基于安全态势感知SDN网络拓扑污染攻击防御系统设计

Design of SDN topology pollution attack defense system based on security situation awareness

针对原有SND网络拓扑污染攻击防御系统数据威胁等级评估精度低造成的防御对策效果较差的问题,设计基于安全态势感知SDN网络拓扑污染攻击防御系统。沿用原有系统中部分硬件,选用嵌入式芯片设计SND控制器与检测网络构架。软件部分仅针对威胁等级评估部分设计。采用安全态势感知技术完成威胁可信度评估中数据获取与分析工作,设定攻击知识库提升对攻击数据的分析能力并制定相应防御对策框架;将分析处理后的威胁信息通过归一化处理完成威胁量化;采用量化后的信息运用编程系统评估其攻击源威胁等级并根据评估结果,采取对应的防御对策。至此,基于安全态势感知SDN网络拓扑污染攻击防御系统设计完成。构建系统性能测试环境完成性能测试,与原有防御系统相比,此系统威胁等级评估精度更高,与样本更加接近。因而,此防御系统性能更佳。

In allusion to the poor defense countermeasure effect caused by the low assessment accuracy of the data threat level of the original SDN(software⁃defined network)topology pollution attack defense system,a SDN topology pollution attack defense system based on security situation awareness is designed,in which some hardware of the original system is retained,and the embedded chip is used for the design of SDN controller and detection network architecture.In the software part,the design is performed only for the threat level assessment part.The security situation awareness technology is used to complete the data acquisition and analysis of the threat credibility assessment.The knowledge base of attack is set up to improve the ability of analyzing the attack data,and lay down the framework of corresponding defense countermeasures.The threat to the analyzed and processed threat information is quantized by means of the normalized processing.The quantified information and the programming system are used to assess the threat level of the attack source,and the corresponding defense countermeasures are taken according to the evaluation results.Thus,the design of SDN topology pollution attack defense system based on security situational awareness is completed.The system performance testing environment was built to accomplish the performance test.In comparison with the original defense system,the threat level assessment accuracy of this system is higher and closer to the sample.Therefore,it has better performance.