Research On SDN Controller Vulnerability Detection Technology Guided By Event Feedback

Due to the high complexity of traditional network configuration,software defined network(SDN)emerges as the times require.It has three advantages: separation of control and forwarding,centralized control and programmable architecture,which brings great flexibility to network management.However,SDN also has security risks.Centralized control not only makes the network intelligent,but also brings the problem of single point of failure.Programmability makes it easy to formulate control logic,but also reduces the difficulty of attack.The further development of SDN needs security as a guarantee,and comprehensive security testing is needed before deployment.In the SDN architecture,the controller is in the core position,and its security is related to the normal operation of the whole network.Therefore,the security test of SDN focuses on the vulnerability detection of the controller.At present,the research on SDN security can be divided into two categories: attack and defense research on a certain type of SDN security vulnerability and SDN security test scheme design.These works are of great value to improve the security of SDN,but the former is more dependent on the experience of researchers,and has low efficiency in unknown vulnerability detection.Therefore,it is of great significance to study a comprehensive and automated SDN security testing technology.The disadvantage is that the existing SDN security testing scheme has the problems of single testing strategy,few network abnormal judgment indexes and low accuracy,which restrict the efficiency and effectiveness of SDN security testing.In order to solve the above problems,this paper studies the SDN controller vulnerability detection technology based on event feedback guidance1.Aiming at the problem of single test strategy in the existing SDN security detection scheme.This paper proposes a strategy generation method based on threat model,which eliminates the blindness of randomly generating network input and improves the diversity and effectiveness of the strategy.At the same time,the feedback mechanism of policy generation is added to improve the policy according to the handling of controller events in the test process,so as to improve the pertinence of policy test.In order to improve the diversity of test environment,the automatic data plane network construction technology is developed,which can generate different network topologies according to the parameters in the test strategy.2.In order to solve the problem that the existing SDN security detection schemes have few network anomaly judgment indexes and low accuracy,a data plane anomaly detection method based on flow rule analysis is proposed in the data plane.By constructing the data plane state model,defining the abnormal state and analyzing whether there are conflicts and abnormal behaviors in the data plane flow rules,we can accurately detect the anomalies caused by denial of service or flow rule tampering attacks.3.In order to solve the problem that the existing SDN security detection schemes have few network anomaly judgment indexes and low accuracy,a control plane anomaly recognition method based on event flow graph analysis is proposed in the control plane.By constructing the event flow graph of the running process of the controller through the controller instrumentation,we can judge whether there are statistical and structural anomalies,detect the anomalies in the process of event processing,and mine the potential vulnerabilities.4.The SDN security detection system SDNVul is designed and implemented,and its architecture and the specific implementation of each module are introduced in detail.The experimental results show that sdnvul can effectively detect the security vulnerabilities in the controller.Finally,a series of achievements of the system are introduced.