Deep Learning Based Detection Method for SDN Malicious Applications

  • Chi Yaping
  • Yu YuzhouEmail author
  • Yang Jianxi
Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 517)


SDN is a new type of network architecture. The core technology of the SDN is to separate the control plane of the network device from the data plane so as to achieve flexible control of network traffic. Such structure and characteristics have put forward higher requirements on the security protection capability of the SDN controller. However, there are still less researches on malicious applications for the SDN network architecture. This article aims at this problem, based on the analysis of the existing malicious application detection methods and on deep learning technology proposed by a detection method for SDN malicious applications. Finally, under the TensorFlow deep learning simulation environment Keras, 30 SDN malicious samples were studied and tested. The experimental data show that the detection rate of this method for malicious applications can reach 89%, which proves the feasibility and scientificity of the program.


SDN Malicious applications Deep learning 



This research was financially supported by the National Key R&D Program of China (No: 2018YFB1004101).


  1. 1.
    Zhang, Y., Pan, X., Liu, Q.: APT attacks and defenses. pp. 1–7 (2017-08-10).
  2. 2.
    Ceron, J.M., Margi, C.B., Granville, L.Z.: MARS: an SDN-based malware analysis solution. In: Computers and Communication, pp. 525–530. IEEE (2016); Foster, I., Kesselman, C.: The Grid: Blueprint for a New Computing Infrastructure. Morgan Kaufmann, San Francisco (1999)Google Scholar
  3. 3.
    Lee, C., Shin, S.: SHIELD: an automated framework for static analysis of SDN applications. In: ACM, pp. 29–34 (2016)Google Scholar
  4. 4.
    Röpke, C.: SDN Malware: Problems of Current Protection Systems and Potential Countermeasures. Lecture Notes in Informatics (LNI), Gesellschaft fur Informatik, Bonn (2016)Google Scholar
  5. 5.
    Röpke, C., Holz, T.: SDN Rootkits: subverting network operating systems of software-defined networks. In: Research in Attacks, Intrusions, and Defenses, pp. 339–356. Springer International Publishing (2015)Google Scholar
  6. 6.
    Lee, S., Yoon, C., Shin, S.: The smaller, the shrewder: a simple malicious application can kill an entire SDN environment. In: ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, pp. 23–28. ACM (2016)Google Scholar
  7. 7.
    Dai, H., Dai, B., Song, L.: Discriminative embeddings of latent variable models for structured data (2016)Google Scholar
  8. 8.
    Cheung, S., Fong, M., Porras, P., et al.: Securing the software-defined network control layer (2015)Google Scholar
  9. 9.
    Röpke, C., Holz, T.: On network operating system security. Int. J. Netw. Manag. 26(1), 6–24 (2015)CrossRefGoogle Scholar
  10. 10.
    Feng, Q., Zhou, R., Xu, C., et al.: Scalable graph-based bug search for firmware images. In: ACM Sigsac Conference on Computer and Communications Security, pp. 480–491. ACM (2016)Google Scholar
  11. 11.
    Xu, X., Liu, C., Feng, Q., et al.: Neural network-based graph embedding for cross-platform binary code similarity detection. In: National Center for Biotechnology Information (2017).

Copyright information

© Springer Nature Singapore Pte Ltd. 2020

Authors and Affiliations

  1. 1.Beijing Electronics Science & Technology InstituteBeijingChina

Personalised recommendations