{"title":"基于路径跳变的SDN网络防御技术","authors":"Liancheng Zhang, Qiang Wei, Kejun Gu, Huiqiang Yuwen","doi":"10.1109/FSKD.2016.7603498","DOIUrl":null,"url":null,"abstract":"In order to enhance the ability of software defined network (SDN) proactive security protection, this paper puts forward a path hopping based SDN network defense (PH-SND) technology. PH-SND technology models the path hopping problem as a constraint solving problem, and utilizes satisfiability modulo theory solver to obtain multiple paths, which satisfy overlap and capacity constraints. According to the path hopping strategy and specific hopping slot, SDN controller installs corresponding flow entries into all OpenFlow switches along every path, and these switches can then use these flow entries to properly forward the corresponding protected flow, and randomly change the address and port information of this flow, which can not only realize random path hopping, and can also effectively hide original address and port information of both communication sides. Theoretical analysis and experimental results show that this proposed PH-SND technology can not only achieve transmission path hopping and address and port random hopping along every transmission path with a comparatively small communication delay and can also improve proactive security protection capability to resist network interception and analysis attack.","PeriodicalId":373155,"journal":{"name":"2016 12th International Conference on Natural Computation, Fuzzy Systems and Knowledge Discovery (ICNC-FSKD)","volume":"115 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":"{\"title\":\"Path hopping based SDN network defense technology\",\"authors\":\"Liancheng Zhang, Qiang Wei, Kejun Gu, Huiqiang Yuwen\",\"doi\":\"10.1109/FSKD.2016.7603498\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In order to enhance the ability of software defined network (SDN) proactive security protection, this paper puts forward a path hopping based SDN network defense (PH-SND) technology. PH-SND technology models the path hopping problem as a constraint solving problem, and utilizes satisfiability modulo theory solver to obtain multiple paths, which satisfy overlap and capacity constraints. According to the path hopping strategy and specific hopping slot, SDN controller installs corresponding flow entries into all OpenFlow switches along every path, and these switches can then use these flow entries to properly forward the corresponding protected flow, and randomly change the address and port information of this flow, which can not only realize random path hopping, and can also effectively hide original address and port information of both communication sides. Theoretical analysis and experimental results show that this proposed PH-SND technology can not only achieve transmission path hopping and address and port random hopping along every transmission path with a comparatively small communication delay and can also improve proactive security protection capability to resist network interception and analysis attack.\",\"PeriodicalId\":373155,\"journal\":{\"name\":\"2016 12th International Conference on Natural Computation, Fuzzy Systems and Knowledge Discovery (ICNC-FSKD)\",\"volume\":\"115 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"12\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 12th International Conference on Natural Computation, Fuzzy Systems and Knowledge Discovery (ICNC-FSKD)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/FSKD.2016.7603498\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 12th International Conference on Natural Computation, Fuzzy Systems and Knowledge Discovery (ICNC-FSKD)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/FSKD.2016.7603498","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
In order to enhance the ability of software defined network (SDN) proactive security protection, this paper puts forward a path hopping based SDN network defense (PH-SND) technology. PH-SND technology models the path hopping problem as a constraint solving problem, and utilizes satisfiability modulo theory solver to obtain multiple paths, which satisfy overlap and capacity constraints. According to the path hopping strategy and specific hopping slot, SDN controller installs corresponding flow entries into all OpenFlow switches along every path, and these switches can then use these flow entries to properly forward the corresponding protected flow, and randomly change the address and port information of this flow, which can not only realize random path hopping, and can also effectively hide original address and port information of both communication sides. Theoretical analysis and experimental results show that this proposed PH-SND technology can not only achieve transmission path hopping and address and port random hopping along every transmission path with a comparatively small communication delay and can also improve proactive security protection capability to resist network interception and analysis attack.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
