SDN中基于历史信息的负反馈调度算法

doi:10.11959/j.issn.2096-109x.2018047

Abstract

Abstract:

In the current SDN architecture,the controllers suffer from lots of potential attacks.For example,malicious flow rule attacks may introduce fake flow rules to confuse the host.A negative feedback scheduling algorithm based on historical information was proposed,in which hypothesis testing was used to judge the behavior of the attacker and the result will be used as a basis for scheduling.Simulation results and analysis show that,compared with the traditional scheduling methods,the proposed algorithm can increase the attacker’s time cost to a certain extent,so as to effectively defend the attacker’s probe attack.In addition,the more types of controllers,the more difficult it is to break the system.

Key words: dynamic heterogeneous redundancy, negative feedback, active defense

CLC Number:

TP393

Yingying LYU,Yunfei GUO,Zhenpeng WANG,Guozhen CHENG,Yawen WANG. Negative feedback scheduling algorithm based on historical information in SDN[J]. Chinese Journal of Network and Information Security, 2018, 4(6): 45-51.

Figures/Tables 6

References 21

[1]	仝青, 张铮, 邬江兴 . 基于软硬件多样性的主动防御技术[J]. 信息安全学报, 2017,2(1): 1-12.
	TONG Q , ZHANG Z , WU J X . Active defense technology based on hardware and software’s diversity[J]. Journal of Cyber Security, 2017,2(1): 1-12.
[2]	PICEK S , HEMBERG E , O'REILLY U M . If you can't measure it,you can't improve it:moving target defense metrics[C]// The Workshop on Moving Target Defense. 2017: 115-118.
[3]	ADELSBACH A , ALESSANDRI D , CACHIN C ,et al. Conceptual model and architecture of MAFTIA[R]. 2003.
[4]	KEWLEY D L , BOUCHARD J F . Darpa information assurance program dynamic defense experiment summary[J]. IEEE Transactions on Systems,Man,and Cybernetics-Part A:Systems and Humans, 2001,31(4): 331-336.
[5]	邬江兴 . 网络空间拟态防御研究[J]. 信息安全学报, 2016,1(4): 1-10.
	WU J X . Research on cyber mimic defense[J]. Journal of Cyber Security, 2016,1(4): 1-10.
[6]	DESWARTE Y , BLAIN L , FABRE J C . Intrusion tolerance in distributed computing systems[C]// Intrusion Tolerance in Distributed Computing Systems. 2001: 110-121.
[7]	JAJODIA S , GHOSH A K , SWARUP V ,et al. Moving target defense:creating asymmetric uncertainty for cyber threats[J]. Springer Ebooks, 2011,54.
[8]	邬江兴 . 拟态计算与拟态安全防御的原意和愿景[J]. 电信科学, 2014,30(7): 1-7.
	WU J X . Meaning and vision of mimic computing and mimic security defense[J]. Telecommunications Science, 2014,30(7): 1-7.
[9]	JAFARIAN J H , AL-SHAER E , DUAN Q . Adversary-aware IP address randomization for proactive agility against sophisticated attackers[C]// Computer Communications. 2015: 738-746.
[10]	PORRAS P , SHIN S , YEGNESWARAN V ,et al. A security enforcement kernel for Open Flow networks[C]// The First Workshop on Hot Topics in Software Defined Networks. 2012: 121-126.
[11]	CHEUNG S , FONG M , PORRAS P ,et al. Securing the software-defined network control layer[C]// The 2015 Network and Distributed System Security Symposium. 2015.
[12]	FERGUSON A D , GUHA A , LIANG C ,et al. Participatory networking:an API for application control of SDNs[C]// The ACM SIGCOMM 2013 Conference on SIGCOMM. 2013: 327-338.
[13]	SHIN S , SONG Y , LEE T ,et al. Rosemary:a robust,secure,and high-performance network operating system[C]// The 2014 ACM SIGSAC Conference on Computer and Communications Security. 2014: 78-89.
[14]	SHIN S , PORRAS P , YEGNESWARAN V ,et al. FRESCO:modular composable security services for software defined networks[J]. The Network ＆ Distributed Security Symposium, 2013(2): 1-16.
[15]	SHIN S , GU G . Attacking software-defrned networks :a first feasibility study[C]// ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking. 2013: 165-166.
[16]	BERDE P , HART J , HART J ,et al. ONOS:towards an open,distributed SDN OS[C]// The Workshop on Hot Topics in Software Defined Networking. 2014: 1-6.
[17]	LAMPORT L , FISCHER M . Byzantine generals and transaction commit protocols[R]. Computer Science Laboratory Sri International OP, 1982.
[18]	HU H , WANG Z , CHENG G ,et al. MNOS:a mimic network operating system for software defined networks[J]. Iet Information Security, 2017,11(6): 345-355.
[19]	QI C , WU J , HU H ,et al. An intensive security architecture with multi-controller for SDN[C]// Computer Communications Workshops. 2016: 401-402.
[20]	QI C , WU J , CHENG G ,et al. An aware-scheduling security architecture with priority-equal multi-controller for SDN[J]. China Communications, 2017,14(9): 144-154.
[21]	PEARSON K . On the criterion that a given system of deviations from the probable in the case of a correlated system of variables is such that it can be reasonably supposed to have arisen from random sampling[M]. Breakthroughs in Statistics. New York: Springer, 1992: 157-175.

Metrics

Recommended 0

No Suggested Reading articles found!

编号	NOS类型	探测次数
1	Floodlight	χ₁
2	Ryu	χ₂
…	…	…
k	ONOS	χ_k
…	…	…
n	OpenDaylight	χ_n

Negative feedback scheduling algorithm based on historical information in SDN

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 6

References 21

Related Articles 3

Metrics

Recommended 0

[1]	Dequan YANG,Weimin LIU,Zhou YU. Research on active defense application based on honeypot [J]. Chinese Journal of Network and Information Security, 2018, 4(1): 57-62.
[2]	Zhen-peng WANG,Hong-chao HU,Guo-zhen CHENG,Chuan-hao ZHANG. Implementation architecture of mimic security defense based on SDN [J]. Chinese Journal of Network and Information Security, 2017, 3(10): 52-61.
[3]	Jing-qiang LIU,Bin LI,Li-zhang CHEN,Bin CHEN. Research based on the method of Android system active defense without Root permission [J]. Chinese Journal of Network and Information Security, 2016, 2(1): 65-73.