通信学报 ›› 2017, Vol. 38 ›› Issue (10): 102-112.doi: 10.11959/j.issn.1000-436x.2017202

• 学术论文 • 上一篇    下一篇

基于OpenFlow的网络层移动目标防御方案

胡毅勋1,郑康锋1,杨义先1,2,钮心忻1,2   

  1. 1 北京邮电大学网络空间安全学院,北京 100876
    2 贵州大学公共大数据国家重点实验室,贵州 贵阳 550025
  • 修回日期:2017-07-08 出版日期:2017-10-01 发布日期:2017-11-16
  • 作者简介:胡毅勋(1988-),男,江苏苏州人,北京邮电大学博士生,主要研究方向为网络安全、蜜网、SDN。|郑康锋(1975-),男,山东烟台人,北京邮电大学副教授,主要研究方向为网络与信息安全。|杨义先(1961-),男,四川盐亭人,北京邮电大学教授、博士生导师,主要研究方向为信息安全与密码学。|钮心忻(1963-),女,浙江湖州人,北京邮电大学教授、博士生导师,主要研究方向为信息安全、数字内容及安全。
  • 基金资助:
    国家重点研发计划基金资助项目(2017YFB0802703);国家自然科学基金资助项目(61602052)

Moving target defense solution on network layer based on OpenFlow

Yi-xun HU1,Kang-feng ZHENG1,Yi-xian YANG1,2,Xin-xin NIU1,2   

  1. 1 College of Cyberspace Security,Beijing University of Posts and Telecommunications,Beijing 100876,China
    2 State Key Laboratory of Public Big Data,Guizhou University,Guiyang 550025,China
  • Revised:2017-07-08 Online:2017-10-01 Published:2017-11-16
  • Supported by:
    The National Key Research and Development Program of China(2017YFB0802703);The National Natural Science Foundation of China(61602052)

摘要:

为在网络攻防博弈中占据主动地位,利用OpenFlow网络结构提供的网络灵活性,提出一个基于OpenFlow的网络层移动目标防御方案。在网络层,通过对防护区域内通信中的每一跳网络地址进行伪随机变换,对跨区域网络通信的出口端口进行伪随机映射,从而实现通信节点的隐藏以及网络结构的保护。实验表明,该方案有效可行。相比于现有移动目标防御方案,该方案易部署、兼容性好,并实现了节点全网的通信保护。

关键词: 主动防御, OpenFlow, 移动目标防御

Abstract:

In order to take an active part in network attack and defense,a moving target defense solution on network layer based on OpenFlow was proposed,using the flexibility of network brought by OpenFlow network architecture.On the network layer,through mapping the correspondent nodes’ addresses to pseudo-random virtual addresses in the LAN and mapping correspondent nodes’ ports to virtual ports,achieving the hiding of correspond nodes in the whole network and the information of network architecture.Researches verify the system’s effectiveness.Comparing with existing moving target defense solutions,the proposed algorithm can be deployed easily in the traditional network,and realize comprehensive protection of the corresponding in the whole network.

Key words: active defense, OpenFlow, moving target defense

中图分类号: 

  • TN915.08