摘要
网络地址空间随机转换技术通过分配虚拟IP、改变发送端和接收端主机的IP地址,致力于构建一种动态、异构的网络,其目的是增加系统随机性并减少可预见性,以此增加攻击者攻击难度来对抗同类攻击。利用了新型网络架构OpenFlow具有的数据平面控制平面分离、集中控制以及传输规则动态更新等特性,将网络地址空间随机转换技术与OpenFlow网络技术相结合,在Floodlight控制器上设计了一种新型的改变IP的解决方案,可通过分配虚拟IP提升不可预测性,减少了网络中蠕虫攻击和网络嗅探发生的可能性。
By allocating IP address and changing IP address in source and destination hosts,network address space randomization is utilized to construct a dynamic and heterogeneous network to decrease the attacking possibility and predictability.The research mainly deploys the features of OpenFlow network including data plane and control plane decoupling,centralized control of the network and dynamic updating of forwarding rules,combines the advantages of the network address space randomization technology with the features of the OpenFlow network,and designs a novel resolution towards IP mutation in Floodlight controller.The research can help improve the unpredictability and decrease the possibility of worm attacking and IP sniffing by IP allocation.
出处
《信息工程大学学报》
2017年第5期595-600,共6页
Journal of Information Engineering University
基金
国家自然科学基金资助项目(61309016)
