Computer detection intelligent mining algorithm for software defined networks

Abstract

The network security (NS) issues of software defined network (SDN) are becoming increasingly prominent. Traditional computer detection (for convenience, computer detection is abbreviated to CD) methods are usually based on rules and features, and cannot cope with new threats and unknown attacks. The purpose of this article is to analyze a CD intelligent mining algorithm (for convenience, intelligent mining algorithm is abbreviated to IMA) suitable for SDNs, and to optimize and improve the data acquisition difficulty, large data volume, dynamism, timeliness, and security issues of SDNs. On the basis of data preprocessing on the KDD (Data Mining and Knowledge Discovery) Cup 1999 dataset, this article constructed an architecture for CD IMAs. In the data intelligence layer, a combination of k-means algorithm and XGBoost (eXtreme Gradient Boosting) algorithm was used for computer network attack detection based on stream classification. Based on the preprocessed dataset, the k-means algorithm and its combination were trained and simulated. The effectiveness and performance optimization of the CD IMA analyzed in this article were verified by comparing it with traditional computer attack detection algorithms in terms of detection accuracy, CPU (Central Processing Unit) occupancy, detection time, and false detection rate. The experimental results showed that the accuracy of the CD IMAs analyzed in this article was over 80 %, and some even reached over 90 %. However, the accuracy of traditional computer attack detection algorithms has not reached 90 %. The detection time of traditional computer attack detection algorithms was all above 2 s, but some of the detection time of the algorithm in this article was within 2 s. The detection rate of the algorithms analyzed in this article was above 90 %, and the detection results were more accurate than traditional algorithms. This proved that the algorithm analyzed in this article can more effectively select optimized feature subsets, has good flow classification ability, and has high detection accuracy for different types of attacks. The CD IMA for SDNs has great potential and application prospects.