A Design And Realization Of Network's Access Control Based On The SDN Frame

The development of Internet brings much convenience to our job, but it also brings great challenge to the safety of our confidential information in our company. There is the urgent need that we should realize the Information network isolation between departments and the access control to the users to protect our information resource and enhance the safety of Internet in a mobile office environment. As we know, the traditional routers decide the path to the destination according to only part of the picture they can get, totally based on the automated system. So traditional routers can't satisfy the need mentioned before. The software defined network(SDN) based on the central control system brings light to the darkness.The first part of this thesis introduces that in a SDN architecutre how to realize the access control based on the flow and build a network which can isolate people according to their identity. And the isolation can be easily done using a configuration file.The design of the application includes database design, logic of the access control in the controller, the pages in the server and the conversation between the server and the controller. All the data of the people including their state and the data got when they are surfing are saved in the database. The database is shared by the controller and the server. The controller can indirectly control the switches to realise the access control and isolation. The server gives pages to login and regist and can interact with the controller to help building the network. In order to improve the user's experience, the system supports the auto-login function so that when people reconnect to the network in a short time, he do not need to login again and this function is also available when his ip changes.In order to relieve the threat by the auto-login, in the second part of this thesis, current technology of recognition is anlysised and then a method to get the data of the user's behavior according to the statistics of the flow is shown. Once the feature vector of a person is got, then we can build the specific fingerprint of him. Then we can check the validity of the one who auto logins. The second part introduces the frame of the recheck frame which has two steps and the algrithm to extract the feature vector. The first step of the rechecking is based on the surfing time and the rate of flow and the second step is based on the result of a RBF neural network which is used to recognise people by the specific fingerprint.In the end of this thesis, all the function mentioned before is proved by a test. And this thesis gives the simulation results of the legitimacy authentication to prove that the rechecking method can improve the security of this system.