Anomaly Traffic Detection Based on Improved Bidirectional TCN Model  in Software Defined Network

Journal of Information Security Reserach ›› 2026, Vol. 12 ›› Issue (4): 303-.

Previous Articles Next Articles

Anomaly Traffic Detection Based on Improved Bidirectional TCN Model in Software Defined Network

Sun Xuan1, Li Caixia1, Li Jun1, Ren Yawei1, Dai Haiying2, Yu Guo3, and Zhou Hao3

1(School of Computer, Beijing Information Science and Technology University, Beijing 102206)
2(State Grid Xinyuan Holdings Co. Ltd. Maintenance Branch, Beijing 100053)
3(Key Laboratory of Industrial Information Security Perception and Evaluation Technology, Ministry of Industry and Information Technology, Electronic Technology Information Research Institute of MIIT, Beijing 100040)

Online:2026-04-07 Published:2026-04-07

基于改进双向TCN模型的SDN异常流量检测

孙璇1李彩霞1李军1任亚唯1代海英2余果3周昊3

1(北京信息科技大学计算机学院北京102206)
2(国网新源控股有限公司检修分公司北京100053)
3(国家工业信息安全发展研究中心工业信息安全感知与评估技术工业和信息化部重点实验室北京100040)

通讯作者: 孙璇博士，副教授.主要研究方向为人工智能、网络安全. sunxuan@bistu.edu.cn
作者简介:孙璇博士，副教授.主要研究方向为人工智能、网络安全. sunxuan@bistu.edu.cn 李彩霞硕士研究生.主要研究方向为网络安全. 2023020965@bistu.edu.cn 李军博士，教授.主要研究方向为人工智能安全、网络安全. lijun@bistu.edu.cn 任亚唯博士，副教授.主要研究方向为密码学与网络安全、人工智能安全. ryw@bistu.edu.cn 代海英高级工程师.主要研究方向为信息管理与网络安全. 17337853@qq.com 余果硕士，工程师.主要研究方向为工业信息安全、工业互联网安全. yuguo_wk@foxmail.com 周昊硕士，工程师.主要研究方向为工业信息安全、工业互联网安全. zhouhao39@hotmail.com
基金资助:
国网新源控股有限公司科技项目(SGXYKJ2025033)

Abstract

Abstract: The centralized control feature of software defined network (SDN) technology enhances the efficiency of network management while also bringing more severe security threats. Accurately detecting abnormal traffic in the SDN network is critical for network security. To address the vulnerabilities of SDN networks to various attacks and the insufficient ability of existing methods in modeling the temporal characteristics of abnormal traffic, this paper proposes an abnormal traffic detection method suitable for the SDN environment. This method takes the fivetuple of the flow (source IP address, destination IP address, source port number, destination port number, transport layer protocol) as the division basis. The length sequence of data packets is extracted as the core temporal features. Based on the improved bidirectional temporal convolutional network (BiTCN), by changing the ELU activation function and adding a residual block in the original TCN structure, and simultaneously integrating the multihead squeeze excitation mechanism (MSE) to enhance the feature modeling ability, the identification of abnormal behaviors is achieved. The experimental results show that the method proposed in this paper achieves good effects on the public SDN dataset, and its accuracy, precision and other indicators are superior to the traditional baseline models.

Key words: abnormal traffic detection, software defined network (SDN), data packet length, deep learning

摘要： 软件定义网络(software defined network, SDN)技术的集中控制特性在提升网络管理效率的同时也带来更加严峻的安全威胁，准确地检测出SDN网络中的异常流量对网络安全至关重要.针对SDN网络可能遭受的网络攻击以及现有方法异常流量时序建模能力不足等问题，提出一种适用于SDN环境下的异常流量检测方法.该方法以流的五元组(源IP地址，目的IP地址，源端口号，目的端口号，传输层协议)为划分依据，提取数据包长度序列作为核心时序特征，并基于改进的双向时间卷积网络(bidirectional temporal convolutional network, BiTCN)，通过改用ELU激活函数并在原有时间卷积网络(temporal convolutional network, TCN)结构中增加一层残差网络，同时融合多头挤压激励机制(multihead squeeze excitation, MSE)以增强特征建模能力，实现对异常行为的识别.实验结果表明，该方法在公开SDN数据集上取得良好效果，其准确率、精确率等指标优于传统基线模型.

关键词: 异常流量检测, 软件定义网络, 数据包长度, 深度学习, 时间卷积网络

CLC Number:

TP309

孙璇, 李彩霞, 李军, 任亚唯, 代海英, 余果, 周昊, . 基于改进双向TCN模型的SDN异常流量检测[J]. 信息安全研究, 2026, 12(4): 303-.

References

［1］杨心怡, 池亚平, 王志强. 基于多层Sketch的SDN网络流量测量技术研究［J］. 信息安全研究, 2024, 10(9): 840848［2］叶鑫豪, 周纯杰, 朱美潘, 等. DDoS攻击下基于SDN的工业控制系统边云协同信息安全防护方法［J］. 信息安全研究, 2021, 7(9): 861870［3］付钰, 王坤, 段雪源, 等. 面向软件定义网络的异常流量检测研究综述［J］. 通信学报, 2024, 45(3): 208226［4］Kalkan K, Altay L, Gur G, et al. JESS: Joint entropybased DDoS defense scheme in SDN［J］. IEEE Journal on Selected Areas in Communications, 2018, 36(10): 23582372［5］Tang D, Wang X, Yan Y, et al. ADMS: An online attack detection and mitigation system for LDoS attacks via SDN［J］. Computer Communications, 2022, 181: 454471［6］Phan T V, Nguyen T G, Dao N N, et al. DeepGuard: Efficient anomaly detection in SDN with finegrained traffic flow monitoring［J］. IEEE Trans on Network and Service Management, 2020, 17(3): 13491362［7］Assis M V, Carvalho L F, Lloret J, et al. A GRU deep learning system against attacks in software defined networks［J］. Network and Computer Applications, 2021, 177: 113［8］Novaes M P, Carvalho L F, Lloret J, et al. Adversarial deep learning approach detection and defense against DDoS attacks in SDN environments［J］. Future Generation Computer Systems, 2021, 125: 156167［9］Zhang P, He F, Zhang H, et al. Realtime malicious traffic detection with online isolation forest over SDWAN［J］. IEEE Trans on Information Forensics and Security, 2023, 18: 20762090［10］Wang P, Wang Z, Ye F, et al. ByteSGAN: A semisupervised generative adversarial network for encrypted traffic classification in SDN Edge Gateway［J］. Computer Networks, 2021, 200: 108535［11］Liu Z, Mao J, Zeng J, et al. ProvGuard: Detecting SDN control policy manipulation via contextual semantics of provenance graphs［C］ Proc of the Network and Distributed System Security (NDSS). San Diego, CA: Internet Society, 2025: 117［12］Elsayed M S, LeKhac N A, Jurcut A D. InSDN: A novel SDN intrusion dataset［J］. IEEE Access, 2020, 8: 165263165284［13］Roy B, Cheung H. A deep learning approach for intrusion detection in Internet of things using bidirectional long shortterm memory recurrent neural network［C］ Proc of the 28th Int Telecommunication Networks and Applications Conference (ITNAC). Piscataway, NJ: IEEE, 2018: 16［14］Chen J, Yin S, Cai S, et al. An efficient network intrusion detection model based on temporal convolutional networks［C］ Proc of the 21st IEEE Int Conf on Software Quality, Reliability and Security. Piscataway, NJ: IEEE, 2021: 768775［15］Chen J, Lv T, Cai S, et al. A novel detection model for abnormal network traffic based on bidirectional temporal convolutional network［J］. Information and Software Technology, 2023, 157: 107166

[1]	. Research on Log Anomaly Detection Method Integrating Semantic Features [J]. Journal of Information Security Reserach, 2026, 12(4): 383-.
[2]	. Research on Adaptive Hierarchical Neural Network Backdoor Defense Method [J]. Journal of Information Security Reserach, 2026, 12(4): 359-.
[3]	. Research on Twostage Network Intrusion Detection Method for Outofdistribution Traffic Data [J]. Journal of Information Security Reserach, 2026, 12(3): 265-.
[4]	. Smart Contract Vulnerabilities Based on Differential Evolutionary Algorithms and Solution Time Prediction Detection#br# [J]. Journal of Information Security Reserach, 2026, 12(1): 24-.
[5]	. Internet of Things Intrusion Detection Model Based on Federated Learning [J]. Journal of Information Security Reserach, 2025, 11(9): 788-.
[6]	. Fake News Detection Model Based on Crossmodal Attention Mechanism and#br# Weaksupervised Contrastive Learning#br# [J]. Journal of Information Security Reserach, 2025, 11(8): 693-.
[7]	. Encrypted Traffic Detection Method Based on Knowledge Distillation [J]. Journal of Information Security Reserach, 2025, 11(8): 702-.
[8]	. Deep Learningbased Method for Encrypted Website Fingerprinting [J]. Journal of Information Security Reserach, 2025, 11(4): 304-.
[9]	. Research on Dataenhanced Multimodal False Information #br# Detection Framework#br# [J]. Journal of Information Security Reserach, 2025, 11(4): 377-.
[10]	. Privacypreserving Federated Learning Research Based on #br# Confused Modulo Projection Homomorphic Encryption#br# [J]. Journal of Information Security Reserach, 2025, 11(3): 198-.
[11]	. Design of Adversarial Attack Scheme Based on YOLOv8 Object Detector [J]. Journal of Information Security Reserach, 2025, 11(3): 221-.
[12]	. Fake Face Detection Method Based on ConvNeXt [J]. Journal of Information Security Reserach, 2025, 11(3): 231-.
[13]	. Research on Deep Learningbased Spatiotemporal Feature Fusion Network Intrusion Detection Model [J]. Journal of Information Security Reserach, 2025, 11(2): 122-.
[14]	. A Malicious TLS Traffic Detection Method with Multimodal Features [J]. Journal of Information Security Reserach, 2025, 11(2): 130-.
[15]	. Robust Malicious Encrypted Traffic Detection Method Based on Dual Confidence Sample Selection [J]. Journal of Information Security Reserach, 2025, 11(10): 924-.

Anomaly Traffic Detection Based on Improved Bidirectional TCN Model in Software Defined Network

基于改进双向TCN模型的SDN异常流量检测

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics