网络与信息安全学报 ›› 2018, Vol. 4 ›› Issue (11): 49-57.doi: 10.11959/j.issn.2096-109x.2018088

• 论文 • 上一篇    下一篇

基于安全分级的网络切片备份与重映射方法研究

孙志勇,季新生,游伟,袁泉   

  1. 国家数字交换系统工程技术研究中心,河南 郑州 450002
  • 修回日期:2018-10-15 出版日期:2018-11-01 发布日期:2019-01-03
  • 作者简介:孙志勇(1994-),男,河南濮阳人,国家数字交换系统工程技术研究中心硕士生,主要研究方向为新一代移动通信网络技术、移动通信网络安全。|季新生(1968-),男,江苏南通人,国家数字交换系统工程技术中心教授、博士生导师,主要研究方向为网络空间安全、拟态安全。|游伟(1984-),男,江西丰城人,国家数字交换系统工程技术中心讲师,主要研究方向为新一代移动通信网络技术、移动通信网络安全。|袁泉(1991-),男,山东青岛人,国家数字交换系统工程技术博士生,主要研究方向为新一代移动通信网络技术、网络功能虚拟化。
  • 基金资助:
    国家自然科学创新研究群体基金资助项目(61521003);国家重点研发计划基金资助项目(2016YFB0801605)

Research on backup and remapping of network slice based on security classification

Zhiyong SUN,Xinsheng JI,Wei YOU,Quan YUAN   

  1. National Digital Switching System Engineering &Technological Research Center,Zhengzhou 450002,China
  • Revised:2018-10-15 Online:2018-11-01 Published:2019-01-03
  • Supported by:
    The Foundation for Innovative Research Groups of the National Natural Science Foundation of China(61521003);The National Key R&D Program of China(2016YFB0801605)

摘要:

在未来5G核心网虚拟化环境中通用的X86服务器使攻击者容易发掘漏洞,底层网络也更易感染和传播病毒,进而造成单个物理节点失效问题,严重影响网络切片的服务性能。首先在现有节点备份和重映射应对方案基础上,考虑节点间的安全约束关系对网络安全性能的影响,提出网络切片中虚拟节点与物理节点的安全参数评估模型,建立虚拟节点与物理节点之间的安全约束关系;然后基于安全参数评估模型选出备份虚拟节点并设计备份映射方法;最后在满足网络时延要求下设计节点重映射机制。实验结果表明,所提方法能够在满足网络切片的服务性能要求下,显著提升网络的入侵容忍能力。

关键词: 网络切片, 服务功能链映射, 备份, 重映射, 可靠性

Abstract:

In the future virtual environment of 5G core network,the general X86 servers make the attackers exploit vulnerabilities more easily,the substrate network is infected with and spreads the virus more easily,and the problem of single physical node failed will affect the service performance of the network slice seriously.Based on the existing node backup and remapping solutions,considering the impact of security constraints among nodes on network security performance,a security parameter evaluation model of virtual nodes and physical nodes were proposed in the network slicing,and the security constraint relationship was established between the virtual nodes and the physical nodes.Then backup virtual nodes were selected based on the security parameters evaluation model,and backup mapping methods were designed.Finally,the node remapping mechanism was designed with satisfying the requirement of network delay.Experiments show that the proposed method can significantly improve network intrusion tolerance with satisfying the requirements of network slicing service performance.

Key words: network slice, service function chain mapping, backup,remapping, reliability

中图分类号: 

No Suggested Reading articles found!