<p>Software-defined networking (SDN) centralizes control, simplifying network management and configuration while simultaneously increasing vulnerability to attacks, such as large-scale Distributed Denial-of-Service (DDoS) attacks or network topology spoofing. Conventional intrusion detection methods that rely on feature engineering or static graph modeling often fail to capture the complex topological dependencies and dynamic temporal patterns inherent in network traffic. To address this issue, a dynamic multi-scale spatio-temporal graph neural network framework, named DMSTG-AD, is proposed for intrusion detection. The model employs Gated Recurrent Unit (GRU)-driven dynamic node embeddings, an adaptive adjacency matrix, and edge–node collaborative convolution to extract spatial dependencies, while multi-scale dilated convolutions and a bidirectional GRU jointly capture short-term fluctuations and long-term trends. A spatio-temporal cross-attention mechanism is designed to integrate spatial and temporal features, thereby enhancing anomaly detection capabilities. Experimental results demonstrate that the proposed DMSTG-AD model achieves a multi-classification accuracy of 99.34% on the CIC-IDS2017 dataset and an overall accuracy of 99.88% on the InSDN dataset, both of which significantly exceed those of existing mainstream methods. Ablation experiments further validate the critical importance of dynamic modeling, dual-channel feature extraction, and the cross-attention mechanism in improving detection performance. This study not only offers a novel approach for high-precision intrusion detection in SDN environments but also broadens the application prospects of dynamic graph neural networks in the field of network security.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

DMSTG-AD: an SDN intrusion detection method based on dynamic multi-scale spatio-temporal graph neural network

  • Ji Zhao,
  • Damin Zhang,
  • Qing He,
  • Mu Lin,
  • Yuhan Yang

摘要

Software-defined networking (SDN) centralizes control, simplifying network management and configuration while simultaneously increasing vulnerability to attacks, such as large-scale Distributed Denial-of-Service (DDoS) attacks or network topology spoofing. Conventional intrusion detection methods that rely on feature engineering or static graph modeling often fail to capture the complex topological dependencies and dynamic temporal patterns inherent in network traffic. To address this issue, a dynamic multi-scale spatio-temporal graph neural network framework, named DMSTG-AD, is proposed for intrusion detection. The model employs Gated Recurrent Unit (GRU)-driven dynamic node embeddings, an adaptive adjacency matrix, and edge–node collaborative convolution to extract spatial dependencies, while multi-scale dilated convolutions and a bidirectional GRU jointly capture short-term fluctuations and long-term trends. A spatio-temporal cross-attention mechanism is designed to integrate spatial and temporal features, thereby enhancing anomaly detection capabilities. Experimental results demonstrate that the proposed DMSTG-AD model achieves a multi-classification accuracy of 99.34% on the CIC-IDS2017 dataset and an overall accuracy of 99.88% on the InSDN dataset, both of which significantly exceed those of existing mainstream methods. Ablation experiments further validate the critical importance of dynamic modeling, dual-channel feature extraction, and the cross-attention mechanism in improving detection performance. This study not only offers a novel approach for high-precision intrusion detection in SDN environments but also broadens the application prospects of dynamic graph neural networks in the field of network security.