Design And Implementation Of SDN Security Penetration Test System

The concept of self-defined software(SDN)has been proposed,and software-defined network technology has developed rapidly,gradually replacing the traditional network architecture with a new network architecture.As early as 2012,Google used SDN technology on the internal backbone of Google's data center,which indicates that the commercialization of SDN has begun.However,with the rapid development of SDN networks,many vulnerabilities in SDN have gradually been exposed,and the security of SDN networks has received increasing attention.If you want to build an SDN network security building,you first need to know what vulnerabilities are in the SDN network.Since the industry has not yet developed a flexible and scalable security testing tool that covers the entire SDN,this article starts from two perspectives of verification of known vulnerabilities and discovery of unknown vulnerabilities,researches,designs,and implements SDN network security The SDN network test system was evaluated,and the current SDN was systematically evaluated.main tasks as follows:(1)The vulnerability of the current SDN is studied,and more then 30 kinds of vulnerability scenarios and vulnerability principles are described in detail,and a security verification system based on a vulnerability knowledge base is designed and implemented.Generate different attack scenario structures for different vulnerability tests.Use this system to test five mainstream SDN open source controllers: ONOS,OpenDaylight,Floodlight,Ryu and Pox,test Open vSwitch,and make security assessments on the application and control layers covered by the five controller The security assessment of the infrastructure layer and southbound interfaces covered by the OpenFlow protocol and OpenFlow switch Open vSwitch.(2)The principle of software vulnerability discovery is studied.In order to mine more security holes in the SDN network,a fuzzing test system for SDN network elements based on interactive state diagrams is designed and implemented.The system is designed based on the fuzzing test principle,and strives to automate vulnerability discovery.The system automatically generates more than 2,000 test strategies based on the OpenFlow protocol and four operations of delay,repeat,modify,and discard to guide the test.This solution controls the test process based on the interactive state diagram,and controls different test processes for different test strategies.The system was tested against five open source controllers,ONOS,OpenDaylight,Floodlight,Ryu and Pox,and Open vSwitch,and found vulnerabilities in various SDN.