摘要
软件定义网络引入了数据平面与控制平面的分离,同时也带来了比传统网络更多的攻击方式。针对软件定义网络从检测出异常到攻击防御结束过程中新流表项下发的安全性进行了研究,为交换机引入安全等级划分机制,根据交换机所处的状态,将交换机划分为三个安全等级,并将攻击检测与路由选择相结合。实验结果表明交换机等级划分的安全路由策略能够使软件定义网络面对攻击表现出动态可伸缩的能力,从而减小攻击对网络所造成的危害。
Software defined network introduces the separation between data plane and control plane, however it encounters more attacks than the traditional network. This paper introduced security hierarchies mechanism for software defined network switch based on the research on the security of new flow table entity delivery during the process from the detection of abnormal status to the completion of defense. According to the status of switches, it used three security levels to .classify the switches, and combined the attack detection and routing selection. Experimental results show that the security routing strategy based on switch security levels enables software defined network to show dynamic scalable capacity when it is faced with attack, which reduces the harm caused by the attacks on the network.
出处
《计算机应用研究》
CSCD
北大核心
2017年第2期522-525,共4页
Application Research of Computers
基金
国家"973"计划资助项目(2012CB315901)
国家自然科学基金资助项目(61379079)
河南省科技厅攻关资助项目(122102210042)
关键词
软件定义网络
攻击检测
安全等级划分
网络感知
software defined network
attack detection
security hierarchy
network awareness
