Research On Key Techniques In Network Performance And Security Management Based On SDN/NFV

To overcome the problems of current Inernet such as increased traffic,solidified structure,mobile support and lack of innovation,Software-Defined Networking(SDN)and Network Functions Virutalization(NFV)are proposed by the academic world.The architectures,key techonologies and typical applications about SDN/NFV are widely studied and carried out.However,there are little researches focusing on the security issues about SDN and NFV,which leads SDN and NFV could not satisfy the needs of high secure and available application scenarios.So,we must study the methods and mechanisms to improve the quality of network servies and security level of networks ultilizing the advantages of SDN and NFV.Also,we must study the security assessment methods for SDN/NFV-based networks.This thesis focuses on these issues,which is orgainized as follows:In Chaper 1,we firstly introduces the background about our thesis.Then,the researches about SDN and NFV are discussed.This chapter points out the significance of our researches.The main works are introduced and the structure of this paper is provided.In Chapter 2,we analysis the foundaments and applications of SDN and NFV.Firstly,we present the concepts and founddations about SDN and NFV,including the relations about SDN and NFV.Then,we introduce the researches about the network security applications of SDN and NFV.Thirdly,we introduce the security researches about SDN/NFV-based network.At last,we introduce the researches about the applications of SDN/NFV-based computer cloud,Internet of Things and mobile networks.In Chapter 3,we discusses the motivation concerning availability of VNS and presents a scheme to provide high available SDN/NFV-based Virtual Network Service in multi-provider scenario.Firstly,the particular threat vectors lying in the service provision in multi-providers scenarios is discussed.Then,the high available SDN/NFV-based VNS architecture in multi-providers scenarios is proposed.Following this,we study the unique characteristics of SDN service and their impacts to the service composition mechanism.Then,based on NGSON,we propose a service composition framework special for SDN that utilize the advantages of SDN environment such as global view of network that benefits for service registry and service discovery.In Chapter 4,a novel energy-oriented scheme for extending collaboration lifetime of Cyber-Physical Systems using SDN and NFV is presented.Firstly,the global view and central control properties of SDN are used to monitor Cyber-Physical Systems.Also,workflows and protocols in the mechanism are presented.Secondly,a game theoretic topology decision approach is proposed to decide the topology clustering and Virtual Network Function deployment of sensors at run-time of Cyber-Physical Systems effectively.Finally,the simulation results of case study show the proposed scheme has longer lifetime than traditional schemes.In Chapter 5,a multi-stage attack mitigation mechanism is proposed for SDHN using SDN and NFV.Firstly,an evidence-driven security assessment method using SDN factors and NFV-based detection is designed to perform security assessment along with observed security events.Secondly,an attack mitigation countermeasure selection method is proposed.The evaluation shows that the proposed mechanism is effective for multi-stage attack mitigation in SDHN.In Chapter 6,an effective security assessment mechanism based on attack graphs and an Analytic Hierarchy Process(AHP)is proposed for SDN-based Mobile networks(SDN-MNs).Firstly,this paper discusses the security assessment problem of SDN-MNs and proposes a methodology using attack graphs and AHP.Secondly,to address the diversity and complexity of SDN-MNs,a novel attack graph definition and attack graph generation algorithm are proposed.In order to quantify security levels,the Node Minimal Effort(NME)is defined to quantify attack cost and derive system security levels based on NME.Thirdly,to calculate the NME of an attack graph that takes the dynamic factors of SDN-MN into consideration,we use AHP integrated with the Technique for Order Preference by Similarity to an Ideal Solution(TOPSIS)as the methodology.Finally,we offer a case study to validate the proposed methodology.The case study and evaluation show the advantages of the proposed security assessment mechanism.