Design And Implementation Of Network Hopping Strategy Based On SDN

With the development of information technology,the Internet has gradually played an increasingly important role.Maintaining Internet security is of great significance in safeguarding national security and people’s property.Due to the deterministic and static nature of network architecture,network security defense has been in a disadvantageous position for a long time in network attack and defense.The passive and delayed defense strategies of traditional security defense methods are also difficult to deal with increasingly advanced and persistent network attack methods.To change this situation,countries have begun to look for defense technologies that "change the rules of the game".Moving Target Defense(MTD)is one of the key technologies,it aims to give dynamic and uncertainty to the defense system,and change the attack surface of the defense system through irregular policy implementation,thereby increasing the difficulty and cost of the attack.The characteristics of Software Defined Network(SDN)provide support for MTD to flexibly implement system attribute transformation.Therefore,this paper proposes and implements address hopping technology and routing path hopping technology based on SDN by using the network layer MTD technology and finally combines the proposed address hopping and route hopping technology to realize cooperative hopping.Aiming to prevent network scanning,network eavesdropping,and other attacks in the network reconnaissance stage through the transformation of network attribute elements,and effectively improve the defense effect.The main research contents of the paper include:1.Aiming at eavesdropping and scanning attacks,we propose a moving target defense method based on double address hopping.Through the network management capability of the SDN controller,two virtual addresses are allocated to the hosts in the network.While the low-frequency virtual addresses ensure the quality of communication service,the high-frequency virtual addresses improve the network’s ability to resist eavesdropping attacks.Combining the ideas of passive detection and network deception,the SDN controller is used to detect the abnormal communication behavior of the host and construct deception packets to confuse and block scanning attacks.2.Aiming at eavesdropping attacks,we propose a random routing defense method based on dynamic path weights.It obtains a global view through the SDN controller,judges important nodes in the network topology with network centrality,reduces the probability of important nodes appearing in path selection,and disperses communication traffic into multiple communication paths,improving the difficulty and cost of eavesdropping attacks.It obtains the network status through the SDN controller,dynamically adjusts the weight of the routing path,avoids link congestion,and improves the availability of route hopping.3.Aiming at eavesdropping attacks,we effectively combine the proposed address hopping and routing path methods,proposing a mobile target defense method based on cooperative hopping.Through the cooperative work of addresses and routes,the communication data in the network is more dispersed,which further increases the difficulty of the attacker to carry out eavesdropping attacks on the target network,and improves the active defense capability of the system.