Research On Dynamic Game Theory Of SDN Based On Active Defense Method

With the rapid expansion of the network scale,the continuous enrichment of network business types,make the running several decades Internet architecture is difficult to support.Besides,with the intricately structure and functions of the Internet,the difficulty increases of network management and control,making it difficult to deploy new features quickly.How to deal with dynamic change in network architecture,become the future network architecture development direction.In order to deal with the development of the network,the Software Defined Networking architecture is proposed.Unlike traditional network architecture,SDN realizes the separation of control plane and data plane,and supports user-level programmable network control.When dealing with network security problems,SDN enables to support users'independent design of dynamic network defense mechanism,by the programmable ability of SDN.Through the emergence of flow analysis and control measures,the SDN have more flexible defense mechanism,especially for significant flow variation characteristics of network attack types.When the attacker wants to attack the SDN network,the defenders of SDN can make active defense measures to respond the attacker,in this moment,how to control the defense costs,the optimization of defense cost is worth considering.Different from traditional networks,as dynamic deployment and Network Function Virtualization appear in the SDN,these advantages make the SDN defense the measures more cost-effective.In this paper,a dynamic active defense decision model based on game theory is proposed.There are two kinds of game model way to optimize the defense costs.Firstly,a Single Stage Dynamic Game model is established.In this model,the attacker is defined as an unknown host in the network,and the defender is the marginal network owner.In SDN,the marginal network owners mainly deploy the defense strategy by configuring the edge router's SDN controller.The attacker's strategy is to attack or not attack,depending on the attack strategy to adjust the intensity of the attack.Based on network status,the defender's strategy is to deploy different levels of defense.The payoff matrix is made by the attacker and the defender.By solving the Nash equilibrium of the Single Stage Dynamic Game,the optimal behavior strategy and benefit of the attacker and defender are obtained.Secondly,a Multi-stage Dynamic Game model is established,which is different from the Single Stage Dynamic Game model,adopt bayesian method to infer attack probability and defense probability in each stage.Attackers and defenders deploy strategies through attack probability and defense probability.By solving the bayesian equilibrium of multi-stage game,the optimal strategy and revenue of the two sides in multi-stage are obtained.On this basis,a SDN optimal defense cost algorithm based on multi-stage dynamic game is designed,and the algorithm is implemented in the simulated SDN controller.Finally,we take the model simulation in the MATLAB R2015b,Mini net and Gambit tools,the experiments show that our proposed dynamic cost optimal defense mechanism can effectively active defense those significant flow changes attack.It can be used for reference for future SDN security research.