Research And Implementation Of Moving Target Defense Technology In SDN Environment

The rapid development of Internet has brought great convenience and has also initiated various security threats.The traditional network architecture and security defense technology are determined,isomorphic,and static,resulting in the current network in "Easy to attack but hard to defend" security dilemma.To solve the above problems,Software Defined Network(SDN)and Moving Target Defense(MTD)technology have emerged as new network architectures and network security defense technologies,respectively.this method network layer attack and defense technology whose contents of includes MTD principle analysis,MTD model based on Markov dynamic game theory and MTD prototype system in SDN environment,The purpose of the research is to verify the effectiveness of the network layer MTD technology.This method implements the MTD strategy by dynamically hopping IP addresses,service ports and routing paths,confuses the true location of the network target system,and resists network attacks.Taking the behaviors that affect network resources as the game strategy of both parties,combined with the Markov decision process,the MTD model based on Markov dynamic game;The objective criterion function is designed based on the discounted total achieved.Quantitative analysis of multi-state,multi-stage network offensive and defensive games,the optimal defense strategy into NLP2 to solve the optimal value problem,Provide defense strategy for MTD prototype system.Through the analysis of the results,it is verified that the optimal MTD strategy can effectively reduce the attacker's success rate and increase the complexity of the attack.By analyzing the feasibility and requirements of deploying MTD technology in the SDN environment,the MTD prototype system is designed and implemented.The prototype system includes nine functional modules.Among them,the IP hopping module,the port hopping module and the rerouting path module are responsible for implementing the MTD theory.The three modules modify the IP addresses and service ports of the communication parties in the switch in an invisible way.And the communication path,confuse the attacker's detection horizon,and actively defend against network attacks.Finally,MTD prototype system is deployed and tested in the SDN simulation environment.After testing and analysis,the experiment result shown that the implementation of the MTD strategy has little impact on the quality of service of the network;at the same time,it is proved that the IP hopping,port hopping and rerouting path strategies can effectively cut off the network layer IP and transport layer ports from the real target.The correlation between systems maximizes the hidden target system and blocks continuous attacks in the network,Achieved the purpose of this thesis.