Research And Implementation Of Trusted Network Technology Based On SDN

The development of computer networks has brought a lot of convenience to daily work and life.At the same time,as the demand for networks has grown dramatically,more and more security problems have also been exposed,such as lack of security authentication when the user accesses the network,malicious attacks on the network,and computer viruses.Network trustworthiness is already a basic requirement for users.Researchers can transform the existing network architecture trustworthiness,or propose a new security architecture around trusted network technology.These two ways can improve the credibility of the network.The establishment of network credibility is based on the perception and centralized control of the global network,breaking the limitations of the traditional network architecture,and putting forward the new network trusted architecture has also become a priority research topic.The Software Defined Networking(SDN)was first proposed by Stanford University as a new network architecture that reconstructs the traditional network architecture and decouples the data forwarding and logic control functions of the forwarding devices in the traditional network architecture through control functions.Achieve centralized control,and through its open user programming interface to achieve network programmable and fine-grained control of network resources.The advantages of SDN technology for network programmable ability,the capability of manage data flow and scheduling capabilities will bring some influence to the research of trusted network technology and its architecture.This thesis designs and implements a trusted network system based on SDN's programm ability and centralized control features for common network attacks such as ARP,DHCP,and DDoS attacks,as well as on-demand communication problems that need to be implemented in the network.It includes network security defense subsystems and ACL control subsystem.The network security defense subsystem detects and defends against common attacks based on the OpenFlow network flow in the SDN,performs security authentication when the user accesses the network,and effectively prevents and tracks ARP attacks without changing the workflow of the ARP protocol.The combination of active measurement and passive measurement extracts the traffic characteristics of DDoS attacks and uses the K-CUSUM algorithm to detect them.Finally,the SDN technology is used to implement the queue rate limiting of attack flows.Due to the low real-time performance of CUSUM algorithm in detecting low-intensity DDoS attacks,this thesis will consider the strength of attack and improve it.Therefore,the improved K-CUSUM algorithm is used to detect DDoS attacks.The ACL management and control subsystem implements on-demand communication in the LAN based on the network layer and transport layer protocols,and performs fine-grained control over the communication requests of both parties.Finally,this article introduces the Floodlight controller,Mininet network simulation platform and other tools,builds the OpenFlow network simulation environment,performs functional tests on the SDN-based trusted network system,and analyzes the results.