基于仿生免疫的可编程数据平面入侵检测方法

doi:10.3969/j.issn.1671-1122.2025.08.008

信息网络安全 ›› 2025, Vol. 25 ›› Issue (8): 1263-1275.doi: 10.3969/j.issn.1671-1122.2025.08.008

基于仿生免疫的可编程数据平面入侵检测方法

孙南¹^,², 秦中元¹^,³(), 胡爱群¹^,³, 李涛¹^,³

1.东南大学网络空间安全学院，南京 211189
2.陆军炮兵防空兵学院，南京 211132
3.东南大学移动信息通信与安全前沿科学中心，南京 211189

收稿日期:2024-06-20 出版日期:2025-08-10 发布日期:2025-09-09
通讯作者: 秦中元 E-mail:zyqin@seu.edu.cn
作者简介:孙南（1992—），男，江苏，讲师，硕士，主要研究方向为信息与通信|秦中元（1974—），男，江苏，副教授，博士，CCF会员，主要研究方向为网络与信息安全|胡爱群（1966—），男，江苏，教授，博士，CCF会员，主要研究方向为信息系统安全、物理层安全|李涛（1984—），男，江苏，副教授，博士，CCF会员，主要研究方向为信息系统安全、内生安全
基金资助:
国家自然科学基金(U22B2026);中央高校基本科研业务费专项资金(2242022k60005)

Immune-Based Intrusion Detection Methods for Programmable Data Plane

SUN Nan¹^,², QIN Zhongyuan¹^,³(), HU Aiqun¹^,³, LI Tao¹^,³

1. School of Cyber Science and Engineering, Southeast University, Nanjing 211189, China
2. PLA Army Academy of Artillery and Air Defense, Nanjing 211132, China
3. Frontiers Science Center for Mobile Information Communication and Security, Southeast University, Nanjing 211189, China

Received:2024-06-20 Online:2025-08-10 Published:2025-09-09

摘要/Abstract

摘要：

针对传统入侵检测系统易导致系统性能瓶颈的突出问题，受高等生物免疫系统的启发，文章突破传统入侵检测系统外壳式防御的架构基础，设计了一种适用于可编程数据平面的仿生免疫入侵检测方法。该方法利用仿生固有免疫系统进行流量过滤，初步拦截部分入侵流量，对于仍然存疑的流量则启动仿生适应性免疫系统进行深度特征采集、识别与处理，实现了对入侵流量的高效检测。实验结果表明，该方法能够实现较高的检测准确率和较低的控制器负载。

关键词: 仿生免疫, 可编程数据平面, 入侵检测, P4语言

Abstract:

This study, aiming at the prominent issue of performance bottlenecks in traditional intrusion detection systems, drawed inspiration from the higher biological immune system and broken through the architectural foundation of the shell-based defense approach in traditional intrusion detection systems. A bio-inspired immune intrusion detection method suitable for programmable data planes was designed. This method utilized the innate immune system to filter traffic, preliminarily intercepting some intrusive traffic. For traffic that remains suspicious, the bio-inspired adaptive immune system was activated to conduct deep feature collection, identification, and processing, achieving efficient detection of intrusive traffic. Experimental results demonstrate that this method can achieve high detection accuracy and low controller load.

Key words: bionic immunity, programmable data plane, intrusion detection, P4 language

中图分类号:

TP309

孙南, 秦中元, 胡爱群, 李涛. 基于仿生免疫的可编程数据平面入侵检测方法[J]. 信息网络安全, 2025, 25(8): 1263-1275.

SUN Nan, QIN Zhongyuan, HU Aiqun, LI Tao. Immune-Based Intrusion Detection Methods for Programmable Data Plane[J]. Netinfo Security, 2025, 25(8): 1263-1275.

图/表 13

图1

表1

表2

图2

图3

图4

图5

图6

表3

表4

图7

图8

图9

参考文献 27

[1]	CHAMOU D, TOUPAS P, KETZAKI E, et al. Intrusion Detection System Based on Network Traffic Using Deep Neural Networks[C]// IEEE. 2019 IEEE 24th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks. New York: IEEE, 2019: 1-6.
[2]	KIM J, BENTLEY P J, AICKELIN U, et al. Immune System Approaches to Intrusion Detection-A Review[J]. Natural Computing, 2007, 6(4): 413-466.
[3]	LI Tao, HU Aiqun, FANG Lanting. Bionic Control Mechanism Based Research of Endogenous Immune Architecture for Information System[J]. Journal of Cyber Security, 2022, 7(2): 87-100.
[4]	GONG Feili. Medical Immunology[M]. Beijing: Science Press, 2012.
	龚非力. 医学免疫学[M]. 北京: 科学出版社, 2012.
[5]	SONG C, PARK Y, GOLANI K, et al. Machine-Learning Based Threat-Aware System in Software Defined Networks[C]// IEEE. 2017 26th International Conference on Computer Communication and Networks (ICCCN). New York: IEEE, 2017: 1-9.
[6]	SANTOS D S A, WICKBOLDT J A, GRANVILLE L Z, et al. ATLANTIC:A Framework for Anomaly Traffic Detection, Classification, and Mitigation in SDN[C]// IEEE. NOMS 2016-2016 IEEE/IFIP Network Operations and Management Symposium. New York: IEEE, 2016: 27-35.
[7]	CHEN Zhuo, JIANG Fu, CHENG Yijun, et al. XGBoost Classifier for DDoS Attack Detection and Analysis in SDN-Based Cloud[C]// IEEE. 2018 IEEE International Conference on Big Data and Smart Computing. New York: IEEE, 2018: 251-256.
[8]	SWAMI R, DAVE M, RANGA V. Voting-Based Intrusion Detection Framework for Securing Software-Defined Networks[J]. Concurrency and Computation: Practice and Experience, 2020, 32(24): 1-16.
[9]	ELSAYED R A, HAMADA R A, ABDALLA M I, et al. Securing IoT and SDN Systems Using Deep-Learning Based Automatic Intrusion Detection[EB/OL]. (2023-03-03)[2024-06-10]. https://doi.org/10.1016/j.asej.2023.102211.
[10]	AL R M, JAVEED D, KHAN M T, et al. Cyber Threats Detection in Smart Environments Using SDN-Enabled DNN-LSTM Hybrid Framework[J]. IEEE Access, 2022, 10: 53015-53026.
[11]	KRANTHI S, KANCHANA M, SUNEETHA M. A Study of IDS-Based Software-Defined Networking by Using Machine Learning Concept[EB/OL]. (2022-02-08)[2024-06-10]. https://doi.org/10.1007/978-981-16-5689-7_6.
[12]	HAIDER S, AKHUNZADA A, MUSTAFA I, et al. A Deep CNN Ensemble Framework for Efficient DDoS Attack Detection in Software Defined Networks[J]. IEEE Access, 2020, 8: 53972-53983.
[13]	LI Jiaqi, ZHAO Zhifeng, LI Rongpeng, et al. AI-Based Two-Stage Intrusion Detection for Software Defined IoT Networks[J]. IEEE Internet of Things Journal, 2019, 6(2): 2093-2102. doi: 10.1109/JIOT.2018.2883344
[14]	BARRADAS D, SANTOS N, RODRIGUES L, et al. FlowLens: Enabling Efficient Flow Classification for ML-Based Network Security Applications[EB/OL]. (2021-02-21)[2024-06-10]. https://www.ndss-symposium.org/wp-content/uploads/ndss2021_7C-2_24067_paper.pdf.
[15]	XIONG Zhaoqi, ZILBERMAN N. Do Switches Dream of Machine Learning? Toward In-Network Classification[C]// ACM. The 18th ACM Workshop on Hot Topics in Networks. New York: ACM, 2019: 25-33.
[16]	XAVIER B M, GUIMARAES R S, COMARELA G, et al. Programmable Switches for In-Networking Classification[C]// IEEE. IEEE INFOCOM 2021-IEEE Conference on Computer Communications. New York: IEEE, 2021: 1-10.
[17]	LUO Junming, LIU Waixi, TAN Miaoquan, et al. Binary Neural Network with P4 on Programmable Data Plane[C]// IEEE. 2022 18th International Conference on Mobility, Sensing and Networking. New York: IEEE, 2022: 960-965.
[18]	ZHENG Changgang, XIONG Zhaoqi, BUI T T, et al. IIsy: Practical In-Network Classification[EB/OL]. (2022-06-19)[2024-06-10]. https://arxiv.org/abs/2205.08243.
[19]	Canadian Institute for Cybersecurity. CIC-IDS-2017 Dataset[EB/OL]. [2024-06-10]. https://www.unb.ca/cic/datasets/ids-2017.html.
[20]	XAVIER B M, SILVA G R, COMARELA G, et al. MAP4: A Pragmatic Framework for In-Network Machine Learning Traffic Classification[J]. IEEE Transactions on Network and Service Management, 2022, 19(4): 4176-4188.
[21]	LI Yu. Research on Internet Intrusion Detection Technology Based on Deep Learning[D]. Chengdu: University of Electronic Science and Technology of China, 2023.
	李宇. 基于深度学习的互联网入侵检测技术研究[D]. 成都: 电子科技大学, 2023.
[22]	LOPEZ-MARTIN M, CARRO B, SANCHEZ-ESGUEVILLAS A. Application of Deep Reinforcement Learning to Intrusion Detection for Supervised Problems[EB/OL]. (2019-09-18)[2024-06-10]. https://doi.org/10.1016/j.eswa.2019.112963.
[23]	ELSAYED M S, LE-KHAC N A, JURCUT A D. InSDN: A Novel SDN Intrusion Dataset[J]. IEEE Access, 2020, 8: 165263-165284.
[24]	XU Yuhua, SUN Zhixin. Research Development of Abnormal Traffic Detection in Software Defined Networking[J]. Journal of Software, 2020, 31(1): 183-207.
	徐玉华, 孙知信. 软件定义网络中的异常流量检测研究进展[J]. 软件学报, 2020, 31(1): 183-207.
[25]	YANG Yintan. Research on SDN Intrusion Detection Technology Based on Convolutional Neural Network[D]. Xi'an: Xidian University, 2019.
	杨垠坦. 基于卷积神经网络的SDN入侵检测技术研究[D]. 西安: 西安电子科技大学, 2019.
[26]	KRISHNAN A S, SIVALINGAM K M, SHAMI G, et al. Flow Classification for Network Security Using P4-Based Programmable Data Plane Switches[C]// IEEE. 2023 IEEE 9th International Conference on Network Softwarization. New York: IEEE, 2023: 374-379.
[27]	LI Yuliang, MIAO Rui, KIM C, et al. FlowRadar: A Better NetFlow for Data Centers[EB/OL]. (2019-09-18)[2024-06-10]. https://www.usenix.org/conference/nsdi16/technical-sessions/presentation/li-yuliang.

特征	描述
Dst-Port	目的端口
Src-Port	源端口
Protocol-Type	协议类型
Packet Size	数据包大小
IP-Flag	数据包是否分段

类型	评价指标
类型	精确率	召回率	F1分数	准确率
Attack	0.96	1.00	0.98	0.97
Benign	1.00	0.95	0.97	0.97
平均值	0.98	0.97	0.97	—

类型	评价指标
类型	精确率	召回率	F1分数	准确率
Benign	0.99	0.99	0.99	0.99
DoS	0.99	1.00	0.99
DDoS	1.00	1.00	1.00
Patator	1.00	1.00	1.00
Web Attack	0.53	0.27	0.36
Bot	0.94	1.00	0.96
PortScan	0.99	1.00	1.00
Infiltration	1.00	0.75	0.86
平均值	0.93	0.87	0.89	—

类型	评价指标
类型	精确率	召回率	F1分数	准确率
Normal	1.00	0.98	0.99	0.99
DoS	1.00	1.00	1.00
DDoS	1.00	1.00	1.00
BFA	0.84	0.99	0.91
Probe	1.00	1.00	1.00
Web Attack	0.87	1.00	0.93
Botnet	1.00	1.00	1.00
平均值	0.96	0.99	0.98	—

基于仿生免疫的可编程数据平面入侵检测方法

Immune-Based Intrusion Detection Methods for Programmable Data Plane

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 13

参考文献 27

相关文章 15

编辑推荐

Metrics

本文评价

[1]	曹越, 方泊璎, 魏高达, 李金宇, 杨洋, 彭涛. 车载以太网环境下CAN总线入侵检测系统兼容性评估与优化[J]. 信息网络安全, 2025, 25(8): 1175-1195.
[2]	金志刚, 李紫梦, 陈旭阳, 刘泽培. 面向数据不平衡的网络入侵检测系统研究综述[J]. 信息网络安全, 2025, 25(8): 1240-1253.
[3]	荀毅杰, 崔嘉容, 毛伯敏, 秦俊蔓. 基于联邦学习的智能汽车CAN总线入侵检测系统[J]. 信息网络安全, 2025, 25(6): 872-888.
[4]	金增旺, 江令洋, 丁俊怡, 张慧翔, 赵波, 方鹏飞. 工业控制系统安全研究综述[J]. 信息网络安全, 2025, 25(3): 341-363.
[5]	刘晨飞, 万良. 基于时空图神经网络的CAN总线入侵检测方法[J]. 信息网络安全, 2025, 25(3): 478-493.
[6]	刘联海, 黎汇业, 毛冬晖. 基于图像凸包特征的CBAM-CNN网络入侵检测方法[J]. 信息网络安全, 2024, 24(9): 1422-1431.
[7]	张浩, 谢大智, 胡云晟, 叶骏威. 基于半监督学习的网络异常检测研究综述[J]. 信息网络安全, 2024, 24(4): 491-508.
[8]	江荣, 刘海天, 刘聪. 基于集成学习的无监督网络入侵检测方法[J]. 信息网络安全, 2024, 24(3): 411-426.
[9]	冯光升, 蒋舜鹏, 胡先浪, 马明宇. 面向物联网的入侵检测技术研究新进展[J]. 信息网络安全, 2024, 24(2): 167-178.
[10]	金志刚, 丁禹, 武晓栋. 融合梯度差分的双边校正联邦入侵检测算法[J]. 信息网络安全, 2024, 24(2): 293-302.
[11]	孙红哲, 王坚, 王鹏, 安雨龙. 基于Attention-BiTCN的网络入侵检测方法[J]. 信息网络安全, 2024, 24(2): 309-318.
[12]	金志刚, 陈旭阳, 武晓栋, 刘凯. 增量式入侵检测研究综述[J]. 信息网络安全, 2024, 24(12): 1819-1830.
[13]	沈华, 田晨, 郭森森, 慕志颖. 基于对抗性机器学习的网络入侵检测方法研究[J]. 信息网络安全, 2023, 23(8): 66-75.
[14]	彭翰中, 张珠君, 闫理跃, 胡成林. 联盟链下基于联邦学习聚合算法的入侵检测机制优化研究[J]. 信息网络安全, 2023, 23(8): 76-85.
[15]	刘长杰, 石润华. 基于安全高效联邦学习的智能电网入侵检测模型[J]. 信息网络安全, 2023, 23(4): 90-101.