摘要
软件定义网络(software-defined networks,SDN)通过逻辑集中的网络控制,提高了网络编程的灵活性,但由此引入的安全威胁若被攻击者利用将会直接危及整个网络架构。针对SDN的特性,将安全威胁分类汇总为入侵攻击、异常攻击、DDoS和DoS攻击、欺骗攻击4类。鉴于DDoS和DoS攻击在SDN环境下比在传统网络环境下更具针对性且危害性更大,因此着重从攻击原理、手段和效果方面进行系统论述。最后根据攻击类型对现有对抗方案进行了介绍,并根据现有技术的不足提出未来的研究方向与发展趋势。
Software-defined networks(SDN)increase the flexibility of network programming through logically centralized network control,but the subsequent security threats that are exploited by attackers will directly compromise the entire network architecture.According to the characteristics of SDN,security threats were classified into four types including intrusion attacks,anomaly attacks,DDoS and DoS attacks and spoofing attacks.Since the DDoS and DoS attacks are more targeted and harmful in the SDN environment than in traditional networks,the principles,methods and effects of attacks were mainly formulated.In addition,the existing countermeasures were reviewed according to the type of attacks.Finally,the future research directions and development trends were proposed according to the shortcomings of the existing technology.
作者
王丽娜
王斐
刘维杰
WANG Lina;WANG Fei;LIU Weijie(School of Cyber Science and Engineering,Wuhan University,Wuhan 430072,Hubei,China;Tencent Technology(Shenzhen)Company Limited,Shenzhen 518000,Guangdong,China)
出处
《武汉大学学报(理学版)》
CAS
CSCD
北大核心
2019年第2期153-164,共12页
Journal of Wuhan University:Natural Science Edition
基金
国家自然科学基金(U1836112)
NSFC-通用技术基础研究联合基金(U1536204)
中央高校基本科研业务费专项资金(2042018kf10 28)
信息保障技术重点实验室基金(61421120301162112009)
关键词
软件定义网络
集中控制
策略违反
分布式拒绝服务攻击
software-defined networks(SDN)
centralized control
policy violations
distributed denial of service attacks
