| Software Definition Network (SDN) proposes the separation of data plane and control plane, which solves the issues of high reliability,expansibility and flexibility in traditional network. However, its innovation in business brings new security challenges. In the SDN controller, the business control and security control are highly interdependent. The security of the whole network is controlled by the flow table and this mechanism needs to be improved. All the security control can only reach the data forwarding layer. There is no direct interaction with the security device or the node, so that the security control capacity is limited.The purpose of this research is to optimize the security control ability of SDN network. This paper decouple the business and security in the control layer so as to minimize their mutual influence, and purpose the security control technology based on the combination of flow and agent-based research. This paper design and implement the node security control architecture of SDN network, and improve some existing security control mechanism and technology to make a depth protection of SDN network node. The specific work of this paper is as follows:1) A new SDN node security control architecture is proposed. The security controller is responsible for the security related problems completely independent of the security controller. 2) Propose a flow control-based node security control technique by sFlow flow acquisition,sFlow-RT flow detection and SDN controller northbound interface call to change flow table rules. 3) The deployment of the security agent in the SDN network nodes is proposed to monitor its local state. The security control is deployed through the security agent and the security services. 4)The experimental verification network is deployed and functionality of each module is verified. The flood attack is simulated to verify the rationality and reliability of the SDN node security control architecture. |
PDF Full Text Request