摘要
软件定义网络的出现为防御DDo S攻击提供了新的思路.首先,从网络体系结构角度建模分析了DDo S攻击所需的3个必要条件:连通性、隐蔽性与攻击性;然后,从破坏或限制这些必要条件的角度出发,提出了一种能够对抗DDo S攻击的软件定义安全网络机制SDSNM(software defined security networking mechanism).该机制主要在边缘SDN网络实现,同时继承了核心IP网络体系架构,具有增量部署特性.利用云计算与Chord技术设计实现了原型系统,基于原型系统的测量结果表明,SDSNM具有很好的扩展性和可用性.
The emerging software defined networking(SDN) offers a new way to rethink the defense of DDo S attacks. In this paper the DDo S attacks are first modeled and analyzed from the perspective of network architecture, and the necessary conditions of DDo S attacks such as connectivity, concealment and aggressivity are presented. Then for breaking or limiting these necessary conditions, a software defined security networking mechanism(SDSNM) against DDo S attacks is proposed. The security mechanism is implemented in the edge SDN networks while inheriting the core infrastructure of IP network. Cloud computing and Chord technology are also employed to solve the expansibility and consistency problems. The experiments demonstrate that SDSNM is feasible and incrementally deployable.
作者
王秀磊
陈鸣
邢长友
孙志
吴泉峰
WANG Xiu-Lei CHEN Ming XING Chang-You SUN Zhi WU Quan-Feng(College of Command Information System, PLA University of Science & Technology, Nanjing 210007, China Information Management Center, Naval Aeronautical Engineering Institute Qingdao Branch, Qingdao 266041, China)
出处
《软件学报》
EI
CSCD
北大核心
2016年第12期3104-3119,共16页
Journal of Software
基金
国家重点基础研究计划(973)(2012CB315806)
国家自然科学基金(61379149
61402521
61103225)
江苏省自然科学基金(BK20140070
BK20140068)
江苏省未来网络科技计划(BY2013095-1-06)~~
