Conference on Advances in Electrical, Electronic and Systems Engineering (ICAEES). Piscataway, NJ: IEEE, 2016: 362-365.

5	陈晓帆, 黎志勇, 李宁. 基于软件定义网络的恶意网站防护系统[J]. 科技导报, 2015, 33 (5): 93- 99. DOI

6	翟亚红, 崔峻玮. 软件定义网络安全研究进展[J]. 科技导报, 2023, 41 (13): 76- 88. DOI

7	Scott-Hayward S , Natarajan S , Sezer S . A survey of security in software defined networks[J]. IEEE Communications Surveys & Tutorials, 2016, 18 (1): 623- 654.

8	Braun W , Menth M . Software-defined networking using OpenFlow: Protocols, applications and architectural design choices[J]. Future Internet, 2014, 6 (2): 302- 336. DOI

9	Hamarsheh A . An adaptive security framework for Internet of Things networks leveraging SDN and machine learning[J]. Applied Sciences, 2024, 14 (11): 4530. DOI

10	Yungaicela-Naula N M , Vargas-Rosales C , Perez-Diaz J A . SDN-based architecture for transport and application layer DDoS attack detection by using machine and deep learning[J]. IEEE Access, 2021, 9: 108495- 108512. DOI

11	Sheibani M , Konur S , Awan I , et al. A multi-layered defence strategy against DDoS attacks in SDN/NFV-based 5G mobile networks[J]. Electronics, 2024, 13 (8): 1515. DOI

12	Abdi A H , Audah L , Salh A , et al. Security control and data planes of SDN: A comprehensive review of traditional, AI, and MTD approaches to security solutions[J]. IEEE Access, 2024, 12: 69941- 69980. DOI

13	Hauser F , Schmidt M , Häberle M , et al. P4-MACsec: Dynamic topology monitoring and data layer protection with MACsec in P4-based SDN[J]. IEEE Access, 2020, 8: 58845- 58858. DOI

14	Abdulkarem H S, Dawod A. DDoS attack detection and mitigation at SDN data plane layer[C]//Proceedings of 2nd Global Power, Energy and Communication Conference (GPECOM). Piscataway, NJ: IEEE, 2020: 322-326.

15	李道全, 杨乾乾, 鲁晓夫. 基于决策树的SDN网络入侵分类检测模型[J]. 计算机工程与设计, 2022, 43 (8): 2146- 2152.

16	Jeba Praba J , Sridaran R . An SDN-based decision tree detection (DTD) model for detecting DDoS attacks in cloud environment[J]. International Journal of Advanced Computer Science and Applications, 2022, 13 (7): 23- 40.

17	Janabi A H , Kanakis T , Johnson M . Overhead reduction technique for software-defined network based intrusion detection systems[J]. IEEE Access, 1851, 10: 66481- 66491.

18	Hadem P , Saikia D K , Moulik S . An SDN-based intrusion detection system using SVM with selective logging for IP traceback[J]. Computer Networks, 2021, 191: 108015. DOI

19	Madathi M , Harini R , Monikaa R , et al. Detection of DDoS attack in SDN environment using KNN algorithm[J]. Inter-national Journal of Research and Analytical Reviews, 2022, 9 (2): 252- 257.

20	Qian H Z , Cai L L . Improved K-means-based solution for detecting DDoS attacks in SDN[J]. Physical Communication, 2024, 64: 102318. DOI

21	Xu Y H , Sun H T , Xiang F , et al. Efficient DDoS detection based on K-FKNN in software defined networks[J]. IEEE Access, 2019, 7: 160536- 160545. DOI

22	Sahoo K S , Tripathy B K , Naik K , et al. An evolutionary SVM model for DDOS attack detection in software defined networks[J]. IEEE Access, 2020, 8: 132502- 132513. DOI

23	Sudar K M, Beulah M, Deepalakshmi P, et al. Detection of Distributed Denial of Service Attacks in SDN using Machine learning techniques[C]// Proceedings of International Conference on Computer Communication and Informatics (ICCCI). Piscataway, NJ: IEEE, 2021: 1-5.

24	Vetriselvi V, Shruti P S, Abraham S. Two-level intrusion detection system in SDN using machine learning[M]// Lecture Notes in Electrical Engineering. Singapore: Springer Singapore, 2018: 449-461.

25	胡睿, 徐芹宝, 王昌达. SDN中一种基于机器学习的DDoS入侵检测与防御方法[J]. 计算机与数字工程, 2023, 51 (7): 1590- 1596.

26	Singh A , Kaur H , Kaur N . A novel DDoS detection and mitigation technique using hybrid machine learning model and redirect illegitimate traffic in SDN network[J]. Cluster Computing, 2024, 27 (3): 3537- 3557. DOI

27	Arthi R , Krishnaveni S , Zeadally S . An intelligent SDN-IoT enabled intrusion detection system for healthcare systems using a hybrid deep learning and machine learning approach[J]. China Communications, 2024, 21 (10): 1- 21.

28	Satheesh N , Rathnamma M V , Rajeshkumar G , et al. Flow-based anomaly intrusion detection using machine learning model with software defined networking for Open-Flow network[J]. Microprocessors and Microsystems, 2020, 79: 103285. DOI

29	Santos-Neto M J , Bordim J L , Alchieri E A P , et al. DDoS attack detection in SDN: Enhancing entropy-based detection with machine learning[J]. Concurrency and Computation: Practice and Experience, 2024, 36 (11): e8021. DOI

30	Makuvaza A , Jat D S , Gamundani A M . Deep neural network (DNN) solution for real-time detection of distributed denial of service (DDoS) attacks in software defined networks (SDNs)[J]. SN Computer Science, 2021, 2 (2): 107. DOI

31	Al Razib M , Javeed D , Khan M T , et al. Cyber threats detection in smart environments using SDN-enabled DNN-LSTM hybrid framework[J]. IEEE Access, 2022, 10: 53015- 53026. DOI

32	Albahar M . Recurrent neural network model based on a new regularization technique for real-time intrusion detection in SDN environments[J]. Security and Communication Networks, 2019, 2019: 8939041.

33	Ravi V , Chaganti R , Alazab M . Deep learning feature fusion approach for an intrusion detection system in SDN-based IoT networks[J]. IEEE Internet of Things Magazine, 2022, 5 (2): 24- 29. DOI

34	ElSayed M S , Le-Khac N A , Ali Albahar M , et al. A novel hybrid model for intrusion detection systems in SDNs based on CNN and a new regularization technique[J]. Journal of Network and Computer Applications, 2021, 191: 103160. DOI

35	Lee S. AE-NIDS: Automated evolving SDN-based network intrusion detection system[EB/OL]. [2023-02-02]. https://2020.eurosys.org/wp-content/uploads/2020/04/eurosys20posters-final35-abstract.pdf.

36	Yao R Z , Wang N , Liu Z H , et al. Intrusion detection system in the smart distribution network: A feature engineering based AE-LightGBM approach[J]. Energy Reports, 2021, 7: 353- 361. DOI

37	Ezeh D A , de Oliveira J . An SDN controller-based frame-work for anomaly detection using a GAN ensemble algo-rithm[J]. Infocommunications Journal, 2023, 15 (2): 29- 36. DOI

38	Khekare G , Kumar K P , Prasanthi K N , et al. Optimizing network security and performance through the integration of hybrid GAN-RNN models in SDN-based access control and traffic engineering[J]. International Journal of Advanced Computer Science and Applications, 2023, 14 (12): 117- 128.

39	吕星璇, 韩俐. SDN环境下基于PCA-DNN的扫描攻击检测模型研究[J]. 天津理工大学学报, 2022, 38 (1): 43- 48.

40	Alhilo A M J , Koyuncu H . Enhancing SDN anomaly detection: A hybrid deep learning model with SCA-TSO optimization[J]. International Journal of Advanced Computer Science and Applications, 2024, 15 (5): 98- 107.

41	Chen J, Cui M. Multi-class intrusion detection system in SDN based on hybrid LSTM model[M]// Communications in Computer and Information Science. Singapore: Springer Nature Singapore, 2024: 99-111.

42	Sri vidhya G , Nagarajan R . A novel bidirectional LSTM model for network intrusion detection in SDN-IoT network[J]. Computing, 2024, 106 (8): 2613- 2642. DOI

43	Javeed D , Gao T H , Khan M T . SDN-enabled hybrid DL-driven framework for the detection of emerging cyber threats in IoT[J]. Electronics, 2021, 10 (8): 918. DOI

44	Malik J , Akhunzada A , Bibi I , et al. Hybrid deep learning: An efficient reconnaissance and surveillance detection mechanism in SDN[J]. IEEE Access, 2020, 8: 134695- 134706. DOI

45	Wang H M , Li W . DDosTC: A transformer-based network attack detection hybrid mechanism in SDN[J]. Sensors, 2021, 21 (15): 5047. DOI

46	Goud K S, Rao G S. Towards an efficient DDoS attack detection in SDN: An approach with CNN-GRU fusion[C]// Proceedings of Fourth International Conference on Advances in Electrical, Computing, Communication and Sustainable Technologies (ICAECT). Piscataway, NJ: IEEE, 2024: 1-10.

47	Lee T H, Chang L H, Syu C W. Deep learning enabled intrusion detection and prevention system over SDN networks [C]//Proceedings of IEEE International Conference on Communications Workshops (ICC Workshops). Piscataway, NJ: IEEE, 2020: 1-6.

48	Chen L , Wang Z H , Huo R , et al. An adversarial DBN-LSTM method for detecting and defending against DDoS attacks in SDN environments[J]. Algorithms, 2023, 16 (4): 197. DOI

49	Zhang Y L, Wu X M, Dong H M. TIBS: A deep-learning model for network intrusion detection for SDN environ-ments[C]//Proceedings of 9th International Conference on Computer and Communication Systems (ICCCS). Piscataway, NJ: IEEE, 2024: 419-426.

50	Clifton J , Laber E . Q-learning: Theory and applications[J]. Annual Review of Statistics and Its Application, 2020, 7: 279- 301. DOI

51	Nguyen H H, Nguyen T G, Hoang D T, et al. CARS: Dynamic cyber-attack reaction in SDN-based networks with Q-learning[C]//Proceedings of International Conference on Advanced Technologies for Communications (ATC). Piscataway, NJ: IEEE, 2021: 156-161.

52	Phan T V , Bauschert T . DeepAir: Deep reinforcement learning for adaptive intrusion response in software-defined networks[J]. IEEE Transactions on Network and Service Management, 2022, 19 (3): 2207- 2218. DOI

53	Arif F , Khan N A , et al. DQQS: Deep reinforcement learning-based technique for enhancing security and performance in SDN-IoT environments[J]. IEEE Access, 2024, 12: 60568- 60587. DOI

54	Mnih V , Kavukcuoglu K , Silver D , et al. Human-level control through deep reinforcement learning[J]. Nature, 2015, 518 (7540): 529- 533. DOI

55	Phan T V , Nguyen T G , Dao N N , et al. DeepGuard: Efficient anomaly detection in SDN with fine-grained traffic flow monitoring[J]. IEEE Transactions on Network and Service Management, 2020, 17 (3): 1349- 1362. DOI

56	Schulman J, Wolski F, Dhariwal P, et al. Proximal policy optimization algorithms[EB/OL]. [2024-01-05]. https://arxiv.org/abs/1707.06347v2.

57	Shen J H, Zhang T, Zhang B C, et al. PPO-RM: Proximal policy optimization based route mutation for multimedia services[C]//Proceedings of International Wireless Commu-nications and Mobile Computing (IWCMC). Piscataway, NJ: IEEE, 2021: 35-40.

58	Zolotukhin M, Kumar S, Hämäläinen T. Reinforcement learning for attack mitigation in SDN-enabled networks [C]//Proceedings of 6th IEEE Conference on Network Soft-warization (NetSoft). Piscataway, NJ: IEEE, 2020: 282-286.

59	Li M , Deng S X , Zhou H C , et al. A path selection scheme for detecting malicious behavior based on deep reinforcement learning in SDN/NFV-Enabled network[J]. Computer Networks, 2023, 236: 110034. DOI

Allakany A, Yadav G, Paul K, et al. Detection and mitigation of LFA attack in SDN-iot network[C]//Web, artificial intelligence and network applications: Proceedings of the workshops of the 34th international conference on advanced information networking and applications(WAINA-2020). Cham: Springer International Publishing, 2020: 1087-1096.

61	Wang J S , Liu Y , Zhang W T , et al. ReLFA: Resist link flooding attacks via renyi entropy and deep reinforcement learning in SDN-IoT[J]. China Communications, 2022, 19 (7): 157- 171. DOI

62	Sampaio L S R, Faustini P H A, Silva A S, et al. Using NFV and reinforcement learning for anomalies detection and miti-gation in SDN[C]//Proceedings of IEEE Symposium on Computers and Communications (ISCC). Piscataway, NJ: IEEE, 2018: 432-437.

63	Kim S , Yoon S , Lim H . Deep reinforcement learning-based traffic sampling for multiple traffic analyzers on software-defined networks[J]. IEEE Access, 2021, 9: 47815- 47827. DOI

64	Dake D K , Gadze J D , Klogo G S , et al. Multi-agent rein-forcement learning framework in SDN-IoT for transient load detection and prevention[J]. Technologies, 2021, 9 (3): 44. DOI

65	Mohanad M , et al. Intrusion detection in software-defined networks: Leveraging deep reinforcement learning with graph convolutional networks for resilient infrastructure[J]. Fusion: Practice and Applications, 2024, 15 (1): 78- 87. DOI

66	Paidipati K K , Kurangi C , Uthayakumar J , et al. Ensemble of deep reinforcement learning with optimization model for DDoS attack detection and classification in cloud based soft-ware defined networks[J]. Multimedia Tools and Applications, 2024, 83 (11): 32367- 32385.

67	Dey S K, Uddin M R, Rahman M M. Performance analysis of SDN-based intrusion detection model with feature selection approach[M]//Uddin M S, Bansal J C, eds. Algorithms for Intelligent Systems. Singapore: Springer Nature Singapore, 2019: 483-494.

68	Yadav A, Kori A S, G N D, et al. A hybrid approach for detection of DDoS attacks using entropy and machine learning in software defined networks[C]//Proceedings of 12th International Conference on Computing Communication and Networking Technologies (ICCCNT). Piscataway, NJ: IEEE, 2021: 1-7.

69	Mohammad H M, Abdullah A A. DDoS attack mitigation using entropy in SDN-IoT environment[C]//Proceedings of AIP Conference Proceedings", "AL-Kadhum 2ND International Conference on Modern Applications of Information and Communication Technology. Baghdad: AIP Publishing, 2023: 56-67.

70	Zhang L , Wang J S . A hybrid method of entropy and SSAE-SVM based DDoS detection and mitigation mechanism in SDN[J]. Computers & Security, 2022, 115: 102604.

71	Shohani R B , Mostafavi S , Hakami V . A statistical model for early detection of DDoS attacks on random targets in SDN[J]. Wireless Personal Communications, 2021, 120 (1): 379- 400. DOI

72	Fan C , Kaliyamurthy N M , Chen S , et al. Detection of DDoS attacks in software defined networking using entropy[J]. Applied Sciences, 2021, 12 (1): 370. DOI

73	Niknami N , Wu J . Entropy-KL-ML: Enhancing the entropy-KL-based anomaly detection on software-defined networks[J]. IEEE Transactions on Network Science and Engineering, 2022, 9 (6): 4458- 4467. DOI

74	Liu Y , Zhi T , Shen M , et al. Software-defined DDoS detection with information entropy analysis and optimized deep learning[J]. Future Generation Computer Systems, 2022, 129: 99- 114. DOI

75	Aladaileh M , Anbar M , Hasbullah I H , et al. Entropy-based approach to detect DDoS attacks on software defined networking controller[J]. Computers, Materials & Continua, 2021, 69 (1): 373- 391.

76	Ujjan R M , Pervez Z , Dahal K , et al. Entropy based features distribution for anti-DDoS model in SDN[J]. Sustainability, 2021, 13 (3): 1522. DOI

77	Ladigatti A, Merawade V, Jain S, et al. Mitigation of DDoS attacks in SDN using access control list, entropy and puzzle-based mechanisms[C]//Proceedings of International Conference on Applied Intelligence and Sustainable Computing (ICAISC). Piscataway, NJ: IEEE, 2023: 1-8.

78	Tian Q W , Miyata S . A DDoS attack detection method using conditional entropy based on SDN traffic[J]. IoT, 2023, 4 (2): 95- 111. DOI

79	Ahalawat A , Babu K S , Turuk A K , et al. A low-rate DDoS detection and mitigation for SDN using Renyi Entropy with Packet Drop[J]. Journal of Information Security and Applications, 2022, 68: 103212. DOI

80	Mhamdi L , Isa M M . Securing SDN: Hybrid autoencoder-random forest for intrusion detection and attack mitigation[J]. Journal of Network and Computer Applications, 2024, 225: 103868. DOI

81	Hassan A I , El Reheem E A , Guirguis S K . An entropy and machine learning based approach for DDoS attacks detection in software defined networks[J]. Scientific Reports, 2024, 14 (1): 18159. DOI

82	肖建平, 龙春, 赵静, 等. 基于深度学习的网络入侵检测研究综述[J]. 数据与计算发展前沿, 2021, 3 (3): 59- 74.

83	Bawany N Z , Shamsi J A , Salah K . DDoS attack detection and mitigation using SDN: Methods, practices, and solutions[J]. Arabian Journal for Science and Engineering, 2017, 42 (2): 425- 441. DOI

84	Akyildiz I F , Lee A , Wang P , et al. Research challenges for traffic engineering in software defined networks[J]. IEEE Network, 2016, 30 (3): 52- 58. DOI

85	Santos da Silva A, Wickboldt J A, Granville L Z, et al. ATLANTIC: A framework for anomaly traffic detection, classification, and mitigation in SDN[C]//Proceedings of NOMS 2016-2016 IEEE/IFIP Network Operations and Management Symposium. Piscataway, NJ: IEEE, 2016: 27-35.

86	Tuan N N , Hung P H , Nghia N D , et al. A DDoS attack mitigation scheme in ISP networks using machine learning based on SDN[J]. Electronics, 2020, 9 (3): 413. DOI

87	Pérez-Díaz J A , Valdovinos I A , Choo K K R , et al. A flexible SDN-based architecture for identifying and mitigating low-rate DDoS attacks using machine learning[J]. IEEE Access, 2020, 8: 155859- 155872. DOI

88	Tang T A , Mhamdi L , McLernon D , et al. DeepIDS: Deep learning approach for intrusion detection in software defined networking[J]. Electronics, 2020, 9 (9): 1533. DOI

89	Zhou L , Liao M C , Yuan C , et al. Low-rate DDoS attack detection using expectation of packet size[J]. Security and Communication Networks, 2017, 2017: 3691629.

90	Cui Y H , Qian Q , Guo C , et al. Towards DDoS detection mechanisms in software-defined networking[J]. Journal of Network and Computer Applications, 2021, 190: 103156. DOI

91	Phan T V , Park M . Efficient distributed denial-of-service attack defense in SDN-based cloud[J]. IEEE Access, 2019, 7: 18701- 18714. DOI

92	Wu Z J , Xu Q , Wang J J , et al. Low-rate DDoS attack detection based on factorization machine in software defined network[J]. IEEE Access, 2020, 8: 17404- 17418. DOI

Options

文章导航

摘要

本文引用格式

参考文献

联系我们

访问统计

模态框（Modal）标题

摘要

本文引用格式

参考文献

联系我们

访问统计