Security Research Of Time Service Platform Based On Software-defined Security

Time synchronization is the basis of many applications,these applications usually have certain accuracy requirements for time synchronization.The existing timing methods can be divided into land-based radio timing,satellite-based timing and network timing.With the development and deployment of new technologies such as 5G and the Internet of Things,more and more indoor devices have timing requirements.These devices will have high costs when using satellites or land-based timing systems,so achieving accurate networks Timing is of great significance to the application of these new technologies.As a basic service,security issues of network time services will become more and more prominent with its widespread application,because malicious attacks on network time services may endanger the reliability of equipment and services.In recent years,Software-Defined Network(SDN)and related technologies have developed rapidly.SDN network separates data plane and control plane.Network intelligence is centralized in software-based SDN controllers that maintain a global view of the network,which enables flexible scheduling and management of the network.Software-Defined Security(SDSec)draws on the idea of SDN data plane and control plane separation to centralize security management and control.SDSec architecture delivers security functions in software,making scheduling between security devices more flexible and controllable,and security functions easier to expand and improve.This paper studies the security of the time service platform and designs a security solution for the time service platform based on SDSec.The specific work is as follows:(1)Designed a security overall scheme based on SDSec for the time service platform.A security controller is added to the control plane,and a modular design is used to obtain time and network information by interacting with the time controller and network controller to provide a basis for attack monitoring.(2)This paper aim at the main security threats of network time synchronization,we proposed an algorithm for monitoring delay attacks using the network and timing information available to the security controller.The algorithm can effectively detect delay attacks with different attack strategies.Considering the importance of time synchronization,this article discusses how to prevent from delay attacks,proposes using disjoint alternate communication paths to mitigate delay attacks,and compares two strategies for choosing alternate paths.This article has carried out experimental verification on the monitoring and prevention methods of delay attacks,which proves the feasibility.(3)This paper evaluated the impact of distributed denial of service attack(DDoS)attacks to the time service platform,and discussed how to prevent DDoS attacks without additional symmetrical delays.By acquiring flow table information in the network,we propose a method of monitoring DDoS attacks in the network is proposed,including data acquisition and preprocessing,feature extraction,and classification of abnormal and normal traffic using the Gradient Boosting Decision Tree(GBDT)algorithm.In terms of accuracy,detection time and some other indicators,it is superior to commonly used self-organizing maps(SOM)algorithms.