期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于SDN架构的地址跳变技术研究 被引量:5

IP Mutation Technology based on SDN Network
下载PDF
导出
摘要 网络嗅探作为网络攻击的前奏,对于网络安全存在较大威胁。为增强网络本身的抗嗅探窃听能力,在移动目标防御网络的地址跳变技术的研究基础上提出了一种基于传输过程的地址跳变方案,主要思想是在SDN网络架构下,控制器通过为传输路由上交换机下发不同流表来实现IP地址的跳变。仿真结果表明,可以以较小的网络开销实现跳变机制,并使网络对于网络嗅探达到较高的防御能力。 As the prelude of network attack , network sniffering is a big threat to the network security. Based on the research achievement of moving target defence, a mechanism or strategy of IP address muta- tion in transmitting process is proposed, thus to enhance immunity of the network to sniffering. The main i- dea of this mechanism is that under the frame of SDN network, the controller by using 0penFlow protocol, writes different flow-tables to switch on the route and realizes IP mutation. Simulation results indicate that the IP mutation may be achieved at a comparatively low network overhead while a better network defense capability to the network sniffer for the network obtained.
作者 高诚 陈世康 王宏 董青
机构地区 西南通信研究所
出处 《通信技术》 2015年第4期430-434,共5页 Communications Technology
关键词 SDN OpenFlow协议 IP地址跳变 移动目标防御 SDN OpenFlow protocol IP mutation moving target defense
分类号 TN911 [电子电信—通信与信息系统]
  • 相关文献

参考文献10

  • 1张晓玉,李振邦.移动目标防御技术综述[J].通信技术,2013,46(6):111-113. 被引量:28
  • 2NITRD CSIA IWG Cybersecurity Game-Change Research & Devdopment Recommendations [ R ]. U. S :NITRD,2010.
  • 3McKeown N, Anderson T, Balakrishnan H, et al. Open Flow: Enabling Innovation in Campus Networks[ C]. SIG-.COMM Comput. Commun. Rev. 38(2), 69-74 (2008).
  • 4左青云,陈鸣,赵广松,邢长友,张国敏,蒋培成.基于OpenFlow的SDN技术研究[J].软件学报,2013,24(5):1078-1097. 被引量:423
  • 5Atighetchi M, Pal P, Webber F,et al. Adaptive Use of Net- work-centric Mechanisms in Cyber-defense [ J ]. In ISORC '03, Page 183. IEEE Computer Society, 2003.
  • 6Kewley D, Fink R, Lowry J, et al. Dynamic Approaches to Thwart Adversary Intelligence Gathering[ CJ. In DAR- PA Information Survivability Conference Exposition II, 2001. DISCEX '01. Proceedings,Volume 1, Pages 176- 185 vol. 1, 2001.
  • 7Antonatos S, Akritidis P, Markatos E P, et al. Defen- ding Against Hitlist Worms Using Network Address Space Randomization [ J ]. Comput. Netw. , 51 ( 12 ) : 3471 - 3490, 2007.
  • 8Ehab A1-Shaer, Qi Duan. Random Host IP Mutation for Moving Target Defense [ R]. Technical Report UNCC- CYBERDNA-0728, CyberDNA Lab, University of North Carolina at Charlotte, Charlotte, NC, July 2011.
  • 9JAFAR H J,EHAB A, DUAN Q. Openflow Random Host Mutation: Transparent Moving Target Defetrse Using Soft- ware Defined Networking[J]. HotSDN,2012(12) :127-132.
  • 10Open Networking Foundation. OpenFlow Switch Specifi- cation Versionl. l.0[S]. Feb. 28, 2011.

二级参考文献71

  • 1高常波,罗万伯,王科.计算机网络安全系统设计[J].通信技术,2003,36(3):46-47. 被引量:4
  • 2Mckeown N, Anderson T, Balakrishnan H, Parulkar G, Peterson L, Rexford J, Shenker S, Turner J. OpenFlow: Enabling innovation in campus networks. ACM SIGCOMM Computer Communication Review, 2008,38(2):69-74. [doi: 10.1145/1355734. 1355746].
  • 3Elliott C. GENI: Opening up new classes of experiments in global networking. IEEE Internet Computing, 2010,14(1):39-42.
  • 4Gavras A, Karila A, Fdida S, May M, Potts M. Future Internet research and experimentation: The FIRE initiative. ACM SIGCOMM Computer Communication Review, 2007,37(3):89-92. [doi: 10.114511273445.1273460].
  • 5JGN2plus. 2012. http://www.jgn.nict.go.jp/english/index.html.
  • 6SOFIA. 2012. http://fi.ict.ac.cn/research/sofia_overview.htm.
  • 7Yang L, Dantu R, Anderson T, Gopal R. Forwarding and Control Element Separation (ForCES) Framework. RFC 3746, 2004. http://tools.ietf.org/html/rfc3746.
  • 8Greenberg A, Hjalmtysson G, Maltz DA, Myers A, Rexford J, Xie G, Yan H, Zhan J, Zhang H. A clean slate 4D approach to network control and management. ACM SIGCOMM Computer Communication Review, 2005,35(5):41-54. [doi: 10.1145/1096536. 1096541].
  • 9Caesar M, Caldwell D, Feamster N, Rexford J, Shaikh A, Merwe J. Design and implementation of a routing control platform. In: Proc. of the 2rd USENIX Symp. on Networked Systems Design and Implementation (NSDI). Boston: USENIX Association, 2005. 15-28.
  • 10Casado M, Garfinkel T, Akella A, Freedman MJ, Boneh D, Mckeown N, Shenker S. SANE: A protection architecture for enterprise networks. In: Proc. of the 15th Conf. on USENIX Security Symp. Vancouver: USENIX Association, 2006. 137-151.

共引文献449

同被引文献32

引证文献5

二级引证文献14

通信技术
2015年 第4期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部