Research On Behavior Analysis Of Network User Towards SDN Firewall

Network security is an urgent problem to be solved in the current network,and one of the most effective way to solve the network security problem is to use the firewall.However,There are many problems with traditional firewalls.One of the main problems of the traditional firewall network architecture is that the firewall security policy is configured by the network administrator one by one.With the rapid development of network technology and the complexity of network application services,that make the number of security policies increasing,so the configuration of network security policy brought a huge burden to the network administrator.And the emergence of Software Defined Networking(SDN)can solve these problems.SDN is a new network architecture that enables network administrators to centralize and programmable control of the global network.In SDN network architecture,network administrators achieve security policy batch processing in a way of centralized management,and are able to dynamically set the number and location of firewalls in the network based on the status information of the underlying network device.In addition,network administrators can use the OpenFlow switch to develop a programmable interface to dynamically process abnormal traffic or attacks on the network.In order to more effectively and accurately deal with abnormal traffic and attack behavior,it is necessary to analyze the behavior of network users.In recent years,the analysis of network user behavior in the large data environment has been studied by more and more scholars and organizations.By analyzing the behavior data of network users,we can find the behavior characteristics of network users and prevent potential threats.Security policy.In this paper,SDN network architecture and data mining technology,the design of a SDN firewall system.Some firewall functions are implemented with SDN switch,and two kinds of data mining methods,statistical analysis and cluster analysis,are used to analyze the network user behavior data.The behavior characteristics of the network user and the collective behavior characteristics of the whole network are obtained,and the information of the behavior characteristic is applied to the security strategy.And through the design of firewall algorithm to achieve the automatic dynamic deployment of security policy.Finally,the system is validated by dynamically setting the user port bandwidth and deploying two instances based on the identity type policy.Among them,the former verifies the system automatically deploy dynamic security policies and the ability to deal with abnormal traffic.The latter verifies the feasibility of applying the network user behavior analysis results to the security policy.