摘要
提出了一种支撑多路径负载均衡配置的SDN拟态防御架构,首先,针对以往强化学习方法的状态空间狭小,难以提取人工特征性等问题,利用深度强化学习方法,结合网络链路负载和流量特征,进行多路径的自适应配置,以确保网络服务的负载均衡。而后,将动态异构冗余架构引入SDN控制层,来确保生成的路径配置信息准确性,并利用Openflow中的packet_in消息进行数据转发路径效验机制的设计,由此建构SDN拟态防御架构;最后,通过仿真对比实验得出SDN拟态防御框架下的失效概率始终处于稳定的低位状态的结论,可见安全防御性能更优。
This paper proposes a pseudo defense architecture of SDN supporting multi-path load balancing configuration.Firstly,in view of the narrow state space of the previous reinforcement learning methods,it is difficult to extract the artificial characteristics.Therefore,the dynamic heterogeneous redundant architecture is introduced into SDN control layer to ensure the accuracy of the generated path configuration information,and the packet in of Openflow is used to design the data forwarding path validation mechanism,so as to construct the SDN pseudo defense architecture.Finally,the simulation results show that the failure probability of the pseudo defense framework with SDN is always in a stable low state,and the security defense performance is better.
作者
陈荔
CHEN Li(Department of Information Network, Chang’an University, Xi’an 710064, China)
出处
《微型电脑应用》
2022年第1期202-205,共4页
Microcomputer Applications
关键词
路径配置
拟态防御
流表资源
路径效验
path configuration
pseudo defense
flow table resource
path validation
