| Software-Defined Networking(SDN)has become the trend of future network development due to its programmability and open,flexible features.As the core component of the SDN network function,the controller plays an extremely important role and position,which also becomes the focus of cyber attacks.Once the controller is hijacked,the attacker can modify the flow rule to control the network flow behavior and pose a serious security threat.For the SDN controller security problem,existing solutions still have passive and static defects.They are mostly used to improve the availability of the control layer and cannot effectively prevent the controller from being hijacked and controlled.Especially,they are still underpowered in the face of the Advanced Persistent Threat(APT)launched by zero-day exploits,system backdoors,etc.Based on the theory of Mimic Defense,this paper aims to construct an active defense mechanism for SDN controllers.Through the heterogeneous multi-controller architecture and dynamic defense strategies,we enhance the dynamics and uncertainty of the controller towards cyber adversary,increase the complexity for attackers to hijack controller using system vulnerabilities,and thus improve the controller's security,reliability,and defense flexibility.The main contents of this thesis are as follows:1.For the problem of passiveness and static defects of existing controller security solutions,a proactive defense mechanism based on heterogeneous multi-controller is proposed,and in which a scheduling algorithm is established based on dynamicity and diversity to shuffle the sub controllers.Simulation compares various scheduling strategies and results show that the proposed algorithm can effectively improve the controller's ability to resist attacks,and avoid the problem of local extremum of scheduling at the same time.2.Aiming at the problem of defense strategy determination in different state for controller proactive defense,a Markov game model is established to analyze the dynamic and multi-phase states of the game for controller.We also determine the optimal defense strategy based on the theory of game equilibrium and analyze the security as well as the defense countermeasures towards different attack paths based on controller vulnerabilities through simulations.3.In response to the evolving attacks,the dynamic and proactive defense can significantly increase the difficulty of controller hijacking.However,active defense inevitably generates a certain defensive cost,and there are problems in terms of defensive efficiency in the face of different types of attack.By establishing a security benefit and defense cost model in the active defense process of controller,a mechanism based on Enhanced Learning algorithm is designed to determine the adaptive defense strategy against different types of attacks and different defensive cost bias of the defense system.Simulation compares several types of defenders of different biases and results verify that the balanced defense strategy can reduce unnecessary cost of active defense,improve defense efficiency and flexibility. |
PDF Full Text Request