Research And Implementation Of Security Based Linkage Protection System For Space-ground Integration Network

At present,space information plays a critical role in the national development.In this context,the space-ground integration network has been gradually constructed and developed.However,in terms of communication bandwidth,processing capacity and hardware updating,there exists a huge difference between space-based network and ground-based network as a result of the highly heterogeneous and dynamic structural features,which makes the space-ground integration network vulnerable.For the security issues in space-ground integration network,the linkage protection system focused on security is designed and implemented.This system is able to defend attacks near attackers and provide the proprietary protocol used for communicating with security gateways.When a DDoS attack occurs,multi-point cooperative defense is carried out in the security gateways near the attack source,in order to minimize the loss of network resources and lay the foundation for the information security of space-ground integration network.The main contents of this paper are as follows:1)Near-source blocking method based on time-stamp records is proposedWhen packets are forwarded on routes,security gateways record time-stamps and traffic in sliding windows.The security based linkage protection system determines near-source gateways through analyzing the attack information and the log data of traffic,then the system deploys defense strategies.According to the results of feasibility and effectiveness experiments,the method can effectively relieve the pressure of backbone gateway and save network resources on the attack path,without causing excessive memory overhead.2)Derivation based security control protocol is proposedBased on the derivative idea,the protocol divides the security control task into three layers.Each layer coordinates and cooperates with the others,realizing the functions such as data encryption,message authentication and security-mode selection.This protocol provides the communication service between the security based linkage protection system and security gateways.According to the experiment results,this protocol can satisfy the requirements of security and reliability in message transmission.Simultaneously,this protocol reduces the energy consumption of communication.3)Security based linkage protection system is designed and implementedThe security based linkage protection system combines the near-source blocking method and the security control protocol,and also provides other critical functions.For example,online registration and information query of security gateways,analysis of alarm information,authentication and authority management,etc.Besides,it contains user-friendly interface to display the interaction between modules.The successful implementation of this system achieves research tasks,including gateway management and attack defense.