摘要
网络安全功能与硬件设备的紧耦合关系,造成传统网络安全服务模式静态僵化,难以满足未来业务发展的多样化安全需求。为此,基于软件定义网络环境,该文提出一种灵活可配的安全服务链动态组合机制。首先,介绍了该机制的总体结构,并建立了基于向量空间和整数规划的组合模型。其次,设计了启发式算法进行模型求解,并构建了该机制的实现原型。最后,实验结果表明所提组合算法在性能指标上优于对比算法,并且试验验证了该机制的优势。
The close relationship between the network security function and the hardware devices causes the static rigidity of the traditional security service mode, which is difficult to meet the various security requirement of future network business development. Based on the features of the Software Defined Networking(SDN), a dynamic composition mechanism is proposed for the Composable Security Service Chain(CSSC). First, the overall framework is introduced, and a mathematical model about the composition problem is established by the vector space and integer programming. Then, a heuristic algorithm is designed for solving the model, and the prototype is achieved in SDN environment. Finally, the results of the experiments show that the proposed algorithm outperforms the compared ones, and the advantage of the CSSC is validated by the simulation.
出处
《电子与信息学报》
EI
CSCD
北大核心
2016年第5期1234-1241,共8页
Journal of Electronics & Information Technology
基金
国家重点基础研究发展计划(2012CB315901
2013CB329104)
国家自然科学基金(61309019
61372121)
国家高技术研究发展计划(2013AA013505)~~
关键词
软件定义网络
安全服务
元能力
功能组合
Software Defined Networking(SDN)
Security service
Atomic ability
Function composition