Intelligent Network Element: A Programmable Switch Based on Machine Learning to Defend Against DDoS Attacks

IF 6.9 3区管理学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS Information Systems Frontiers Pub Date : 2025-01-14 DOI:10.1007/s10796-024-10577-9

Jingfu Yan, Huachun Zhou, Weilin Wang

{"title":"Intelligent Network Element: A Programmable Switch Based on Machine Learning to Defend Against DDoS Attacks","authors":"Jingfu Yan, Huachun Zhou, Weilin Wang","doi":"10.1007/s10796-024-10577-9","DOIUrl":null,"url":null,"abstract":"<p>The proposed native intelligent network by 6G networks has provided a boost to network security capabilities. Unlike intelligent networks built by intelligent network elements, plug-in AI applications require transmission bandwidth for traffic analysis and consume computation and storage resources of security devices. This cannot meet the real-time requirements for detecting and processing DDoS attacks. This paper proposes the intelligent network element that combines programmable switch technology and AI algorithms. The intelligent network element is used to build a distributed intelligent network defense system that analyzes the packet header information of the traffic to classify the packets, thus realizing network intelligence at the network layer. We analyzes a total of 14 types of DDoS attack traffic categorized into application layer DDoS, low-rate DDoS, and DRDoS. The machine learning model is used to sink to the network layer.In conclusion, the performance of the k-means, random forest, and decision tree algorithms is evaluated by comparing the performance of single-point and multi-point deployment scenarios on intelligent network elements in multiple dimensions. The results demonstrate that the multi-point intelligent network element system can reduce the packet loss rate by approximately 10% when the client transmits packets at a rate of 1000 pkts/s, while exhibiting a slight increase in resource consumption. This enables the intelligent network element detection accuracy to reach 98.03%.</p>","PeriodicalId":13610,"journal":{"name":"Information Systems Frontiers","volume":"75 1","pages":""},"PeriodicalIF":6.9000,"publicationDate":"2025-01-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Systems Frontiers","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s10796-024-10577-9","RegionNum":3,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The proposed native intelligent network by 6G networks has provided a boost to network security capabilities. Unlike intelligent networks built by intelligent network elements, plug-in AI applications require transmission bandwidth for traffic analysis and consume computation and storage resources of security devices. This cannot meet the real-time requirements for detecting and processing DDoS attacks. This paper proposes the intelligent network element that combines programmable switch technology and AI algorithms. The intelligent network element is used to build a distributed intelligent network defense system that analyzes the packet header information of the traffic to classify the packets, thus realizing network intelligence at the network layer. We analyzes a total of 14 types of DDoS attack traffic categorized into application layer DDoS, low-rate DDoS, and DRDoS. The machine learning model is used to sink to the network layer.In conclusion, the performance of the k-means, random forest, and decision tree algorithms is evaluated by comparing the performance of single-point and multi-point deployment scenarios on intelligent network elements in multiple dimensions. The results demonstrate that the multi-point intelligent network element system can reduce the packet loss rate by approximately 10% when the client transmits packets at a rate of 1000 pkts/s, while exhibiting a slight increase in resource consumption. This enables the intelligent network element detection accuracy to reach 98.03%.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

智能网络元素：基于机器学习的可编程交换机，抵御 DDoS 攻击

6G网络提出的原生智能网络，提升了网络安全能力。与智能网元构建的智能网络不同，外挂AI应用需要传输带宽进行流量分析，消耗安全设备的计算和存储资源。这无法满足检测和处理DDoS攻击的实时性要求。本文提出了一种结合可编程交换技术和人工智能算法的智能网元。智能网元用于构建分布式智能网络防御系统，通过分析流量的报文头信息，对报文进行分类，实现网络层的网络智能化。我们分析了14种类型的DDoS攻击流量，分为应用层DDoS、低速率DDoS和DRDoS。机器学习模型用于下沉到网络层。综上所述，通过在多个维度上比较智能网元上单点和多点部署场景的性能来评估k-means、随机森林和决策树算法的性能。结果表明，当客户端以1000 pkts/s的速率传输数据包时，多点智能网元系统可以将丢包率降低约10%，而资源消耗略有增加。使智能网元检测准确率达到98.03%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Information Systems Frontiers 工程技术-计算机：理论方法

CiteScore

13.30

自引率

18.60%

发文量

127

审稿时长

9 months

期刊介绍： The interdisciplinary interfaces of Information Systems (IS) are fast emerging as defining areas of research and development in IS. These developments are largely due to the transformation of Information Technology (IT) towards networked worlds and its effects on global communications and economies. While these developments are shaping the way information is used in all forms of human enterprise, they are also setting the tone and pace of information systems of the future. The major advances in IT such as client/server systems, the Internet and the desktop/multimedia computing revolution, for example, have led to numerous important vistas of research and development with considerable practical impact and academic significance. While the industry seeks to develop high performance IS/IT solutions to a variety of contemporary information support needs, academia looks to extend the reach of IS technology into new application domains. Information Systems Frontiers (ISF) aims to provide a common forum of dissemination of frontline industrial developments of substantial academic value and pioneering academic research of significant practical impact.