摘要
软件定义网络开放可编程的特点提高网络管理的灵活性,管理员通过OpenFlow协议下发流表项对网络进行管理。由于流表项的无状态性,攻击者可以通过改写交换机中的流规则,从而达到绕过安全规则实施攻击的目的。规则之间存在依赖性,直接删减流表项并不能解决冲突,并且可能引入新的冲突。针对这一问题,提出一种基于节点安全性的路径构造方法解决规则冲突,通过使用BP神经网络判断路由节点的状态,对异常节点,重路由过程中控制器将对相关节点进行隔离。仿真分析可知,该方法建立的安全路由路径可以有效打破冲突规则间的依赖性,进而解决规则冲突。
Network management flexibility of software-defined network is improved due to its open and programmable features. The administrator manages the network by issuing flow entries through the OpenFlow protocol. However, due to the statelessness of the flow entry, an attacker can rewrite the flow rule in the switch to implement the attack by passing the security rule. Due to the dependency between the rules, deleting the flow entry directly does not resolve the conflict and may introduce new conflicts. In order to solve this problem, this paper proposes a rerouting mechanism based on secure path to solve the rule conflict. The BP neural network is used to judge the state of the routing node. For the abnormal node, the controller will isolate the relevant nodes during rerouting. Simulation analysis shows that the secure routing path established by this method can effectively break the dependency between conflict rules and solve the rule conflicts.
作者
郝巍
伊鹏
江逸茗
HAO Wei;YIN Peng;JIANG Yiming(National Digital Switching System Engineering and Technological R&D Center, Zhengzhou 450002, China)
出处
《信息工程大学学报》
2018年第6期654-658,共5页
Journal of Information Engineering University
基金
国家863计划资助项目(2015AA016102)
国家自然科学基金资助项目(61521003)
