Research On Intrusion Prevention And Forensics Technology In SDN

SDN(Software Defined Networks)realizes the separation of the network control plane and the data plane.The characteristics of centralized control and programmability make the network management more open and flexible.The management costs are also reduced.It should also be noted that this new network architecture not only subverts the management and deployment methods of traditional network,but also bring new security threats and challenges,such as single-point-of-failure and network attack.To solve these threats,traditional solutions such as intrusion prevention technology still work in SDN environment.But it also faces issues such as single-point detection,low resource utilization and high deployment costs.Meanwhile,in the process of intrusion prevention,how to accurately locate the attack source and establish of the attack path of attack packet are urgent problem to be solved.In view of the problems above,an intrusion prevention and forensic method for SDN is present in this paper.Taking advantage of the feature of centralized control plane and programmable open interface,the proposed intrusion prevention module is deployed on the SDN controller.An intrusion prevention module can monitor multiple border switches which reducing the deployment costs.In order to improve the overall utilization of system resources,this paper proposes a slicing-based load optimization technology which combined with the network virtualization technology.A path map algorithm based on the flow table is also proposed to find the forward and reverse paths of traffic quickly and accurately in the network.The main contents of this paper include:(1)Investigated the intrusion prevention and forensic technology to SDN,and analyzing their strengths and weaknesses.(2)Compared the traditional intrusion prevention and forensics scheme,this paper put forward the architecture of intrusion prevention and forensics system deployed on the SDN controller combining with the characteristics of OpenFlow.(3)Designed intrusion prevention module that includes classifier,detection pool and control agent;designed the load optimization technology based on slicing combining virtualization technology;designed the control strategy of the control agent.(4)Contrasted the network forensics method in traditional method and SDN environment,and proposed a flow-table based path map algorithm with the help of topology aware in Floodlight controller and flow entry collection methods..(5)Verified the feasibility of intrusion prevention and forensics technology in SDN,and the effectiveness of the algorithm was verified either.