Research On Moving Target Defense Based On Network Layer In SDN

The static and homogeneous character of the network has caused the current imbalance between attack and defense.Moving Target Defense(MTD)technology reverses the offense-defense asymmetry by continuous dynamic variation,thus the complexity of network attacks can be increased.Network layer hopping is one of the focuses of moving target defense.The emergence of Software Defined Network(SDN),a new software-based network architecture technology,has provided new ideas for the research of network layer hopping technology.However,there are still some limitations in network layer hopping research.In routing hopping,unreasonable selection rules and selection timing lead to the same paths or nodes is used frequently,this situation making hopping easily predictable;the time overhead caused by hopping mechanism is ignored leading to lower hopping availability.In IP address hopping,with the increment of host communication time,the blind hopping in the limited available IP addresses lead to IP addresses are reused.To address the above shortcomings of network layer route hopping and IP address hopping,dynamic random route hopping mechanism and time-varying IP address hopping mechanism are proposed in SDN,experimental analysis is performed to verify their effectiveness.The main work of this thesis is as follows.(1)A dynamic random route hopping mechanism is proposed.Firstly Jaccard matrix constraint and path usage timing constraint are constructed using Jaccard distance,dynamically selects alternative path hopping sets through the above constraints to improve the unpredictability of hopping;secondly path weights is defined according to the important cross nodes in the paths,and the final hopping paths are randomly selected according to the weights in the alternative paths,and avoid cross nodes to make it harder for an attacker to eavesdrop large amounts of data at the node;Finally,the pre-distribution strategy of flow entries is defined in the SDN environment,it can reduce the time overhead caused by hopping,ensure that the host communication properly,and improve the availability of hopping mechanism.(2)The time-varying IP address hopping mechanism is proposed.With the increment of host communication time,different address hopping policies are automatically selected.The time-varying IP address hopping mechanism includes the random walk address hopping strategy and the high-low frequency address hopping strategy.The random walk address hopping forms the available addresses into a twodimensional matrix,randomly selects the hopping addresses in the matrix during the hopping process;the low frequency hopping process of the high-low frequency address hopping uses the improved Page Rank algorithm to assign the available address groups to the hosts,and the high frequency hopping process randomly selects hopping address pairs in the assigned address group and assigns them to hosts until all addresses in the assigned address group are used.Improves the unpredictability of IP address hopping in the limited available IP address space.(3)Using Ryu as the SDN controller and Mininet as the simulation experiment platform.The route hopping and IP address hopping mechanism proposed in this thesis are simulated,the experimental analysis shows that the combination of two modules,When transmitting files,the increased time overhead compared with no jump is between 2% and 3.2%,and the delay generated by communication is at the millisecond level,which can ensure that the network jump has low overhead and does not affect normal communication.The difference degree of jump path is stable above 0.7,which improves the unpredictability of network layer jump and increases the difficulty of attack monitoring.