| With the expansion of network,the defects of traditional network architecture become more and more serious,such as low maintenance efficiency,complex deployment strategy and numerous network equipment.Software-defined Networking(SDN)simplifies network man-agement and provides more applications.However,sensitive information leakage has not yet been resolved when data is transmitted in SDN.Especially when SDN is deployed on Internet Exchange Point(IXP),interdomain participants want IXP to ensure that other participants are not aware of their routing policies.Multiple paths being transferred randomly can hide the real transmission path of sensitive information.In addition,deep learning is used to disguise sensi-tive traffic characteristics and ensure the privacy of sensitive information between domains.To solve the above problems,this thesis proposes a privacy protection method based on multi-path for data transmission,which can randomly assign a path for the transmission of sensitive information.Furthermore,a traffic camouflage method is proposed by using deep learning.The sensitive traffic is disguised as normal traffic and transmitted over multiple paths.It is difficult for an attacker to collect traffic to analyze sensitive traffic and its transmission path.The main contributions of this thesis are summarized as follows:(1)We propose a multipath random transmission method for privacy protection in intra-domain.This method uses randomization to solve the leakage of sensitive information during data transmission.Firstly,a data transmission model is established.The method is divided into three stages: path searching,path filtering and random distribution.A path-finding algorithm based on depth traversal is proposed.The trusted path is obtained by filtering the constraint con-ditions,and the random path selection algorithm is designed to select one path for the sensitive data.Furthermore,an optimal threshold selection model is proposed.Considering the corre-lation of several parameters,the model can calculate the optimal threshold,so as to minimize the probability of path being attacked.Finally,experimental results verify the effectiveness and feasibility of the method.On the Mininet platform,we built a multi-path transmission scenario in SDN,and verified the influence of the threshold on the probability of path being attacked.When the threshold is optimal,the time delay and other performance of the multipath trans-mission method are evaluated,and its privacy performance is analyzed by analyzing the traffic similarity of multiple transmissions.(2)We propose a traffic camouflage method for privacy protection in inter-domain.This method uses deep learning to establish a Supervised-VAE model so that sensitive traffic char-acteristics are subject to the same distribution as normal traffic characteristics.Combined with the multi-path transmission,it confuses the judgment of the attacker,and the accuracy of the classifier used by the attacker is reduced.Finally,experimental results verify the effectiveness of the method.The inter-domain transport system was built on Mininet.We evaluated the mul-tipath performance and traffic camouflage performance respectively.With the increase of the number of sensitive streams,this method can effectively reduce the classification accuracy(the accuracy of DNN decreased from 89.75% to 67.83%,and the accuracy of NB decreased from72.54% to 41.17%).Compared with other methods,we have the most obvious influence on classification accuracy.(3)We design and implement a multi-path transmission system in SDN based on Mininet.According to the concept of modular program design,we design multi-path transmission mod-ule,traffic camouflage module and system interface.In Mininet,inter-domain and intra-domain network topologies are built,and Ryu controller and OpenvSwitch switch are used to realize multi-path transmission and traffic camouflage.The system interface shows the information of the AS,network topology and traffic in the inter-domain. |
PDF Full Text Request