摘要
传统的网络防御技术主要是研究静态的、被动的防御手段.针对目前现有网络安全态势具有"易攻难守"的特点,充分利用软件定义网络的控制与转发分离、网络可编程等新特性,设计了一个针对动态网络移动目标防御的动态防御策略方案,提出了一种基于设备指纹识别技术的防DDoS攻击策略.在开放源码的SDN控制器Floodlight上进行了实验,验证了该防御方法的可行性.实验结果还表明,当控制器和转发设备的开销增加时,攻击者的CPU开销增加很大,大大提高了攻击者的攻击难度.
The traditional network defense technology mainly studies the static and passive defense means. Aiming at the current network security situation, which is easy to attack but difficult to defend, and making full use of the new characteristics of software defined network, such as the separation of control and forwarding, network programmability and so on, a dynamic defense strategy for dynamic network mobile target defense is designed in this paper, and an anti-DDoS attack strategy based on device fingerprint identification technology is proposed. Experiments are carried out on the open source SDN controller Floodlight to verify the feasibility of the defense method. The experimental results also show that when the overhead of the controller and forwarding device increases, the attacker’s CPU overhead increases greatly, which greatly improves the attacker’s attack difficulty.
作者
潘日萍
黄文君
PAN Ri-ping;HUANG Wen-jun(School of Information&Electrical Engineering,Ningde Normal University,Ningde 352100,China;School of Management,Xiamen University,Xiamen 361005,China)
出处
《西安文理学院学报(自然科学版)》
2021年第3期16-21,共6页
Journal of Xi’an University(Natural Science Edition)
基金
宁德师范学院创新团队项目(2018T04):“基于机器学习的未来网络空间安全”
福建省自然科学基金项目(2020J01431):“基于SDN与强化学习的物联网微服务的自动编排方案研究”。
