Research And Implementation Of An IP Mutation Technology Based On SDN Network

The security issues in network communication have drew more and more attention.However,the traditional passive defense methods,such as Firewall,Intrusion Detection and so on,appear to be inadequate for the ever-changing network attack,so the active defense technology has become the focus of network security research.Moving Target Defense is one of the active defense technologies,because of its initiative,dynamic and highly defensive,making it more and more attention to network security researchers.The basic principle of moving target defense is to avoid attack by changing the position of target randomly.As the important branch of moving target defense technology,the IP address mutation technology is based on changing the IP address or port number of the node,which makes it difficult for the attacker to locate the node accurately,thus resisting the attack.As the IP address mutation technology in theory has a strong defense attack capability,so there are a lot of address mutation program has been proposed.However,due to the lack of IP address resources and the poor controllability of routing and forwarding in the traditional network system,and there are some problems such as accuracy and interference in the hopping synchronization,which makes the traditional method of IP address mutation difficult to be applied in the actual network communication and promotion.Software Defined Network(SDN),which is represented by open Flow,has superior control flexibility and programmability due to the separation of its control plane from the forwarding plane,centralized control and high openness,has brought a good platform for the new network technology such as IP address mutation technology research.In this paper,a new method of IP address mutation is proposed by analyzing the principle and shortcoming of current IP address mutation technology.This method adopts a new improved strict time synchronization scheme and a sliding window based jumping strategy.The SDN communication system with IP address mutation function is completed,and test the performance and anti-attack capability of the system.This paper first introduces the background and significance of the research of of IP address mutation.First,the basic principles of common attack methods and active defense methods in several networks are introduced.The common points of these attack methods and the shortcomings of the defense methods are pointed out.The IP address mutation method for network security protection is brought.Secondly,it analyzes the shortcomings of several traditional IP address mutation methods,and introduces the technical structure and advantages of SDN.。introduces the forwarding mechanism of OpenFlow md the security of SDN in detail.it also analyzes the combination of IP address mutation technology and SDN thchnology and a IP address mutation technology based on SDN network is brought.Then,based on SDN technology,an improved address hopping scheme is proposed in this paper.The address calcxilation method and hopping synchronization method are introduced in detail,and the security of the scheme is analyzed.Finally,the new IP address mutation method is implemented on SDN communication system.The implementation of the module is described in detail,including the time synchronization module,the address imitation module and the SDN routing module.At last,we tested the basic performance and anti-attack performance of the SDN communication system.