The Research And Implementaion Of One Kind Of Moving Target Defense Method Based On Software Defined Network

With the rapid development of Internet technology, network security has received serious attention around the world. Years of network security research and practice show that the cost of network attack and defense is asymmetric, and it is conducive to the attack side. In order to change the current situation that it is easy to attack and difficult to defend,the academy proposed the new concept of Moving Target Defense (MTD)to try to move the attack surface in the unpredictable way, reducing the computer system's static and homogeneous features including the network, increase the cost of the attacker, thus effectively improve network security. The MTD technology require higher mobility of the network. Compared to traditional networks, the Software-defined Networking (SDN) with logic centralized control and programmable features can provide new ideas for the MTD, while its flexible flow table and message mechanism can provide better technical support for the mobility of the network.Through the analysis of the network attack process, the attacker must first complete the intelligence gathering process to continue the next attack. Through the interference of intelligence collection, the attacker will immerse in a cycle of information collection process, so that we can achieve the purpose of protecting the target network. Attackers'commonly used network discovery tools are host discovery, port scanning,fingerprint identification, network topology mapping and network traffic sniffing. Therefore, defense combined with SDN's ability and MTD thought for the above-mentioned network discovery means, can effectively improve the security of the network.In this paper, the development of MTD is analyzed firstly, then the attack surface analysis is carried out for the common network discovery methods, and the SDN based mobile target defense strategy is proposed for these attacks. Finally, with the help of Mininet network simulation tool and SDN controller framework, the simulation system is designed and implemented. The simulation results show the effectiveness of the strategy.