Compressing Deep Learning Model for Agile Moving Target Defense

The moving target defense achieves the effect of defending against network attacks by constantly changing the attack surface. IP hopping defense is a typical representative of network layer moving target defense technology. It has been verified to show considerable defense effect against DDoS attacks and scanning attacks. Aiming at the problems that the system resource overhead of the existing IP hopping defense technology is too large, an agile IP hopping defense technology based on compressed neural network is proposed in this paper. A convolutional neural network (CNN) is deployed to sense the attack. In the training, the CNN uses techniques of clipping and quantizing to make the trained model show low storage occupation and high processing efficiency. The lightweight CNN determines the current attack situation according to the flow table data uploaded regularly by each switch in the data plane. Then configure and trigger two different levels of IP hopping according to the judgment results. Experimental results show that compared with the current typical IP hopping defense methods, the proposed method can significantly reduce the system overhead, including storage occupation, channel occupation and so on. In terms of security, the performance of the proposed method is equivalent to the existing state-of-art method against DDoS attacks and scanning attacks.