摘要
在软件定义网络的控制平面引入多个控制器,从而动态地改变控制器与底层网络的映射关系是一种有效缓解控制器安全威胁的方法。然而,现有的工作缺乏研究控制器动态调度的时间问题,由此,在分析软件定义网络的安全现状以及动态控制器研究的基础之上,首先说明了动态平面控制器调度时间的重要性,并在先前的研究基础之上刻画了动态控制平面的安全工作流程;进一步地,将动态调度的时间问题建模为更新收益过程,并提出一种对防御者最优的调度算法。实验仿真基于真实的网络攻击信息集,对比分析表明,提出的算法明显优于固定周期的算法和随机算法。
Introducing multiple controllers to software defined network so that dynamically altering the mapping relationship between controller and the underlying network is an effective method to ease the security threats in control plane. However, little previous work has been done to investigate the economical time in dynamic-scheduling controllers. Firstly, the importance of scheduling-time in dynamic control plane based on security in SDN and dy- namic control plane was introduced. Further, this problem was modeled as a renewal reward process and an optimal algorithm in deciding the right time to schedule was proposed. In our experiments, Simulations based on real net- work attack dataset are conducted and it demonstrate that proposed algorithm outperforms fixed-cycle algorithms and random algorithm.
出处
《网络与信息安全学报》
2018年第1期36-44,共9页
Chinese Journal of Network and Information Security
基金
国家自然科学基金创新群体基金资助项目(No.61521003)
国家自然科学基金青年基金资助项目(No.61309020
No.61602509)
国家重点研发计划基金资助项目(No.2016YFB0800100
No.2016YFB0800101)
The Foundation for Innovative Research Groups of the National Natural Science Foundation of China(No.61521003)
The National Natural Science Foundation of China(No.61309020
No.61602509)
The National Key R&D Program of China(No.2016YFB0800100
No.2016YFB0800101)
关键词
软件定义网络
网络安全
控制器
software defined network, network security, controller
