一种基于P4的多模态网络控制与安全检测方案

doi:10.3969/j.issn.1671-1122.2026.01.010

摘要/Abstract

摘要：

可编程网络技术通过软件定义和编程技术控制网络设备与数据报文，提升网络灵活性、可扩展性和自动化能力，为多模态网络发展奠定基础。文章基于可编程架构设计了身份、内容、地理位置、弹性地址空间、IPv4、IPv6等6种模态的数据报文路由转发机制，并在数据平面实现报文解析、路由寻址与转发。同时，构建多模态网络控制系统，支持报文解析、拓扑管理、流表生成与下发、网络测量等功能，并集成资源协调与调度算法，可实时分析网络状态、计算路由规则并下发流表。文章通过流量特征提取实现安全检测，并基于深度学习构建多模态流量时序模型，实现异常检测与识别，引入内生安全特性，保障系统可用性和可靠性。实验结果表明，文章方案可实现多模态网络统一通信与控制，支持多种模态；控制系统功能完善且性能稳定，拓扑规模超过2000节点，平均端到端时延小于100 ms；安全检测功能可实时识别异常流量与网络模态，其中，异常流量检测准确率达到96.49%，模态识别准确率达到99.72%。

关键词: 多模态网络, 软件定义网络, 网络测量, 异常检测

Abstract:

Programmable network technology controls network devices and data packets through software-defined and programming techniques, enhancing network flexibility, scalability, and automation capabilities, thereby laying a solid foundation for the development of multimodal networks. Based on a programmable architecture, this paper designed a data packet routing and forwarding mechanism for six modalities: identity, content, geographical location, elastic address space, IPv4, and IPv6, and implemented packet parsing, routing lookup, and forwarding at the data plane. Simultaneously, a multimodal network control system was constructed to support functions such as packet parsing, topology management, flow table generation and distribution, and network measurement. It integrated resource coordination and scheduling algorithms to analyze network status in real time, compute routing rules, and distribute flow tables. Through traffic feature extraction, this paper achieves security detection and builds a multimodal network traffic time-series model based on deep learning to realize anomaly detection and identification, introducing intrinsic security features to ensure system availability and reliability. Experimental results demonstrate that the proposed scheme enables unified communication and control of multimodal networks, supporting multiple modalities. The control system is functionally complete and performs stably, with a topology scale exceeding 2000 nodes and end-to-end latency below 100ms. The security detection function can identify abnormal traffic and network modalities in real time, with an anomaly detection accuracy rate of 96.49% and a modality recognition accuracy rate of 99.72%.

Key words: polymorphic network, software defined network, network measurement, anomaly detection

中图分类号:

TP309

李冬, 高源, 于俊清, 曾木虹, 陈俊鑫. 一种基于P4的多模态网络控制与安全检测方案[J]. 信息网络安全, 2026, 26(1): 115-124.

LI Dong, GAO Yuan, YU Junqing, ZENG Muhong, CHEN Junxin. Polymorphic Network Control and Security Monitor Based on P4[J]. Netinfo Security, 2026, 26(1): 115-124.

图/表 11

图1

图2

表1

图3

图4

图5

图6

图7

图8

表2

表3

参考文献 35

[1]	BOSSHART P, DALY D, GIBB G, et al. P4: Programming Protocol-Independent Packet Processors[J]. ACM SIGCOMM Computer Communication Review, 2014, 44(3): 87-95.
[2]	HU Yuxiang, YI Peng, SUN Penghao, et al. Research on a Fully-Definable Multimodal Intelligent Network Architecture[J]. Journal on Communications, 2019, 40(8): 1-12. doi: 10.11959/j.issn.1000-436x.2019192
	胡宇翔, 伊鹏, 孙鹏浩, 等. 全维可定义的多模态智慧网络体系研究[J]. 通信学报, 2019, 40(8): 1-12. doi: 10.11959/j.issn.1000-436x.2019192
[3]	LI Hui, WU Jiangxing, XING Kaixuan, et al. An Analytical Prototype System for Multimodal Network Identifier and Domain Name Generation and Management with Multi-Party Co-Governance[J]. Science China (Information Sciences), 2019, 49(9): 1186-1204.
	李挥, 邬江兴, 邢凯轩, 等. 多边共管的多模态网络标识域名生成管理解析原型系统[J]. 中国科学:信息科学, 2019, 49(9): 1186-1204.
[4]	ZHANG Hongke, QUAN Wei, CHAO H C, et al. Smart Identifier Network: A Collaborative Architecture for the Future Internet[J]. IEEE Network, 2016, 30(3): 46-51.
[5]	WU Jiangxing. Reflections on the Development of New-Type Network Technologies[J]. Science China (Information Sciences), 2018, 48(8): 1102-1111.
	邬江兴. 新型网络技术发展思考[J]. 中国科学:信息科学, 2018, 48(8): 1102-1111.
[6]	LI Dan, HU Yuxiang, WU Jiangxing. Research on the Innovation and Development Strategy of New-Type Network Technologies[J]. Engineering Sciences, 2021, 23(2): 15-21.
	李丹, 胡宇翔, 邬江兴. 新型网络技术创新发展战略研究[J]. 中国工程科学, 2021, 23(2): 15-21. doi: 10.15302/J-SSCAE-2021.02.003
[7]	YU K, EUM S, KURITA T, et al. Information-Centric Networking: Research and Standardization Status[J]. IEEE Access, 2019, 7: 126164-126176. doi: 10.1109/ACCESS.2019.2938586
[8]	JACOBSON V, SMETTERS D K, THORNTON J D, et al. Networking Named Content[C]// ACM.The 5th International Conference on Emerging Networking Experiments and Technologies (CoNEXT 2009). New York: ACM, 2009: 1-12.
[9]	ZHANG Lixia, AFANASYEV A, BURKE J, et al. Named Data Networking[J]. ACM SIGCOMM Computer Communication Review, 2014, 44(3): 66-73. doi: 10.1145/2656877.2656887 URL
[10]	YUAN Haowei, SONG Tian, CROWLEY P. Scalable NDN Forwarding:Concepts, Issues and Principles[C]// IEEE. The 21st International Conference on Computer Communications and Networks (ICCCN 2012). New York: IEEE, 2012: 1-9.
[11]	REFAEI T, MA J, HA S, et al. Integrating IP and NDN through an Extensible IP-NDN Gateway[C]// ACM.The 4th International Conference on Information-Centric Networking (ICN 2017). New York: ACM, 2017: 224-225.
[12]	GUO Xingchang. Research and Implementation of IP and NDN Coexistence and Interworking Mechanisms in Multimodal Networks[D]. Beijing: Beijing Jiaotong University, 2021.
	国兴昌. 多模态网络中NDN与IP共存互通机制研究与实现[D]. 北京: 北京交通大学, 2021.
[13]	LIU Ying, REN Gang, WU Jianping, et al. Building an IPv6 Address Generation and Traceback System with NIDTGA in Address Driven Network[J]. Science China Information Sciences, 2015, 45: 1-14.
[14]	DONG Fang, CHENG Chengqi, GUO Shide. Design and Research on GeoIP[C]// IEEE. The 14th International Conference on Computer Supported Cooperative Work in Design (CSCWD 2010). New York: IEEE, 2010: 13-17.
[15]	HOU Saifeng, TIAN Le, HU Yuxiang, et al. Geographic Routing and Addressing Scheme for Multi-Source Data Retrieval[J]. Journal of Beijing University of Posts and Telecommunications, 2021, 44(2): 1-7. doi: 10.13190/j.jbupt.2020-227
	侯赛凤, 田乐, 胡宇翔, 等. 面向多源信息采集的地理位置路由寻址机制[J]. 北京邮电大学学报, 2021, 44(2): 1-7. doi: 10.13190/j.jbupt.2020-227
[16]	LUO Wanming, LIU Shihao, JIA Yihao, et al. Flexible IP: An Adaptable IP Address Structure and Its Efficient Addressing Scheme[J]. Computer Networks, 2022, 203: 87-96.
[17]	WU Yunbing, ZENG Weisen, GAO Hang, et al. Multimodal Sarcasm Explanation Survey Based on Dual-Stream Residual Fusion[J]. Journal of Chinese Computer Systems. 2024, 45(11): 2628-2635.
	吴运兵, 曾炜森, 高航, 等. 基于双流残差融合的多模态讽刺解释研究[J]. 小型微型计算机系统, 2024, 45 (11): 2628-2635.
[18]	CAO Xiaoli, LI Yitao, XIONG Xingzhong, et al. Dynamic Routings in Satellite Networks: An Overview[J]. Sensors, 2022, 22(12): 4552-4566. doi: 10.3390/s22124552 URL
[19]	MEDVED J, VARGA R, TKACIK A, et al. OpenDaylight: Towards a Model-Driven SDN Controller Architecture[C]// IEEE. IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks 2014. New York: IEEE, 2014: 1-6.
[20]	BERDE P, GEROLA M, HART J, et al. ONOS:Towards an Open, Distributed SDN OS[C]// ACM. HotSDN ’14:The Third Workshop on Hot Topics in Software Defined Networking. New York: ACM, 2014: 1-6.
[21]	BHARDWAJ S, PANDA S N. Performance Evaluation Using RYU SDN Controller in Software-Defined Networking Environment[J]. Wireless Personal Communications, 2022, 122: 701-723. doi: 10.1007/s11277-021-08920-3
[22]	REN Hui, LI Xiaoming, GENG Junjie, et al. A SDN-Based Dynamic Traffic Scheduling Algorithm[C]// IEEE. 2016 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC). New York: IEEE, 2016: 514-518.
[23]	BEGAM G S, SANGEETHA M, SHANKER N R. Load Balancing in DCN Servers through SDN Machine Learning Algorithm[J]. Arabian Journal for Science and Engineering, 2022, 47: 1423-1434. doi: 10.1007/s13369-021-05911-1
[24]	BAGAA M, DUTRA D, TALEB T, et al. On SDN-Driven Network Optimization and QoS Aware Routing Using Multiple Paths[J]. IEEE Transactions on Wireless Communications, 2020, 19(7): 4700-4714. doi: 10.1109/TWC.7693 URL
[25]	FOSIC I, ZAGAR D, GRGIC K, et al. Anomaly Detection in NetFlow Network Traffic Using Supervised Machine Learning Algorithms[J]. Journal of Industrial Information Integration, 2023, 33: 466-482.
[26]	GIOTIS K, ARGYROPOULOS C, ANDROULIDAKIS G, et al. Combining OpenFlow and SFlow for an Effective and Scalable Anomaly Detection and Mitigation Mechanism on SDN Environments[J]. Computer Networks, 2014, 62: 122-136. doi: 10.1016/j.bjp.2013.10.014 URL
[27]	TAN Lizhuang, SU Wei, ZHANG Zhenyi, et al. In-Band Network Telemetry: A Survey[J]. Computer Networks, 2021, 186: 63-77.
[28]	JOSHI R, QU Ting, CHAN M C, et al. BurstRadar: Practical Real-Time Microburst Monitoring for Datacenter Networks[C]// ACM. APSys’18: The 9th Asia-Pacific Workshop on Systems. New York: ACM, 2018: 1-8.
[29]	ILHA A S, LAPOLLI A C, MARQUES J A, et al. Euclid: A Fully In-Network, P4-Based Approach for Real-Time DDoS Attack Detection and Mitigation[J]. IEEE Transactions on Network and Service Management, 2020, 18(3): 3121-3139. doi: 10.1109/TNSM.2020.3048265 URL
[30]	NAM S, LIM J, YOO J, et al. Network Anomaly Detection Based on In-band Network Telemetry with RNN[C]// IEEE. 2020 IEEE International Conference on Consumer Electronics-Asia (ICCE-Asia). New York: IEEE, 2020: 1-4.
[31]	SCANO D, PAOLUCCI F, KONDEPU K, et al. Extending P4 In-Band Telemetry to User Equipment for Latency- and Localization-Aware Autonomous Networking with AI Forecasting[J]. Journal of Optical Communications and Networking, 2021, 13(9): 103-114.
[32]	TULI S, CASALE G, JENNINGS N R. TranAD: Deep Transformer Networks for Anomaly Detection in Multivariate Time Series Data[J]. VLDB Endowment, 2022, 15(6): 1201-1214.
[33]	XU Jiehui, WU Haixu, WANG Jianmin, et al. Anomaly Transformer: Time Series Anomaly Detection with Association Discrepancy[EB/OL]. (2022-04-15)[2025-03-21]. https://ise.thss.tsinghua.edu.cn/-mlong/doc/anomaly-transformer-iclr22.pdf.
[34]	SHARAFALDIN I, LASHKARI A H, HAKAK S, et al. Developing Realistic Distributed Denial of Service (DDoS) Attack Dataset and Taxonomy[C]// IEEE.The 53rd IEEE International Carnahan Conference on Security Technology (ICCST). New York: IEEE, 2019: 1-8.
[35]	SHARAFALDIN I, LASHKARI A H, GHORBANI A A. Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization[C]// ACM. The 4th International Conference on Information Systems Security and Privacy (ICISSP). New York: ACM, 2023: 108-116.

符号及名称	说明
流量集合P	多模态网络中所有模态数据包的集合
拓扑视图g	控制平面获取的拓扑整体视图
路由策略$\pi $	流表模块根据模态标识计算的最佳路径
消息队列Q	生产者C ，消费者F
网络状态S	进行多模态安全测量的网络状态
测量指标V	经过网络测量得到的网络指标
解析模块I	输入数据包$p\in P$，输出模态标识$m$
控制模块C	$\left\{ g,\pi,Q \right\}$
流表模块F	输入模态标识$m$，输出路由策略$\pi $和流表项$\Phi $
测量模块T	输入网络状态$s\in S$，输出测量指标$\mathcal{V}$
安全模块S	输入$\mathcal{V}$，输出异常检测结果$\tau $

算法	精确率	召回率	F1分数
Transformer	96.49%	94.68%	95.58%
LSTM	95.96%	93.64%	94.79%
TCN	95.96%	93.67%	94.80%
RNN	74.39%	65.62%	69.67%

算法	精确率	召回率	F1分数
Transformer	99.72%	99.71%	99.71%
LSTM	99.60%	99.59%	99.59%
TCN	99.63%	99.63%	99.63%
RNN	99.21%	99.20%	99.20%