Dynamic Behavior Detection Model for SDN Northbound Interface

• 1、School of Computer Science, Beijing University of Posts and Telecommunications, Beijing 100876

Abstract：With the development of Software-Defined Networking, the northbound interface as a crucial communication channel between the application layer and the control layer has faced increasing security challenges. Existing protection mechanisms mainly adopt static access control policies, which struggle to address complex threats in dynamic network environments. This paper proposes a dynamic behavior detection model for the northbound interface, which achieves precise identification of abnormal application behaviors through a multi-dimensional behavior analysis framework. Based on this, a dynamic threshold adjustment scheme using Random Forest is designed, which can adaptively adjust detection thresholds according to network status changes, effectively enhancing defense capabilities against denial-of-service attacks. Experimental results show that compared with existing approaches, the proposed model significantly reduces attack response time, enabling rapid identification and response in the early stages of attacks, while maintaining a high attack detection rate and a low false positive rate. Performance evaluation verifies that the scheme has acceptable computational overhead, proving its feasibility and practicality in real network environments, thus providing a novel and effective solution for enhancing SDN northbound interface security protection.

Keywords： Computer Network Security Software-Defined Networking Northbound Interface Dynamic Behavior Detection