Research On Key Technologies Of Mimic Defense In Software-defined Network

Software Defined Networking(SDN)proposes a centralized control architecture that separates control from forwarding.It provides an open programming interface and fine-grained packet operations,bringing innovation and convenience to network applications.As a new type of network architecture,SDN also faces new security challenges,mainly reflected in the control plane,including centralized control,controller vulnerabilities and malicious applications.For this reason,researchers put forward a variety of defense methods,for example,integrating traditional defense technologies,adopting security mechanisms and optimizing the deployment of controllers.However,these methods all have their own flaws,in particular,they can’t deal effectively with unknown security threats in the control plane.Mimic defense as a new proactive defense technology improves the endogenous security of information systems through the construction of a dynamic,heterogeneous and redundant architecture,aiming to change the "easy to attack and difficult to defense" dilemma in current network.In the theoretical derivation and engineering practice,the researchers have verified the safety gain of the mimic defense technology on the target system,and gradually promoted it in the information field with high security requirements.Therefore,integrating mimic defense technology into the control plane in SDN is of great significance to improve the security of the network.Based on these,this dissertation researches the key technologies of mimic defense in Software Defined Networking.At First,we put forward a concrete feasible defense architecture and solve the new problems it brings.Then,we quantify the problems of security scheduling strategy and mimic synchronization.The main contributions of this dissertation include:1.For solving the current security problem in SDN,a centralized security architecture that provides dynamic,heterogeneous and redundant(DHR)control is proposed,which means integrating mimic defense technology and enhances the anti-attack capability of the control plane.Firstly,based on the analysis of the SDN prototype instance-OpenFlow protocol,we implement the DHR architecture through a controller proxy,so that multiple master controllers can exist at the same time.Secondly,based on FlowVisor,a prototype of the proxy is implemented,focusing on solving new problems introduced,including definition and adjustment of controller group,identification and grouping of responses.Thirdly,for the problem of the differential response of multiple heterogeneous controllers,a method based on Head Space Analysis(HAS)is proposed,which can compare multiple sets of flowtable entries at the semantic level.Finally,by comparing and testing the prototype system,it is verified that the mimic defense technology can improve the reliability and security of the SDN network,but introduces a certain degree of performance overhead and response delay.2.For large-scale and widely distributed SDN networks,a distributed mimic defense architecture is proposed to meet its requirements of large throughput and high scalability.Firstly,we design a secure and reliable distributed interaction protocol that supports DHR,namely DMP(Distributed Mimic Protocol),which includes security authentication,request response,dynamic transformation and so on.DMP not only ensures the cooperation of distributed multi-controllers,but also prevents malicious controllers from co-cheating and clears their accumulated attack experience.Then,we study the optimal deployment of multi-controller locations under the DMP protocol to improve the efficiency of the protocol in the SDN network.Finally,simulation results verify that the distributed mimic defense architecture can significantly improve the security of the SDN network compared with the traditional master/slave mechanism and Byzantine fault tolerance mechanism.3.For the SDN network with mimic defense,a multi-controller scheduling strategy based on negative feedback mechanism is studied to further improve the security of the control plane and reduce the performance overhead brought by the mimic mechanism.Firstly,the scheduling management framework based on negative feedback mechanism in the mimicized SDN network is discussed.Then,two scheduling algorithms,dynamic flexibility scheduling based on utility and self-learning scheduling based on historical behavior,are proposed from the three scheduling parameters of scheduling time,scheduling quantity and scheduling object.Among them,the dynamic flexibility scheduling adjusts scheduling period and controllers’ amount according to a certain trend to the current security situation in the network and with some randomness,reducing the performance overhead of scheduling on the premise of ensuring its safety;self-learning scheduling gathers statistics and learns the security information of heterogeneous controllers and among controllers,and quantifies it as a parameter,to select out more high-quality controller combinations.Finally,simulation results prove the effectiveness of the above scheduling algorithm,which ensures the gain in both network security and performance.4.To solve the problem of the difference of multiple controllers’ network view(or working state)brought by the scheduling,we study the consistency between them to ensure the normal running of mimicized SDN network and further improve the performance and usability of the system.Firstly,a synchronization method based on distributed database is proposed,and the shared network view is abstracted.Then,with the characteristics of SDN,we quantify metrics of consistency,performance and usability,and establish its analysis model.At the same time,we solve the optimal values of several kinds of consistency problems and the conditions to get these values,providing guidance to configure consistency parameters.Finally,simulation results prove the validity of the above quantitative model,which can effectively improve the performance and availability of the network under the premise of ensuring the consistency requirement.Based on the National Natural Science Foundation of China,“Study of the basic theory of mimic defense in cyberspace”,the research results can provide support for mimic network architecture and key technologies of mimic defense.At the same time,this research also helps to scientifically verify the basic method and effectiveness of mimic defense technology in the specific environment of SDN,and broaden new research fields about security in SDN.