| Software Defined Network(SDN)is a new network architecture that separates control plane from data forwarding plane to support network virtualization.SDN has many advantages,such as the decoupling of control plane and data plane,programmability and scalability.SDN architecture enables the network to monitor traffic and diagnose threats to facilitate network forensics,security policy changes and security service insertion.However,while bringing various advantages,the separation of control and data plane also brings new security challenges.In terms of architecture,because of the core position of the controller in SDN,there are attacks against the vulnerability of the controller.From the perspective of attack implementation techniques,diversified means of attack have emerged,such as man-in-the-middle attack,denial-of-service(DoS)attack and saturation attack.To solve these problems,this thesis proposes a block chain-based SDN security algorithm,and a trust-based strategy selection method for DoS attacks in SDN.Finally,the effectiveness of the proposed scheme is proved by simulation.The main work in this thesis is as follows:(1)For the security problems of DoS attack,illegal access and single point failure existing in SDN,in order to improve the security and efficiency of SDN control plane,this thesis takes distributed SDN as the basic framework,and intelligently distributes the controllers in different geographical locations to alleviate ‘single point failure' problem.Blockchain technology is used to build a readable,addable and unmodifiable distributed database on SDN controllers to maintain the record list of blocks.An efficient and secure consensus algorithm SPBFT(Simplified Practical Byzantine Fault Tolerance)is proposed to validate the messages of blocks.And an analysis model is established to analyze the security and performance of the proposed algorithm.The simulation results show that compared with the original algorithm,the security and efficiency are significantly improved.(2)Based on the principle of DoS attack,this thesis proposes a trust-based DoS attack strategy selection mechanism.Firstly,the weight of each index of DoS in SDN are divided by using the Fuzzy Analytic Hierarchy Process(FAHP).Then,the final comprehensive trust is evaluated based on direct trust,indirect trust and user trust.Finally,game theory is used to analyze the different strategies of attackers and defenders in DoS attacks.The simulation results show that the trust-based strategy selection mechanism proposed in this thesis can effectively defend against DoS attacks and save defense resources.(3)Building the SDN network security system,simulating and analyzing the mechanism.In this thesis,SDN network is protected by setting up simulation environment,building network scale and adopting simple security mechanism.The results show that the SDN security scheme can effectively improve the safety of the whole network and achieve the expected objects. |
PDF Full Text Request