Research And Implementation Of Cyber Deception System Based On SDN

With the rapid development of information technology and network communications,people are enjoying the convenience brought to them by the network,and they are also bearing the risks of privacy leakage,data loss and economic loss caused by various attacks on the network.Due to the static and deterministic factors of the network architecture,it is difficult to deal with increasingly complex network attacks.In order to change this situation,countries around the world have launched active defense research one after another,and the technology of cyber deception,which hides the real information of objects,has gradually emerged.This thesis relies on cyber mimic defense and software-defined networks,combines dynamic transmission paths and host identification,studies the related problems of multi-dimensional attribute hopping,and finally designs and implements a software-defined network-based network deception system to verify Related research results.The main research content of the thesis includes:a weight-based routing algorithm,which dynamically changes the path between communication nodes according to the degree of node and traffic as the weight of switch nodes and links,and macroscopically distributes communication traffic relatively evenly across multiple chains In the road,under a certain network scale,the routing algorithm can effectively prevent sniffing attacks without significantly reducing the network transmission performance;a dynamic address hopping mechanism based on host identification is proposed to enable the switch to correctly forward the data flow At the same time,by changing its address information and introducing a lower overhead,the number of host addresses appearing in the data stream increases dramatically,increasing the security of the network;a virtual IP generation algorithm is proposed to address the characteristics of continuous subnet IP segmentation Distribute the host IP to different network segments to effectively resist network scanning attacks.The experimental results show that,compared with traditional routing algorithms,the weight-based routing algorithm reduces the variance of the data packets of each switch by more than 50%under the premise of increasing the delay by no more than 15%;the dynamic address hopping mechanism based on host identification is increasing Under the premise that the delay does not exceed 10%,the number of IP in the communication link is increased to more than 4 times the original.