摘要
针对现有网络态势感知研究无法按需获取态势信息,不能根据网络攻击态势威胁情况对网络结构进行动态调整等问题,利用SDN对网络流量灵活控制的基本原理,并结合OpenDaylight控制器良好的扩展性和可管控性等性质,提出一种基于SDN的虚拟蜜网架构。通过构建SDN虚拟蜜网,实现了数据控制层与数据传输层的分离,解决了传统蜜网在网络态势获取方面存在的流量控制困难以及物理机部署不方便、动态调整部署复杂的问题。最后,利用Mininet平台搭建SDN虚拟蜜网进行仿真验证,实验结果表明SDN虚拟蜜网能够实现按需获取态势信息、动态调整网络结构等功能,从而减少网络攻击态势威胁。
Aimed at the problems that the existing network situation awareness cannot acquire on-demand situation information and cannot adjust the network structure according to situational threat of network attacks dynamically, a SDN-based virtual honeynet architecture is proposed on the basis of flexible traffic control principle with the combination of good scalability and manageability of OpenDaylight controller. Through constructing a SDN-based virtual honeynet, the separation between data control layer and data transmission layer is realized. Simultaneously, traffic controlling difficulty and inconvenience of deploying or dynamically adjusting physical machines are solved compared to traditional honeynets. At last, the paper utilizes Mininet platform for building SDN virtual honeynet. The experiment results show that the SDN-based virtual honeynet can achieve on-demand access to situation information and dynamic adjustment of network structure etc. , thus reducing the network attack threat.
出处
《空军工程大学学报(自然科学版)》
CSCD
北大核心
2017年第3期79-84,共6页
Journal of Air Force Engineering University(Natural Science Edition)
基金
陕西省工业科技攻关项目(2016GY-087)
关键词
攻击态势
软件定义网络
虚拟蜜网
按需获取
动态调整
attack situation
software defined networking
virtual honeynet
on-demand acquisition
dynamic adjustment
