The Design And Implementation Of A Network Intrusion Prevention System Based On SDN

With the continuous development of network technology, the Internet is becoming increasingly popular, the Internet has become an important infrastructure. However, at the same time, malicious behavior of Internet is also more diverse, these malicious acts undermined the order of Internet, threat to information and property security of Internet user, even has a serious threat to the national security. Faced with new security threats, the traditional security technologies seem slow and inefficient in urgent need of a new technology to build a more efficient and agile security systems to provide strong protection for Internet. HYDRA is a network intrusion prevention system of SDN-based, the system through OpenFlow switch control network packet forwarding, to achieve the attack traffic blocked, sample collection of malicious traffic, and cooperation with intrusion detection systems(IDS), to achieve malicious attacks automated responses.Firstly, introduced the development of SDN controller technology, compared and analyzed the current mainstream controller--RYU, ONOS, ODL, and explained the reasons for choosing RYU Controller.Design and implementation of HYDRA system is the core work of this dissertation. First, the operating environment and demand HYDRA system has been described. After that, introduced the structure design, module design, runtime management system, and comparative analysis of similar systems. Subsequently, introduced the HYDRA system implementation of the key issues. Finally, introduce the test of HYDRA system, especially consistency equipment test.Study OpenFlow forwarding mechanism is the focus of the research work. Designed and implemented the response rule based on OpenFlow forwarding mechanism analysis. And illustrate application scenarios of sample collection function by DNS abuse detection and Botnet detection.Automated response is another focus of this research. Paper describes the status of automated response technology, design and implement DDoS automation response model, combined with attacks blocked background, DDoS automated response model was tested.