摘要
针对现有的基于SDN负载均衡方案在安全性、资源利用以及灵活性等方面存在的问题,结合拟态防御理论提出一种基于SDN的服务器安全调度框架,构造独立的威胁处理模块,避免威胁处理与网络业务相互影响,设计调度逻辑模块对服务器进行监控、调度和分析。调度逻辑模块内置基于拟态防御的调度算法和动态多样性调度策略,算法根据服务器的处理能力、安全等级、运行状态等参数计算负载,提高服务器集群的资源利用率,保证新到来任务的合理分发;调度策略动态调节服务器数量,确保框架内任务的均衡分配,增加攻击和渗透的难度。
For the problems of security,resource utilization and flexibility in the existing load balancing schemes,a multi-server security scheduling framework based on SDN is proposed in this paper,which combined with the theory of pseudo de⁃fense.To avoid the interaction between threat processing and the normal network services,an independent threat processing module is constructed in the paper.Then the scheduling logic module is designed to monitor,schedule and analyze server load status,which is built-in the scheduling algorithm based on pseudo defense and dynamic diversity scheduling strategies.The algorithm cal⁃culates the load of the server according to its processing capacity,security level and running state,which can improve the resource utilization of server cluster and guarantee the reasonable distribution of new task requests.The strategies dynamically adjust the num⁃ber of servers,in order to ensure the balanced distribution of tasks within the framework,while increasing the difficulty of attack and penetration.
作者
高杨
曲宝满
GAO Yang;QU Baoman(Wuhan Digital Engineering Institute,Wuhan 430205;Defense Science and Industry Bureau,Beijing 100048)
出处
《计算机与数字工程》
2020年第11期2697-2701,2716,共6页
Computer & Digital Engineering
关键词
SDN技术
负载均衡
网络安全
SDN(Software Defined Network)technology
load balancing
security
