| With the rapid expansion of network and the continuously enriched of the service type,the structure and function of the Internet are becoming more and more complex.The traditional router-based network is under increasing pressure and its flexibility,security,volatility has been more questioned.In this case, software-defined network(SDN) came into being.It is a new framework of network that can decouple the control plane from the data plane and control the network by centralizing the network state.However, due to the high concentration and openness of SDN architecture,malicious applications can invade the controller to control the entire network directly.This behavior may cause more damage to the new network framework than to the traditional network.To improve this situation, this paper has modified the open source framework of SDN.In this way,the OpenDaylight project will be able to withstand some attacks from the applications.Based on the latest OpenDaylight framework,the project proposed a stronger controller layer by monitoring the requests of untrusted applications and checking the flowrules to enhance the security of SDN network NBIs. The project adds a message monitoring module based on thresholds to monitor untrusted applications.Meanwhile,to prevent the new flow tables from violating the network security policy,this paper put a detection block before the new flow table installation into the flow table space.After that, The project conducts some experiments simulation in the Mininet for the modified network framework.The simulation can prove that the scheme can protect the SDN network NBIs and detect the conflict between application strategy and network security policyin real time.Also,the simulation analysis the availability of this program with the survival rate of data packets and other parameters after the netword has been attacked. |
PDF Full Text Request