HGNM: Long-Short Term Flow Graph and Hybrid Graph Neural Network-based Saturation Attack Detection Method

doi:10.19678/j.issn.1000-3428.0069494

Abstract

Abstract:

The separation of the control and data planes in Software Defined Network (SDN) enables its widespread application in large-scale network scenarios such as data centers, the Internet of Things (IoT), and cloud networks. However, this decoupled network architecture exposes the network to saturation attacks. Detecting saturation attacks based on Graph Neural Network (GNN) is a popular research topic in SDN. Nevertheless, the commonly used k-Nearest Neighbors (k-NN) graph in GNN overlooks short-term flow features, failing to effectively aggregate node information and preventing the model from fully leveraging the temporal characteristics of flows. To enhance the accuracy of saturation attack detection by utilizing both long- and short-term flow features, this study proposes a saturation attack detection method called HGNM, based on long-short-term flow graphs and a hybrid GNN. This method collects long- and short-term flow features by setting two sampling times. Additionally, this study designs a long-short-term flow graph generation method, named LSGH, based on the gray relational coefficient to construct long-short-term flow graphs, ensuring that the flow graphs encompass all features of the flows. The study also devises a hybrid GNN model, GU-GCN, by paralleling the GRU and GCN to capture both the temporal and spatial features of the flows, thereby improving the model's accuracy in detecting saturation attacks. Experimental results demonstrate that, on the generated graphs, the LSGH method outperforms the k-NN and CRAM algorithms in effectively enhancing the detection accuracy of the model. Moreover, compared to the other models, the GU-GCN model exhibits performance improvements in terms of accuracy, precision, recall, F1-score, ROC curve, PR curve, and confusion matrix.

Key words: Software Defined Network (SDN), saturation attack detection, Graph Neural Network (GNN), long-short term flow graph, grey correlation coefficient

摘要：

软件定义网络(SDN)的控制平面与数据平面解耦, 该特性使其广泛应用于数据中心、物联网、云网络等大规模网络场景中。然而, 这种解耦的网络架构也使其面临饱和攻击的挑战。基于图神经网络(GNN)检测饱和攻击是SDN中的研究热点, 但目前GNN中常用的k近邻(k-NN)图忽略了短期流特征, 无法有效聚合节点信息, 使模型不能充分利用流的时间特征。为利用流的长短期特征提高饱和攻击检测精度, 提出一种基于长短期流图及混合GNN的饱和攻击检测方法HGNM。该方法通过设置2个采样时间来收集流的长短期特征, 同时基于灰色关联系数设计一种长短期流图生成方法LSGH以构建长短期流图, 使流图包含流的全部特征。此外, 设计一种混合GNN模型GU-GCN, 通过并联GRU与GCN来获取流的时间特征与空间特征, 从而提高模型检测饱和攻击的精度。实验结果表明: 在生成图上, 相比于k-NN算法和CRAM算法, LSGH方法能有效提高模型的检测精度; 与其他模型相比, GU-GCN模型在准确率、精确率、召回率、F1值、ROC曲线、PR曲线、混淆矩阵方面都有性能提升。

关键词: 软件定义网络, 饱和攻击检测, 图神经网络, 长短期流图, 灰色关联系数

LI Jiasong, CUI Yunhe, SHEN Guowei, GUO Chun, CHEN Yi, JIANG Chaohui. HGNM: Long-Short Term Flow Graph and Hybrid Graph Neural Network-based Saturation Attack Detection Method[J]. Computer Engineering, 2025, 51(8): 215-226.

李佳松, 崔允贺, 申国伟, 郭春, 陈意, 蒋朝惠. HGNM: 基于长短期流图及混合图神经网络的饱和攻击检测方法[J]. 计算机工程, 2025, 51(8): 215-226.

/ Recommend / Download Citations

URL: https://www.ecice06.com/EN/10.19678/j.issn.1000-3428.0069494

https://www.ecice06.com/EN/Y2025/V51/I8/215

Figures/Tables 11

Fig.1 Architecture of HGNM

Fig.2 Hybrid graph neural detection model

Fig.3 Experiment topology

Fig.4 ROC curves of LSGH, k -NN, and CRAM

Fig.5 PR curves of LSGH, k -NN, and CRAM

Fig.6 ROC curves of different models

Fig.7 PR curves of different models

Fig.8 Confusion matrix of different models

References 31

1	MALEH Y , QASMAOUI Y , EL GHOLAMI K , et al. A comprehensive survey on SDN security: threats, mitigations, and future directions. Journal of Reliable Intelligent Environments, 2023, 9 (2): 201- 239. doi: 10.1007/s40860-022-00171-8
2	曹健, 王兴伟, 黄敏, 等. 一种工业物联网多路径可靠路由机制. 小型微型计算机系统, 2023, 44 (4): 862- 867.
	CAO J , WANG X W , HUANG M , et al. Multi-path reliability routing mechanism for industrial Internet of Things. Journal of Chinese Computer Systems, 2023, 44 (4): 862- 867.
3	CONTI M, GANGWAL A, GAUR M S. A comprehensive and effective mechanism for DDoS detection in SDN[C]//Proceedings of the 13th IEEE International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob). Washington D.C., USA: IEEE Press, 2017: 1-8.
4	徐建峰, 王利明, 徐震. 软件定义网络中资源消耗型攻击及防御综述. 信息安全学报, 2020, 5 (4): 72- 95.
	XU J F , WANG L M , XU Z . Survey on resource consumption attacks and defenses in software-defined networking. Journal of Cyber Security, 2020, 5 (4): 72- 95.
5	KANNAN K, BANERJEE S. Compact TCAM: flow entry compaction in TCAM for power aware SDN[EB/OL]. [2024-02-05]. https://link.springer.com/chapter/10.1007/978-3-642-35668-1_32.
6	VISHNOI A, PODDAR R, MANN V, et al. Effective switch memory management in OpenFlow networks[C]//Proceedings of the 8th ACM International Conference on Distributed Event-Based Systems. New York, USA: ACM Press, 2014: 177-188.
7	KANDOIR, ANTIKAINEN M. Denial-of-service attacks in OpenFlow SDN networks[C]//Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management (IM). Washington D.C., USA: IEEE Press, 2015: 1322-1326.
8	陈兴蜀, 滑强, 王毅桐, 等. 云环境下SDN网络低速率DDoS攻击的研究. 通信学报, 2019, 40 (6): 210- 222.
	CHEN X S , HUA Q , WANG Y T , et al. Research on low-rate DDoS attack of SDN network in cloud environment. Journal on Communications, 2019, 40 (6): 210- 222.
9	徐玉华, 孙知信. 软件定义网络中的异常流量检测研究进展. 软件学报, 2020, 31 (1): 183- 207.
	XU Y H , SUN Z X . Research development of abnormal traffic detection in software defined networking. Journal of Software, 2020, 31 (1): 183- 207.
10	DENG A L , HOOI B . Graph neural network-based anomaly detection in multivariate time series. Proceedings of the AAAI Conference on Artificial Intelligence, 2021, 35 (5): 4027- 4035. doi: 10.1609/aaai.v35i5.16523
11	ZHENG J W, LI D G. GCN-TC: combining trace graph with statistical features for network traffic classification[C]//Proceedings of the 2019 IEEE International Conference on Communications (ICC). Washington D.C., USA: IEEE Press, 2019: 1-6.
12	NAGARAJ K, STARKE A, MCNAIR J. GLASS: a graph learning approach for software defined network based smart grid DDoS security[C]//Proceedings of the IEEE International Conference on Communications. Washington D.C., USA: IEEE Press, 2021: 1-6.
13	CAO Y Y , JIANG H , DENG Y C , et al. Detecting and mitigating DDoS attacks in SDN using spatial-temporal graph convolutional network. IEEE Transactions on Dependable and Secure Computing, 2021, 19 (6): 3855- 3872.
14	WANG K X , CUI Y H , QIAN Q , et al. USAGE: uncertain flow graph and spatio-temporal graph convolutional network-based saturation attack detection method. Journal of Network and Computer Applications, 2023, 219, 103722. doi: 10.1016/j.jnca.2023.103722
15	DU R Y , HUANG M H , LIU F L . Multi-classification algorithm based on graph convolutional neural network for intrusion detection. Signal, Image and Video Processing, 2025, 19 (6): 493. doi: 10.1007/s11760-025-04083-x
16	SUN B Y, YANG W Y, YAN M Q, et al. An encrypted traffic classification method combining graph convolutional network and autoencoder[C]//Proceedings of the 39th IEEE International Performance Computing and Communications Conference (IPCCC). Washington D.C., USA: IEEE Press, 2020: 1-8.
17	RAN L Y , CUI Y H , GUO C , et al. Defending saturation attacks on SDN controller: a confusable instance analysis-based algorithm. Computer Networks, 2022, 213, 109098. doi: 10.1016/j.comnet.2022.109098
18	XIAO M , CUI Y H , QIAN Q , et al. KIND: a novel image-mutual-information-based decision fusion method for saturation attack detection in SD-IoT. IEEE Internet of Things Journal, 2022, 9 (23): 23750- 23771. doi: 10.1109/JIOT.2022.3190269
19	AHALAWAT A , BABU K S , TURUK A K , et al. A low-rate DDoS detection and mitigation for SDN using Renyi entropy with packet drop. Journal of Information Security and Applications, 2022, 68, 103212. doi: 10.1016/j.jisa.2022.103212
20	ASSIS M V O , CARVALHO L F , LLORET J , et al. A GRU deep learning system against attacks in software defined networks. Journal of Network and Computer Applications, 2021, 177, 102942. doi: 10.1016/j.jnca.2020.102942
21	SAID ELSAYED M, LE-KHAC N A, DEV S, et al. Network anomaly detection using LSTM based autoencoder[C]//Proceedings of the 16th ACM Symposium on QoS and Security for Wireless and Mobile Networks. New York, USA: ACM Press, 2020: 37-45.
22	KALKAN K , ALTAY L , GUR G , et al. JESS: joint entropy-based DDoS defense scheme in SDN. IEEE Journal on Selected Areas in Communications, 2018, 36 (10): 2358- 2372. doi: 10.1109/JSAC.2018.2869997
23	LI Z Y , XING W J , KHAMAISEH S , et al. Detecting saturation attacks based on self-similarity of OpenFlow traffic. IEEE Transactions on Network and Service Management, 2019, 17 (1): 607- 621.
24	Open networking foundation: OpenFlow switch specification1.3.0[EB/OL]. [2024-02-05]. http://www.cs.yale.edu/homes/yuminlan/teach/csci599-fall12/papers/openflow-spec-v1.3.0.pdf.
25	ZHOU Y D , LI H , CHEN K Y , et al. Raze policy conflicts in SDN. Journal of Network and Computer Applications, 2022, 199, 103307.
26	LEI K , LIN G J , ZHANG M M , et al. Measuring the consistency between data and control plane in SDN. ACM Transactions on Networking, 2022, 31 (2): 511- 525.
27	农黄武, 黄传河, 黄晓鹏. 基于SDN的胖树数据中心网络的多路径路由算法. 计算机科学, 2016, 43 (6): 32-34, 76.
	NONG H W , HUANG C H , HUANG X P . SDN-based multipath routing algorithm for fat-tree data center networks. Computer Science, 2016, 43 (6): 32-34, 76.
28	CUI Y H , YAN L S , LI S F , et al. SD-anti-DDoS: fast and efficient DDoS defense in software-defined networks. Journal of Network and Computer Applications, 2016, 68, 65- 79.
29	PENG J C , CUI Y H , QIAN Q , et al. ADVICE: towards adaptive scheduling for data collection and DDoS detection in SDN. Journal of Information Security and Applications, 2021, 63, 103017.
30	Nmap: the network mapper-free security scanner[EB/OL]. [2024-02-05]. https://nmap.org/nping/.
31	ZHAO L , SONG Y J , ZHANG C , et al. T-GCN: a temporal graph convolutional network for traffic prediction. IEEE Transactions on Intelligent Transportation Systems, 2019, 21 (9): 3848- 3858.

[1]	HAO Zhifeng, LI Yanglin, XU Boyan, CAI Ruichu. Hypergraph Neural Networks for Cross-domain Text-to-SQL [J]. Computer Engineering, 2025, 51(5): 114-123.
[2]	LIU Wenjie, CHEN Liang, REN Zhijie. Few-shot Relation Reasoning Model Based on Graph Neural Network and Meta-Learning [J]. Computer Engineering, 2025, 51(5): 124-132.
[3]	YAO Xun, WANG Haipeng, HU Xinrong, YANG Jie. Multi-view Contrastive Recommendation Algorithm Based on Adaptive Enhancement [J]. Computer Engineering, 2025, 51(5): 103-113.
[4]	LIU Yunxiang, LIANG Zhichao. A Highly Efficient Traffic Prediction Model for Continuous Time-series Graph Attention Networks [J]. Computer Engineering, 2025, 51(4): 350-359.
[5]	LI Siyuan, ZHONG Xingyu, LI Kaiyin, XU Qingzhen. Strategy Teaching Research Based on Multilayer Graph Relationship and Reinforcement Learning [J]. Computer Engineering, 2025, 51(3): 122-130.
[6]	CHEN Depin, ZHAO Shen, JIAO Yiping, WANG Xiangxue, LÜ Hong, XU Jun. Graph Construction on Whole Image Slides Based on Attention and Learnable Threshold [J]. Computer Engineering, 2025, 51(3): 229-240.
[7]	Zhengkang ZHANG, Dan YANG, Tiezheng NIE, Yue KOU. Self-Supervised Learning Based on Graph Structural Clustering for Disease Diagnosis Method [J]. Computer Engineering, 2024, 50(7): 360-371.

Please choose a citation manager

Content to export