Design And Implementation Of Security Situation Forecast System In SDN Data Plane

Software-defined network(SDN)simplifies network management by separating the control plane from the data forwarding plane.However,plane separation introduces many new vulnerabilities in the SDN data plane.Faced with these new vulnerabilities,the difficulty is to quantify the risk level of the SDN data plane and design risk prediction methods so that proactive measures can be taken to reduce the degree of damage caused by network security incidents.This paper designs and implements a security situation prediction system for network security events on the SDN data plane,which helps to assess and predict the risk level of the SDN data plane.Firstly,in order to clarify the needs of the security situation prediction system,this article analyzes the user business processes,functional requirements,and non-functional requirements of the system to clarify the role of the system and the process and relationship of each function.Secondly,this paper studies the security situation assessment technology in the SDN data plane.Analyzed the security evaluation indicators required by the SDN data plane using the analytic hierarchy process,and calculated the real-time security situation risk value of the SDN data plane based on the three indicators of asset value,system vulnerability,and security event information.Experimental results show that the hierarchical security situation assessment method for the SDN data plane is feasible and reasonable.Thirdly,this paper studies the security situation prediction technology in the SDN data plane.An improved method of particle swarm optimization algorithm is proposed.Standard test functions prove the effectiveness and stability of the improved method.Aiming at the shortcomings of traditional prediction models,an improved particle swarm optimization algorithm is used in combination with a bidirectional long shortterm memory network to propose a security situation prediction model based on long short-term memory networks.Experiments show that this prediction model has higher prediction accuracy and stability.Finally,based on the characteristics of the SDN data plane,an SDN test environment construction method is designed.Based on the security situation assessment technology and prediction model proposed in this paper,a security situation prediction system for the SDN data plane is designed and implemented.System testing proves that the prediction system constructed in this paper can effectively predict the network security situation of the SDN data plane.