Network Traffic Measurement Based on Multilayer Sketch in SDN

Journal of Information Security Reserach ›› 2024, Vol. 10 ›› Issue (9): 840-.

Previous Articles Next Articles

Network Traffic Measurement Based on Multilayer Sketch in SDN

Yang Xinyi1, Chi Yaping1,2, and Wang Zhiqiang1

1(School of Cyberspace Security, Beijing Electronics Science & Technology Institute, Beijing 100070)
2(Key Laboratory of Network Assessment Technology, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093)

Online:2024-09-25 Published:2024-09-29

基于多层Sketch的SDN网络流量测量技术研究

杨心怡1池亚平1,2王志强1

1(北京电子科技学院网络空间安全系北京100070)
2(中国科学院信息工程研究所中国科学院网络测评技术重点实验室北京100093)

通讯作者: 王志强博士，副教授.主要研究方向为网络与系统安全. wangzq@besti.edu.cn
作者简介:杨心怡硕士研究生.主要研究方向为网络测量. xinyiy121@163.com 池亚平硕士，教授.主要研究方向为虚拟化安全、可信计算、加密技术、软件定义网络. chiyp_besti@163.com 王志强博士，副教授.主要研究方向为网络与系统安全. wangzq@besti.edu.cn

Abstract

Abstract: Network traffic measurement for large flow detection, mutation flow detection and base estimation is of great significance for ensuring network security. However, the current related research suffers from the problems of insufficient realtime performance and low measurement accuracy. In response to the above issues, this paper designs a network traffic measurement model based on Multiple Layer Sketch (ML Sketch). First, the model adopts an independently designed ML Sketch structure, which uses a categorized storage structure to improve the accuracy of traffic measurement. Second, we simulate the dynamic occurrence scenarios of traffic in SDN (Software Defined Network) environment using realtime traffic playback technology. Finally, realtime dynamic detection of large, mutating and base estimation classes of traffic is realized in the SDN control plane. The experimental results on UNSWNB15 show that compared with the traditional Sketch structure, the ML Sketch structure designed in this paper improves the F1_Score metric by up to 4.81% and reduces the correlation error by up to 81.12%, verifying the effectiveness of the model in this paper.

Key words: network measurement, SDN(software defined network), Sketch, traffic replay, network security

摘要： 针对大流检测、突变流检测和基数估计等的网络流量测量对保障网络安全具有重要意义.但当前相关研究存在实时性不足、测量精度不高等问题.针对上述问题，设计了一种基于多层Sketch(multiple layer sketch, ML Sketch)的网络流量测量模型.首先，该模型采用自主设计的ML Sketch结构，使用分类存储结构提高了流量测量的精度.其次，在SDN(software defined network)环境下利用流量实时回放技术，模拟了流量的动态发生场景.最后，在SDN控制平面实现了对大流、突变流和基数估计类流量的实时动态检测.在UNSWNB15上的实验结果表明，与传统Sketch结构相比，所设计的ML Sketch结构在F1_Score指标上最高提高4.81%，相关误差最高降低81.12%，验证了该模型的有效性.

关键词: 网络测量, SDN, Sketch, 流量回放, 网络安全

CLC Number:

TP399

杨心怡, 池亚平, 王志强, . 基于多层Sketch的SDN网络流量测量技术研究[J]. 信息安全研究, 2024, 10(9): 840-.

References

［1］AlShareeda M A, Alsadhan A A, Qasim H H, et al. Software defined networking for internet of things: Review, techniques, challenges, and future directions［J］. Bulletin of Electrical Engineering and Informatics, 2024, 13(1): 638647［2］李曼, 车向北, 张宗包, 等. 软件定义网络中基于XGBoost算法的DDoS攻击检测［J］. 信息安全研究, 2021, 7(11): 10311036［3］戴冕, 程光, 周余阳. 软件定义网络的测量方法研究［J］. 软件学报, 2019, 30(6): 18531874［4］乔冠杰, 吕高锋, 王宏, 等. Sketch统计方法研究［J］. 小型微型计算机系统, 2022, 43(2): 393398［5］Huang Q, Jin X, Lee P P C, et al. Sketchvisor: Robust network measurement for software packet processing［C］ Proc of the Conf of ACM Special Interest Group on Data Communication. New York: ACM, 2017: 113126［6］Cormode G, Muthukrishnan S. An improved data stream summary: The countmin sketch and its applications［J］. Journal of Algorithms, 2005, 55(1): 5875［7］Tang L, Huang Q, Lee P P C. MVSketch: A fast and compact invertible sketch for heavy flow detection in network data streams［C］ Proc of IEEE Conf on Computer Communications (INFOCOM 2019). Piscataway, NJ: IEEE, 2019: 20262034［8］Pagh R, Rodler F F. Cuckoo hashing［J］. Journal of Algorithms, 2004, 51(2): 122144［9］Moustafa N, Slay J. UNSWNB15: A comprehensive data set for network intrusion detection systems (UNSWNB15 network data set)［C］ Proc of 2015 Military Communications and Information Systems Conference (MilCIS). Piscataway, NJ: IEEE, 2015: 16［10］Estan C, Keys K, Moore D, et al. Building a better NetFlow［J］. ACM SIGCOMM Computer Communication Review, 2004, 34(4): 245256［11］Phaal P, Panchen S, McKee N. InMon corporation’s sFlow: A method for monitoring traffic in switched and routed networks［ROL］. 2001 ［20240318］. https:www.rfceditor.orgrfc3176.html［12］Goyal A, Daumé H. Lossy conservative update (LCU) sketch: Succinct approximate count storage［C］ Proc of the AAAI Conf on Artificial Intelligence. 2011, 25(1): 878883［13］Boyer R S, Moore J S. MJRTY—A fast majority vote algorithm［M］ Automated Reasoning: Essays in Honor of Woody Bledsoe. Berlin: Springer, 1991: 105117［14］Tang L, Huang Q, Lee P P C. SpreadSketch: Toward invertible and networkwide detection of superspreaders［C］ Proc of IEEE Conf on Computer Communications (INFOCOM 2020). Piscataway, NJ: IEEE, 2020: 16081617［15］Flajolet P, Martin G N. Probabilistic counting algorithms for data base applications［J］. Journal of Computer and System Sciences, 1985, 31(2): 182209

[1]	. Research on Risk Analysis of Opensource Software Supply Chain Security [J]. Journal of Information Security Reserach, 2024, 10(9): 862-.
[2]	. Research Advance and Challenges of Fuzzing Techniques [J]. Journal of Information Security Reserach, 2024, 10(7): 668-.
[3]	. Intelligent Fuzzy Testing Method Based on Sequence Generative Adversarial Networks [J]. Journal of Information Security Reserach, 2024, 10(6): 490-.
[4]	. Design of Vulnerability Tracking and Disposal Platform Based on Fine Management of Massive Assets [J]. Journal of Information Security Reserach, 2024, 10(6): 568-.
[5]	. Research on Data Reuse Model of Classified Protection of Cybersecurity Based on Data Mining [J]. Journal of Information Security Reserach, 2024, 10(4): 353-.
[6]	. Research on Banking DAO Digital Security Operation System [J]. Journal of Information Security Reserach, 2024, 10(4): 360-.
[7]	. Analysis of Security Blind Area of Large LAN#br# #br# [J]. Journal of Information Security Reserach, 2024, 10(4): 335-.
[8]	. Research and Implementation of Intelligent Permission Management [J]. Journal of Information Security Reserach, 2024, 10(10): 912-.
[9]	. Security and Privacy Protection in 6G Network: A Survey [J]. Journal of Information Security Reserach, 2023, 9(9): 822-.
[10]	. Design of Network Security Protection System for Meteorological Big Data Cloud Platform [J]. Journal of Information Security Reserach, 2023, 9(7): 701-.
[11]	. Research on Network Security Governance and Response of Largescale AI Model [J]. Journal of Information Security Reserach, 2023, 9(6): 551-.
[12]	. Research on Active Defense Method of Network Security Under APT Organization Attack Behavior [J]. Journal of Information Security Reserach, 2023, 9(5): 423-.
[13]	. Research on Security Risk Response for Internet of Body Applications [J]. Journal of Information Security Reserach, 2023, 9(5): 433-.
[14]	. A Unified Model for Information Extraction in the Field of Network Security for Small Samples [J]. Journal of Information Security Reserach, 2023, 9(11): 1067-.
[15]	. A Vulnerability Detecting Approach Based on Sanitizer Identification for Embedded Devices [J]. Journal of Information Security Reserach, 2023, 9(10): 954-.

Network Traffic Measurement Based on Multilayer Sketch in SDN

基于多层Sketch的SDN网络流量测量技术研究

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics