摘要
将地址端口跳变技术引入SDN网络主动防御中,提出基于透明同步和随机时隙的SDN地址端口跳变(TSRI-SNAPH)方案。针对严格时间同步和ACK同步技术存在的严格时间同步难达到、同步报文易被截获分析等问题,充分利用SDN逻辑集中控制特性,将跳变功能置于SDN控制器,可实现通信双方的透明跳变同步,不但不需要严格的时间同步,也不需要发送额外的同步报文。针对固定跳变时隙方案易被截获分析的问题,提出基于泊松到达过程的随机跳变时隙方案,可有效增加截获分析的难度和开销。理论分析与实验结果表明,TSRISNAPH方案在负载增加较少的情况下,可有效抵御截获分析和拒绝服务攻击,且可有效防范内部威胁。
This paper introduced the address and port hopping technology into SDN active defense, and proposed a new transparent synchronization and random interval based SDN network address and port hopping (TSRI-SNAPH) scheme. While the strict time synchronization technology was difficult to achieve, and the synchronization packets of ACK synchronization technology were easy to be intercepted and analyzed, it took advantage of SDN logically centralized control feature and places the hopping function in the SDN controller, which could achieve transparent hopping synchronization of both sides of the communication, not only did not require strict time synchronization, but also did not need to send additional synchronization packets. Existing fixed hopping interval schemes were easy to be intercepted and analyzed, it proposed a random hopping interval scheme based on Poisson arrival process, which could effectively increase the attacker' s difficulty and cost. Theoretical analysis and experimental results show that this proposed TSRI-SNAPH scheme can effectively resist network interception analysis attack and denial of service attack, and can effectively resist the internal threats.
作者
唐秀存
张连成
孔亚洲
徐良华
Tang Xiucun Zhang Liancheng Kong Yazhou Xu Lianghua(Jiangnan Institute of Computing Technology, Wuxi Jiangsu 214083, China State Key Laboratory of Mathematical Engineering & Advanced Computing, Zhengzhou 450001, China)
出处
《计算机应用研究》
CSCD
北大核心
2016年第12期3774-3779,共6页
Application Research of Computers
基金
国家自然科学基金青年基金资助项目(61402525
61402526)
国家高技术研究发展计划资助项目(2012AA012902)
关键词
软件定义网络
地址端口跳变
移动目标防御
截获分析
拒绝服务
software defined network(SDN)
address and port hopping
moving target defense
interception and analysis
denial of service
