Tongxin xuebao (Mar 2025)
Attack traffic allocation and load balancing mechanism for SDN
Abstract
To tackle the problem of traditional traffic allocation methods in software-defined networks (SDN) potentially failing to effectively detect distributed denial of service (DDoS) attacks, a traffic allocation and load balancing mechanism for attack traffic was proposed. The traffic allocation problem was modeled as a Markov decision process (MDP), where the reward function included both resource consumption and delay. To optimize the MDP, a load balancing algorithm based on actor-critic networks was developed. This algorithm allocated traffic to different paths based on traffic and network features with the goal of reducing load and latency. The experimental results demonstrate that, under self-generated and public datasets, the proposed method achieves higher reward than the baseline load balancing methods, indicating its superior performance in load balancing. In terms of throughput, it exhibits high stability with a relatively small variation range, fluctuating between 12.95 Mbit/s and 14.83 Mbit/s. Regarding traffic distribution, the traffic is relatively evenly distributed across all paths. In terms of detection performance, the average weighted precision, average weighted recall, and average weighted F1 score are 90%, 92% and 94%, respectively.
