| Access control is one of the important ways to ensure network security,which can not only prevent illegal users from accessing protected information,but also ensure legal users to access information safely.Due to the limitation of network architecture,the existing network usually adopts static access control method,that is,to realize the authentication of network access by configuring static rules.Although the deployment of static access control method is uncomplicated,it is difficult to adapt to the dynamic changes of network state and user access behavior with granularity and poor flexibility,and lacks the ability to actively resist network risks as well.The global programmable interface is provided by SDN with flexible and dynamic network control.Therefore,this thesis mainly studies dynamic network access control methods based on SDN network technology.There exist many problems such as network state dynamic change,multi-security level and multi-attribute user access control.Therefore,a dynamic access control model of SDN network based on attributes and user trust is designed by using the global and flexible programmable ability of SDN network.More than setting the fine-grained access control policy according to the attributes,this model can also control the users' access according to the trust obtained from the dynamic behavior evaluation.In order to dynamically track and deal with users' illegal and abnormal access behavior,a kind of dynamic evaluation method for users' trust is advanced based on unsupervised machine learning model.Defects of the single model will be compensated in the process of using the model fusion algorithm,to interlock the three models of SelfOrganizing Maps,Local Outlier Factors and Isolation Forest.According to this way,the abnormal score of user access can be evaluated accurately,by which the users' trust degree can be appraised.Finally,it can distinguish the users' credibility on the basis of users' trust and achieve the aim of users' right of network access.Simulation results show that the model can evaluate users' trust accurately and dynamically based on users' access behavior.Because there are various potential security risk factors in the network,it's essential and important to improve the ability of the network to avoid security risks.This thesis makes use of the advantages of SDN technology in the aspect of routing control,combined with the network state information perceived by the controller.And a risk-aware dynamic routing algorithm is designed based on AHP.The simulation results indicate that the algorithm can adjust the service route according to the network state,avoid the network risk and enhance the security of the service.Finally,in order to validate the SDN dynamic access control method,a SDN dynamic access control prototype system is developed based on the virtual switch(OVS)and the universal server,which can verify the function and performance of the dynamic access control model and algorithms designed in this thesis.In addition,the prototype system can generate and carry real business data,and can be interconnected with real physical networks,so that the model and algorithm used in the prototype system can be directly applied to the real SDN network. |
PDF Full Text Request