Research On Meta-security Function Combination Method Based On NSFV Technology In SDN Environment

With the development of computer technology,people pay more and more attention to network security.However,the traditional network protection technology cannot meet people's network security needs due to its shortcomings of poor flexibility,poor scalability and high cost.Therefore,it is a significant research direction to study how to apply emerging network technologies to the field of network protection to make up for the deficiencies of traditional network protection technologies.Based on Software Defined Network(SDN)and Network Security Function Virtualization(NSFV),this paper studies the meta-security function combination problem and a security protection system integrating meta-security function combination technology is designed.The security protection system can provide protection services by combining the global state of the network and user-specific customized requirements.Specifically,the research work of this paper is as follows:1)In SDN environment,a security protection system is designed based on NSFV.The security protection system introduces modules such as security function virtual machine pool and automatic host management,and combines the advantages of SDN and NSFV.Compared with traditional network protection,it has better flexibility,scalability and lower cost.2)Based on Trie,a security service chain selection algorithm is proposed,which can quickly select the most suitable security service chain from the security services provided by the system according to the combination of users' meta-security function requirements and QoS parameters.3)The security protection system is adopted to intercept simulated DDoS attack traffic;Through three groups of experiments,it is proved that the security service chain selection algorithm proposed in this paper takes less time than the traditional selection algorithm when reaching the same result,especially when the number of security protection instances increases,the time consumption of the traditional selection algorithm increases exponentially,while the security service chain selection algorithm can maintain a linear level growth.