Research On OpenFlow-based Cloud Network Security

Research on cloud computing network security monitoring helps create a secure cloud computing network,which will benefits the development of cloud computing and help to protect customers' data security and privacy.In traditional networks,the monitor is generally deployed at the network boundary to monitor external traffic.In order to be able to monitor both external and internal network traffic,OpenFlow-based monitoring came up.OpenFlow technology gives the network programmable capabilities,so that the network can be as flexible as the software programming.By using OpenFlow in cloud networks,all traffic can be routed to the monitor device.Monitoring traffics in cloud becomes more flexible.The existing OpenFlow-based cloud computing network monitoring researches have the following shortcomings:1)previous studies lacks the support for multiple devices of the same kind.They assumes that each type of monitor has only one de-vice.In a large-scale network environment,there may be performance bottlenecks;2)There is no effective collaboration between the monitors so that the monitors work in-dependently.Therefore,aiming at these problems,this paper studies the corresponding optimization and improvement methods based on OpenFlow to further improve the per-formance of the cloud computing monitoring method and enhance its practicality.The contents of the research are as follows:1)First,a new cloud computing network monitoring architecture based on Open-Flow is designed.The openflow-based architecture design includes cloud security de-vice management,security rule management,as well as the algorithm of routing.In cloud security device management,it is free to deploy security devices,not subject to the restrictions of device number.In the aspect of the specification of the monitor-ing rules,the matching rules are represented by the flow table matching items and the concept of "set of devices" are useds.2)Then,three routing algorithms are proposed.The three routing algorithms are:simple path algorithm,modified Prim algorithm and TSP-based algorithm;3)Finally,this paper studies the collaboration between cloud computing security devices.In order to enable the monitor in the cloud computing net-work to cooperate effectively,this paper designs the ochestrator on the basis of SDN.The ochestrator communicates with the monitor and the SDN controller using the REST API.The local data obtained by the monitor can be learned by the ochestrator so that the entire network of monitors collaborate and defend together.In order to verify the feasibility and validity of the proposed method,this paper implements the prototype system based on Ryu and experimented on Mininet.The experimental results show that the monitoring architecture and routing algorithm pro-posed in this paper can support multiple monitor device of the same kind at the same time.These three algorithms hava good performance in both small scale and large scale networks.The ochestrator can make a good collaboration between the monitor so that when an area of the network is attacked,other areas can receive an early warning and can defense in advance.This paper compared with the existing research work,showing that the task pressure of the monitor in the system proposed in this paper is much less than that of using a single monitor system.The prototype system can flexibly monitor the network traffic without reducing the normal working efficiency in the cloud computing network.