| With the development of Internet,there are more and more types of users' demand for Internet services,but services that meet different needs are deployed to the same underlying physical network,which significantly affects the performance of the network and can't guarantee the quality of the service.Network virtualization(NV)technology provides an effective way to overcome the rigidity of the Internet.The main idea of NV is that the Internet will be divided into multiple virtual networks(VNs)and all VNs share the same underlying physical network sources,but there are different applications,services and architecture to meet the various technologies deployment and applications.Although NV technology has greatly improved the flexibility of the network and diversity of applications,and is able to meet the requirements of users to the greatest extent,some new problems will occur because of multiple VNs sharing the same underlying physical resources.The main problems are:(1)the homogeneity of the underlying physical devices will lead to common vulnerabilities,so the reliability of VNs is greatly reduced;(2)VNs share the same underlying physical resources,facing the threat of Cross-VN Attacks,so there are great security risks in privacy information of VNs.Aiming at the above problems,this dissertation is supported by the Innovative Research Groups of the National Natural Science Foundation of China(No.61521003)--“Research on the Basic Theory of Mimic Defense for Cyber Space”,and utilizes the dynamics,heterogeneity and redundancy of proactive defense to enhance the reliability and effectively ensure the safety for VNs.The main research contents are as follows:1.Focused on the common vulnerabilities caused by the heterogeneity of physical devices,we propose a Heterogeneous-Backup Virtual Network Embedding method.Firstly,the redundant and backup physical resources are only provided to critical virtual machines so that the method can save the overhead of backup resources.Then,in order to improve reliability of the VNs,substrate nodes corresponding to the primary and backup embedding of each virtual machine must be heterogeneous.Finally,we will minimize the total cost of provisioning bandwidth on the substrate links for the total virtual network as the objective function to further save the overhead of backup resources.Simulation experiments demonstrate that the proposed approach is able to have an average increase of 19.8% over the Homogeneous-Backup Virtual Network Embedding methods in the reliability of the VNs.2.For the existing defense approaches based on dynamic migration of virtual machine having long convergence time of migration algorithm and high migration cost,a dynamic migration of virtual machine based on security level is proposed.Firstly,using security level classification of virtual machines is to reduce the number of migrating virtual machines.Then the corresponding virtual machines embedding strategy is to reduce the frequency of virtual machines migration.Compared with the existing defense approaches,the proposed approach reduces an average of 10.9% in the VNs mapping success rate,but there is an average reduction of 65.87% in the convergence time of the virtual machine migration algorithm,and the average increase speed of the migration overhead is reduced by 61.02% in terms of migration overhead of the virtual machines per 500 time units.3.For the existing defense method based on random routing and multi path redundancy,there is a low success rate of VN mapping and low utilization of network resources.We propose a dynamic migration of critical virtual links based on coexisting awareness.Firstly,setting ratio of critical virtual links is to reduce the number of virtual links migrated.Then the corresponding virtual links embedding strategy is to reduce the migration frequency of virtual links.Experiments show that the method ensures the security of link transmission information under the premise of guaranteeing the success rate of virtual network mapping and the utilization of network resources. |
PDF Full Text Request