Research And Implementation Of Intrusion Prevention System Based On SDN Framework

With the development of network technology,the traditional network architecture is becoming more and more difficult to meet the growing needs of the network.In order to solve the problems faced by traditional network architectures,researchers have proposed the Software Defined Network(SDN)architecture.The features of decoupling of control and data plane,centralized control and programmability make SDN more flexible than traditional network architecture,so SDN is seen as the future direction of the evolution of the network.However,SDN also faces network security issues.This paper seeks to build a defense system with intrusion detection,automatic response and flexible decision-making on the basis of the SDN framework.The work of this paper mainly includes the following aspects:First of all,this paper designs an intrusion prevention model based on SDN framework after analyzing the characteristic of SDN architecture and the strengths and weaknesses of traditional network security protection technology.The model uses detection network to detect network data in order to reduce the load of SDN controller,and introduces threat assessment technology to enhance automatic decision-making ability of the model.Then this paper designs a threat assessment scheme based on alert analysis after referring to the related network security technology.The scheme obtains the threat assessment result of one alert through the processing steps including reliability assessment,alarm merger,association analysis and threat quantification.The SDN security application can make different defense strategies according to the result of the threat assessment,and in this way,the model realizes the flexible adjustment of the intrusion prevention measures.Finally,this paper designs and implements the intrusion prevention system based on SDN framework according to the above model.To test the system function,a SDN experiment platform was built.The result of the experiment shows that the system designed in this paper can realize the automatic response to intrusion,and has a certain degree of automatic decision-making ability.