摘要
软件定义网络(software-defined network,SDN)是一种新型网络架构,其特点是控制与转发分离并支持通过编程的方式对网络进行控制・SDN与工业控制系统的结合为解决工业控制系统信息安全问题提供了新的思路,同时也使得DDoS攻击成为工业控制系统网络的主要安全威胁.过载攻击作为一种转换的DDoS攻击,利用SDN控制器及交换机中负载受限这一漏洞,对整个SDN网络造成威胁.与此同时,由于SDN网络业务需求量的不断增长和网络应用的多样性,SDN网络规模正在由初期的单一控制器网络逐步向多控制器网络转变•面对日益复杂的网络规模,在边缘端资源受限的情况下难以进行有效防御.针对上述问题,利用云端资源优势,基于SDN网络,并结合端址跳变和负载均衡算法提出一种工业控制系统边云协同信息安全防护方法,有效防御DDoS攻击.
Software-defined network(SDN)is a new type of network architecture,which is characterized by the separation of control and forwarding and supports programmatic control of the network.The combination of SDN and industrial control systems provides new ideas for solving the information security problems of industrial control systems,while also making DDoS attacks a major security threat to industrial control system networks.As a converted DDoS attack,overload attack uses the vulnerability of limited load in SDN controllers and switches to pose a threat to the entire SDN network.At the same time,due to the continuous growth of SDN network service demand and the diversity of network applications,the scale of SDN network is gradually changing from the initial single-controller network to the multi-controller network.Facing the increasingly complex network scale,it is difficult to effectively defend the attacks when resources on the edge are limited.Therefore,based on SDN network,this article proposes an edge-cloud synergy information security protection method for industrial control system to effectively defend against DDoS attacks,which uses the resource advantage of cloud computing and combines with port and address hopping and load balancing algorithms.
作者
叶鑫豪
周纯杰
朱美潘
杨健晖
Ye Xinhao;Zhou Chunjie;Zhu Meipan;Yang Jianhui(School of Artificial Intelligence and Automation,Huazhong University of Science and Technology,Wuhan 430074)
出处
《信息安全研究》
2021年第9期861-870,共10页
Journal of Information Security Research
基金
国家自然科学基金项目(61873103)
关键词
DDOS攻击
软件定义网络
边云协同
工业控制系统
信息安全
DDoS attacks
software-defined network
edge-cloud synergy
industrial control system
information security
