通信学报 ›› 2017, Vol. 38 ›› Issue (11): 133-160.doi: 10.11959/j.issn.1000-436x.2017221
王涛,陈鸿昶,程国振
修回日期:
2017-09-21
出版日期:
2017-11-01
发布日期:
2017-12-13
作者简介:
王涛(1993-),男,山东临朐人,国家数字交换系统工程技术研究中心博士生,主要研究方向为新型网络体系架构、网络安全等。|陈鸿昶(1964-),男,河南新密人,博士,国家数字交换系统工程技术研究中心教授、博生生导师,主要研究方向为新型网络体系架构、网络安全、大数据技术等。|程国振(1986-),男,山东定陶人,博士,国家数字交换系统工程技术研究中心助理研究员,主要研究方向为新型网络体系架构、网络安全等。
基金资助:
Tao WANG,Hong-chang CHEN,Guo-zhen CHENG
Revised:
2017-09-21
Online:
2017-11-01
Published:
2017-12-13
Supported by:
摘要:
软件定义网络(SDN,software-defined networking)将传统网络控制平面与转发平面分离,形成集中式的控制器,开放了网络编程接口,简化网络管理,促进网络创新,优化网络运行。然而,SDN的“三层两接口” 架构增加了网络攻击表面,导致诸多新的安全问题。首先,介绍 SDN 发展、特点及其工作原理,继而从应用层、北向接口、控制层、南向接口、数据层等5个层次归纳存在的安全问题,分析产生的原因;其次,针对各类安全问题讨论最新研究进展及现有解决方案;最后,总结SDN当前和未来的安全挑战,并展望未来SDN安全发展方向。
中图分类号:
王涛,陈鸿昶,程国振. 软件定义网络及安全防御技术研究[J]. 通信学报, 2017, 38(11): 133-160.
Tao WANG,Hong-chang CHEN,Guo-zhen CHENG. Research on software-defined network and the security defense technology[J]. Journal on Communications, 2017, 38(11): 133-160.
表1
SDN安全问题分类总结"
SDN安全问题 | 安全问题类型 | 影响层面 | 问题描述及难点 |
授权认证问题 | 未经授权的控制器访问 | C、S、D | 1) 缺乏有效的信任评估和信任管理机制 |
未经身份认证的应用 | A、N、C | 2) 验证网络设备是否安全的技术和验证应用程序是否安全的技术并不相同 | |
数据泄露 | D | 1) 侧信道攻击探测流规则 | |
数据安全问题 | 2) 分组处理时序分析发现转发策略 | ||
数据篡改 | C、S、D | 3) 恶意修改流规则 | |
虚假规则注入 | A、N、C、D | 1) 由非法用户或设备产生,如伪造的流规则等 | |
恶意应用问题 | 控制器劫持 | C、S | 2) 恶意应用程序可以轻易地被开发,已授权的合法应用程序也可能被篡改,并应用于控制器上 |
3) SDN 控制器受到最严重的威胁、故障或恶意的控制器可使整个SDN 受到威胁 | |||
控制器泛洪攻击 | C | ||
拒绝服务攻击 | 控制/数据通路泛洪攻击 | C、S、D | 1) 逻辑中心化控制器计算资源及交换机流表资源有限性 |
交换机流表泛洪攻击 | D | 2) 资源管理机制不完善,无法区分攻击者与正常用户,提供不同服务质量 | |
缺少TLS机制 | C、S、D | 1) 不同控制器、不同应用程序间缺乏有效、安全流规则同步方案,无法避免相互竞争、彼此冲突和覆盖情况 | |
配置问题 | 策略/流规则合法性及一致性 | A、N、C | 2) 缺少安全配置机制 |
架构缺陷 | A、N、C、S、D | 1) 系统架构无法从设计角度达到完美 | |
系统级安全问题 | 系统漏洞 | A、N、C、S、D | 2) 系统实现时无法避免引入系统漏洞,并为攻击者所利用 |
缺少状态可视化 | A、C | 3) 系统无法对网络状态(安全、连接状态)可视化 |
表2
SDN安全问题解决方案分类总结"
SDN安全问题 | 相关研究 | 研究目标 | 研究内容 | 涉及层面 |
授权认证 | 安全分布式控制,拜占庭弹性SDN | 提高控制层对授权认证方 | 分布式签名算法设计 | C、S |
面安全问题弹性 | 拜占庭式冗余设计 | C、S | ||
弹性认证 | 提高SDN架构弹性 | 控制器分层设计 | C | |
PermOF | 权限设置 | 权限系统设计 | A、N | |
OperationCheckpoint | 控制器行为检测 | 接口检测系统设计 | A、N、C | |
AuthFlow | 授权接入控制 | 基于证书的认证系统 | A、C、S、D | |
FortNOX | 授权认证综合架构 | 复合认证检测系统 | A、N、C、S、D | |
数据安全 | SE-Floodlight | 架构组件间安全通信 | 认证及安全约束技术 | A、N、C、S |
恶意应用 | ROSEMARY | 复合安全功能内核 | 应用隔离及弹性策略 | A、C |
LegoSDN | 提高控制器弹性 | 容错机制 | A、C | |
拒绝服务攻击 | Avant-Guard | 数据平面代理 | 连接迁移、执行触发 | C、S、D |
FloodGuard | 控制器分析模块 | 流量迁移,主动流规则分析 | A、C、S、D | |
CPRecovery | 冗余备份设计 | 主从控制器无缝切换 | C、S | |
Delegate Network Security | 管理协议扩展 | Iden++协议 | S、D | |
VAVE | DoS伴随攻击IP/MAC欺骗 | 基于SDN的源地址认证 | C、D | |
配置问题 | NICE | |||
FlowChecker | 检测网络内部冲突 | 网络行为建模模型检查 | A、C、S | |
Flover | ||||
Anteater | ||||
VeriFlow | ||||
NetPlumbe | 实时策略检查 | 实时冲突检测解决算法 | A、C、S、D | |
FlowGuard | ||||
Frenetic | 语义识别检测 | 高级语言冲突判断 | A、N、C、S | |
Flow-Based Policy | ||||
Splendid Isolation、VeriCon | 形式化验证方法 | 形式化工具建模分析 | N、C、S | |
Verificare、Machine-verified SDN | ||||
系统级安全 | Debugger for SDN | 简化SDN调试 | SDN原型网络调试器 | A、S |
OFHIP、Secure-SDMN | 提升SDN移动安全性 | 扩展安全加强版通信协议 | S | |
FRESCO、CMD | 提升系统整体安全型 | 模块组合、拟态防御 | A、N、C、S、D |
[1] | FELDMANN A . Internet clean-slate design:what and why?[J]. Acm Sigcomm Computer Communication Review, 2007,37(3): 59-64 |
[2] | MCKEOWN N , ANDERSON T , BALAKRISHNAN H ,et al. OpenFlow:enabling innovation in campus networks[J]. ACM Sigcomm Computer Communication Review, 2008,38(2): 69-74. |
[3] | SIMONITE T . MIT Technology Review Announces 10 Breakthrough Technologies[J]. ACM Sigcomm Computer Communication Review, 2015. |
[4] | JAIN S , KUMAR A , MANDAL S ,et al. B4:experience with a globally-deployed software defined WAN[J]. ACM Sigcomm Computer Communication Review, 2013,43(4): 3-14. |
[5] | SEZER S , SCOTT-HAYWARD S , CHOUHAN P K ,et al. Are we ready for SDN? Implementation challenges for software-defined networks[J]. IEEE Communications Magazine, 2013,51(7): 36-43. |
[6] | LI Y , PHAN L T X , LOO B T . Network functions virtualization with soft real-time guarantees[C]// IEEE International Conference on Computer Communications. 2016: 1-9. |
[7] | JAIN R , . Internet 3.0:ten problems with current internet architecture and solutions for the next generation[C]// IEEE Conference on Military Communications. Boston,MA, 2006: 1-9. |
[8] | NUNES A , MENDONCA M , NGUYEN X N ,et al. A survey of software-defined networking:past,present,and future of programmable networks[J]. IEEE Communications Surveys & Tutorials, 2014,16(3): 1617-1634. |
[9] | TENNENHOUSE D L , WETHERALL D J . Towards an active network architecture[C]// DARPA Active Networks Conference and Exposition. 2002: 5-18. |
[10] | GREENBERG A , HJALMTYSSON G , MALTZ D A ,et al. A clean slate 4D approach to network control and management[J]. ACM Sigcomm Computer Communication Review, 2005,35(5): 41-54. |
[11] | ROWSHANRAD S , NAMVARASL S , ABDI V ,et al. A survey on SDN,the future of networking[J]. Journal of Advanced Computer Science &Technology, 2014,3(2): 232-248. |
[12] | MEDVED J , VARGA R , TKACIK A ,et al. OpenDaylight:Towards a Model-Driven SDN Controller architecture[C]// IEEE International Symposium on A World of Wireless,Mobile and Multimedia Networks. IEEE, 2014: 1-6. |
[13] | SHIN M K , NAM K H , KIM H J . Software-defined networking(SDN):a reference architecture and open APIS[C]// International Conference on ICT Convergence. 2012: 360-361. |
[14] | LI H , MELNIKOV A . Safe configuration of TLS connections[C]// Communications and Network Security. IEEE, 2013: 415-422. |
[15] | TENNENHOUSE D L , SMITH J M , SINCOSKIE W D ,et al. A survey of active network research[J]. IEEE Communications Magazine, 1997,35(1): 80-86. |
[16] | LIU Z , CAMPBELL R H , MICKUNAS M D . Active security support for active networks[J]. IEEE Transactions on Systems Man & Cybernetics Part C Applications & Reviews, 2003,33(4): 432-445. |
[17] | MURPHY S , LEWIS E , PUGA R ,et al. Strong security for active networks[C]// Open Architectures and Network Programming Proceedings. 2001: 63-70. |
[18] | CASADO M , GARFINKEL T , AKELLA A ,et al. Sane:a protection architecture for enterprise networks[C]// Conference on Usenix Security Symposium. 2006. |
[19] | CASADO M , FREEDMAn M J , PETTIT J ,et al. Ethane:taking control of the enterprise[C]// ACM Sigcomm Conference on Applications.ACM. 2007: 1-12. |
[20] | LEE , SEUNGSOO , ,et al. DELTA:a security assessment framework for software-defined networks[C]// Network and Distributed System Security Symposium, 2017. |
[21] | SCOTTHAYWARD S , KANE C , SEZER S . Operation checkpoint:SDN application control[C]// IEEE,International Conference on Network Protocols. 2014: 618-623. |
[22] | OKTIAN Y E , LEE S G , LEE H J ,et al. Secure your northbound SDN API[C]// Seventh International Conference on Ubiquitous and Future Networks. 2015: 919-920. |
[23] | FERGUSON A D , GUHA A , LIANG C ,et al. Participatory networking:an API for application control of SDNs[J]. Computer Communication Review, 2013,43(4): 327-338. |
[24] | JARSCHEL M , OECHSNER S , SCHLOSSER D ,et al. Modeling and performance evaluation of an OpenFlow architecture[C]// InternationalTeletraffic Congress. 2011: 1-7. |
[25] | SHIN S , YEGNESWARAN V , PORRAS P ,et al. AVANT-GUARD:scalable and vigilant switch flow management in software-defined networks[C]// ACM Sigsac Conference on Computer & Communications Security. 2013: 413-424. |
[26] | YAO G , BI J , GUO L . On the cascading failures of multi-controllers in software defined networks[C]// IEEE International Conference on Network Protocols. 2013: 1-2. |
[27] | AL-SHAER E,AL-HAJ S , AL-HAJ S . FlowChecker:configuration analysis and verification of federated openflow infrastructures[J]. Proceedings of ACM Workshop on Assurable & Usable Security Configuration Safeconfig’, 2010: 37-44. |
[28] | BREMKE M , GEDEON H , WINDFUHR J P ,et al. Application-layer traffic optimization (ALTO) problem Statement[C]// EGU General Assembly Conference Abstracts. 2009: 711-716. |
[29] | NADEAU T . Software driven networks problem statement[J]. Network Working Group Internet-Draft, 2011. |
[30] | GIESEN F , KOHLAR F , STEBILA D . On the security of TLS renegotiation[C]// ACM Sigsac Conference on Computer & Communications Security. 2013: 387-398. |
[31] | DAS M L , SAMDARIA N . On the security of SSL/TLS-enabled applications[J]. Applied Computing & Informatics, 2014,10(1-2): 68-81. |
[32] | BENTON K , CAMP L J , SMALL C . OpenFlow vulnerability assessment[C]// ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking. 2013: 151-152. |
[33] | ZHANG Y , BEHESHTI N , TATIPAMULA M . On resilience of split-architecture networks[C]// Global Communications Conference,GLOBECOM. 2011: 1-6. |
[34] | BERDE P , GEROLA M , HART J ,et al. ONOS:towards an open,distributed SDN OS[C]// The Workshop on Hot Topics in Software Defined Networking. 2014: 1-6. |
[35] | KOPONEN T , CASADO M , GUDE N ,et al. Onix:a distributed control platform for large-scale production networks[C]// Usenix Symposium on Operating Systems Design and Implementation. 2010: 351-364. |
[36] | TOOTOONCHIAN A , GANJALI Y . HyperFlow:a distributed control plane for OpenFlow[C]// Internet Network Management Conference on Research on Enterprise Networking. 2010. |
[37] | HASSAS Y S , GANJALI Y . Kandoo:a framework for efficient and scalable offloading of control applications[C]// The Workshop on Hot Topics in Software Defined Networks. 2012: 19-24. |
[38] | SONCHACK J , AVIV A J , KELLER E . Timing SDN control planes to infer network configurations[C]// ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization. 2016: 19-22. |
[39] | CUI H , KARAME G O , KLAEDTKE F ,et al. On the fingerprinting of software-defined networks[J]. IEEE Transactions on Information Forensics & Security, 2016,11(10): 2160-2173. |
[40] | SHIN S , GU G . Attacking software-defined networks:a first feasibility study[C]// ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking. 2013 |
[41] | RISTENPART T , TROMER E , SHACHAM H ,et al. Hey,you,get off of my cloud:exploring information leakage in third-party compute clouds[C]// ACM Conference on Computer and Communications Security. 2009: 199-212. |
[42] | NATARAJAN S , RAMAIAH A , MATHEN M . A Software defined cloud-gateway automation system using OpenFlow[C]// IEEE International Conference on Cloud Networking. 2013: 219-226. |
[43] | AZODOLMOLKY S , NEJABATI R . Optical flowvisor:an openflow-based optical network virtualization approach[C]// IEEE Optical Fiber Communication Conference and Exposition. 2012: 1-3. |
[44] | AL-SHABIBI A , DE LEENHEER M , GEROLA M ,et al. OpenVirteX:make your virtual SDNs programmable[C]// The Workshop on Hot Topics in Software Defined Networking. 2014: 25-30. |
[45] | DRUTSKOY D , KELLER E , REXFORD J . Scalable network virtualization in software-defined networks[J]. IEEE Internet Computing, 2013,17(2): 20-27. |
[46] | MM O , OKAMURA K . Securing distributed control of software defined networks[J]. International Journal of Computer Science & Network Security, 2013,13(9): 60-67 |
[47] | LI H , LI P , GUO S ,et al. Byzantine-resilient secure software-defined networks with multiple controllers[C]// IEEE International Conference on Communications. 2014, 695-700 |
[48] | YU D , MOORE A W , HALL C ,et al. Authentication for resilience:the case of SDN[M]. Security Protocols XXI. Springer Berlin Heidelberg, 2013: 39-44. |
[49] | WEN X , CHEN Y , HU C ,et al. Towards a secure controller platform for openflow applications[C]// ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking. 2013: 171-172. |
[50] | MATTOS D M F , DUARTE O C M B . AuthFlow:authentication and access control mechanism for software defined networking[J]. Annals of Telecommunications, 2014: 1-9. |
[51] | PORRAS P , SHIN S , YEGNESWARAN V ,et al. A security enforcement kernel for OpenFlow networks[C]// In Proc.of the 1st Workshop on Hot topics in Software Defined Networks. 2012: 121-126 |
[52] | PORRAS P , CHEUNG S , FONG M ,et al. Securing the software defined network control layer[C]// Network and Distributed System Security Symposium. 2015. |
[53] | SHIN S , SONG Y , LEE T . Rosemary:a robust,secure,and high-performance network operating system[C]// 22nd ACM SIGSAC Conference on Computer and Communications Security. 2014: 78-89. |
[54] | CHANDRASEKARAN B , BENSON T . Tolerating SDN application failures with LegoSDN[C]// The Workshop on Hot Topics in Software Defined Networking. 2014: 235-236. |
[55] | KIM M S , KONG H J , HONG S C ,et al. A flow-based method for abnormal network traffic detection[C]// IEEE/IFIP Network Operations and Management Symposium. 2004: 599-612. |
[56] | WATERS B , JUELS A , HALDERMAN J A ,et al. New client puzzle outsourcing techniques for DoS resistance[C]// ACM Conference on Computer and Communications Security. 2004: 246-256. |
[57] | MICHALAS A , KOMNINOS N , PRASAD N R ,et al. New client puzzle approach for DoS resistance in ad hoc networks[C]// IEEE International Conference on Information Theory and Information Security. 2010: 568-573. |
[58] | WANG H , XU L , GU G . FloodGuard:A DoS attack prevention extension in software-defined networks[C]// IEEE/IFIP International Conference on Dependable Systems and Networks. 2015: 239-250. |
[59] | FONSECA P , BENNESBY R , MOTA E ,et al. A replication component for resilient OpenFlow-based networking[C]// IEEE Network Operations and Management Symposium. 2012: 933-939. |
[60] | NAOUS , STUTSMAN , RYAN ,et al. Delegating network security with more information[C]// ACM Sigcomm Workshop on Research on Enterprise Networking. 2009: 19-26. |
[61] | YU J , KIM E , KIM H ,et al. A framework for detecting mac and ip spoofing attacks with network characteristics[C]// International Conference on Software Security and Assurance. 2016: 49-53. |
[62] | YAO G , BI J , XIAO P . Source address validation solution with OpenFlow/NOX architecture[C]// IEEE International Conference on Network Protocols. 2011: 7-12. |
[63] | CANINI M , VENZANO D , PERENI P ,et al. A nice way to test openflow applications[C]// Usenix Symposium on Networked Systems Design & Implementation, 2012. |
[64] | AL-SHAER S , AL-HAJ S , . FlowChecker:configuration analysis and verification of federated openflow infrastructures[C]// Workshop on Assurable & Usable Security Configuration Safeconfig’, 2010. |
[65] | SON S , SHIN S , YEGNESWARAN V ,et al. Model checking invariant security properties in OpenFlow[C]// IEEE International Conference on Communications. 2013: 1974-1979. |
[66] | MAI H , KHURSHID A , AGARWAL R ,et al. Debugging the data plane with anteater[C]// ACM SIGCOMM Conference. 2011: 290-301. |
[67] | KHURSHID A , ZHOU W , CAESAR M ,et al. Veriflow:verifying network-wide invariants in real time[J]. ACM Sigcomm Computer Communication Review, 2012,42(4): 467-472. |
[68] | KAZEMIAN P , CHANG M , ZENG H ,et al. Real time network policy checking using header space analysis[C]// Usenix Conference on Networked Systems Design and Implementation. 2013: 99-112. |
[69] | WANG J , WANG Y , HU H ,et al. Towards a security-enhanced firewall application for openflow networks[C]// The 5th International Symposium on Cyberspace Safety and Security. 2013: 92-103. |
[70] | HU H , AHN G J , HAN W ,et al. Towards a reliable SDN firewall[C]// Open Networking Summit Research Track. 2014. |
[71] | HU H , HAN W , AHN G J ,et al. FLOWGUARD:building robust firewalls for software-defined networks[C]// The Workshop on Hot Topics in Software Defined Networking. 2014: 97-102. |
[72] | KAZEMIAN P , VARGHESE G , MCKEOWN N . Header space analysis:static checking for networks[C]// Usenix Conference on Networked Systems Design and Implementation, 2012. |
[73] | WALKER D . FRENETIC:A network programming language[J]. ACM Sigplan Notices, 2012,46(9): 279-291. |
[74] | HINRICHS T , GUDE N , SHENKER S . Expressing and enforcing flow-based network security policies[J]. Computer Networks, 2008,12(1): 1-20. |
[75] | GUTZ S , STORY A , SCHLESINGER C ,et al. Splendid isolation:a slice abstraction for software-defined networks[C]// The Workshop on Hot Topics in Software Defined Networks. 2012: 79-84. |
[76] | SKOWYRA R W , LAPETS A , BESTAVROS A ,et al. Verifiably-safe software-defined networks for CPS[C]// ACM International Conference on High Confidence Networked Systems. 2013: 101-110. |
[77] | GUHA A , REITBLATT M , FOSTER N . Machine-verified network controllers[C]// ACM Sigplan Conference on Programming Language Design and Implementation. 2013. 483-494. |
[78] | BALL T , BJRNER N , GEMBER A ,et al. VeriCon:towards verifying controller programs in software-defined networks[J]. ACM Sigplan Notices, 2014,49(6): 282-293. |
[79] | HANDIGOL N , HELLER B , JEYAKUMAR V ,et al. Where is the debugger for my software-defined network?[C]// The Workshop on Hot Topics in Software Defined Networks. 2012: 55-60. |
[80] | NAMAL S , AHMAD I , GURTOV A ,et al. Enabling secure mobility with OpenFlow[C]// IEEE Software Defined Networks for Future Networks and Services. 2013: 1-5. |
[81] | AL-SHRAIDEH F , . Host identity protocol[C]// International Conference on Networking and the International Conference on Systems. 2006. |
[82] | LIYANAGE M , YLIANTTILA M , GURTOV A . Securing the control channel of software-defined mobile networks[C]// IEEE World of Wireless,Mobile and Multimedia Networks. 2014: 1-6. |
[83] | SHIN S , PORRAS P , YEGNESWARAN V ,et al. FRESCO:modular composable security services for software defined networks[C]// Proceedings of Network & Distributed Security Symposium. 2013. |
[84] | 邬江兴 . 网络空间拟态防御研究[J]. 信息安全学报, 2016,1(4): 1-10. |
WU J X . Cyber mimic defense[J]. Journal of Cyber Security, 2016,1(4): 1-10. | |
[85] | YAO G , BI J , LI Y ,et al. On the capacitated controller placement problem in software defined networks[J]. Communications Letters IEEE, 2014,18(8): 1339-1342. |
[86] | ROS F J , RUIZ P M . Five nines of southbound reliability in software-defined networks[C]// ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking. 2014: 31-36. |
[87] | NGUYENTUONG A , EVANS D , KNIGHT J C ,et al. Security through redundant data diversity[C]// IEEE International Conference on Dependable Systems and Networks with FTCS and DCC. 2008: 187-196. |
[88] | PETKAC M , BADGER L , MORRISON W . Security agility for dynamic execution environments[C]// IEEE DARPA Information Survivability Conference and Exposition. 2000: 377-390. |
[89] | COX B , EVANS D , FILIPI A ,et al. N-variant systems:a secretless framework for security through diversity[C]// Conference on Usenix Security Symposium, 2006. |
[90] | QI C , WU J , HU H ,et al. Dynamic-scheduling mechanism of controllers based on security policy in software-defined network[J]. Electronics Letters, 2016,52(23): 1918-1920. |
[91] | DEPREN O , TOPALLAR M , ANARIM E ,et al. An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks[J]. Expert Systems with Applications, 2005,29(4): 713-722. |
[92] | XING T , HUANG D , XU L ,et al. SnortFlow:a OpenFlow-based intrusion prevention system in cloud environment[C]// IEEE Research and Educational Experiment Workshop. 2013: 89-92. |
[93] | ANWER B , BENSON T , FEAMSTER N ,et al. A slick control plane for network middleboxes[C]// ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking. 2013: 147-148. |
[94] | FAYAZBAKHSH S K , SEKAR V , YU M ,et al. FlowTags:enforcing network-wide policies in the presence of dynamic middlebox actions[C]// ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, 2013: 19-24. |
[95] | QAZI Z A , TU C C , CHIANG L ,et al. SIMPLE-fying middlebox policy enforcement using SDN[C]// ACM SIGCOMM 2013 Conference on SIGCOMM. 2013: 27-38. |
[96] | JAFARIAN J H , AL-SHAER E , DUAN Q . Openflow random host mutation:transparent moving target defense using software defined networking[C]// The Workshop on Hot Topics in Software Defined Networks. 2012: 127-132. |
[97] | KRYLOV V , KRAVTSOV K . IP fast hopping protocol design[C]// Central and Eastern European Software Engineering Conference in Russia. 2014. |
[98] | BRAGA R B , MOTA E M , PASSITO A P . Lightweight DDoS flooding attack detection using NOX/OpenFlow[J]. Journal of Nuclear Cardiology, 2010,8(1): 408-415. |
[99] | BALLARD J R , RAE I , AKELLA A . Extensible and scalable network monitoring using OpenSAFE[C]// Internet Network Management Conference on Research on Enterprise Networking. 2010. |
[100] | SHIN S , GU G . CloudWatcher:network security monitoring using OpenFlow in dynamic cloud networks (or:How to provide security monitoring as a service in clouds?)[C]// IEEE International Conference on Network Protocols. 2012: 1-6. |
[101] | SKOWYRA R , BAHARGAM S , BESTAVROS A . Software-defined IDS for securing embedded mobile devices[C]// IEEE High Performance Extreme Computing Conference. 2013: 1-7. |
[102] | GOODNEY A , . Pattern based packet filtering using NetFPGA in DETER infrastructure[C]// Asia NetFPGA Developers Workshop. 2010: 271-286. |
[103] | MEHDI S A , KHALID J , KHAYAM S A . Revisiting traffic anomaly detection using software defined networking[C]// Recent Advances in Intrusion Detection. 2011: 161-180. |
[1] | 赵仕祺, 黄小红, 钟志港. 基于信誉的域间路由选择机制的研究与实现[J]. 通信学报, 2023, 44(6): 47-56. |
[2] | 谢人超, 文雯, 唐琴琴, 刘云龙, 谢高畅, 黄韬. 轨道交通移动边缘计算网络安全综述[J]. 通信学报, 2023, 44(4): 201-215. |
[3] | 罗智勇, 张玉, 王青, 宋伟伟. 基于贝叶斯攻击图的SDN入侵意图识别算法的研究[J]. 通信学报, 2023, 44(4): 216-225. |
[4] | 徐明, 张保俊, 伍益明, 应晨铎, 郑宁. 面向网络攻击和隐私保护的多智能体系统分布式共识算法[J]. 通信学报, 2023, 44(3): 117-127. |
[5] | 康海燕, 龙墨澜. 基于吸收马尔可夫链攻击图的网络攻击分析方法研究[J]. 通信学报, 2023, 44(2): 122-135. |
[6] | 王东滨, 吴东哲, 智慧, 郭昆, 张勖, 时金桥, 张宇, 陆月明. 软件定义网络抗拒绝服务攻击的流表溢出防护[J]. 通信学报, 2023, 44(2): 1-11. |
[7] | 沙宗轩, 霍如, 孙闯, 汪硕, 黄韬. 基于深度强化学习的转发效能感知流量调度算法[J]. 通信学报, 2022, 43(8): 30-40. |
[8] | 郭渊博, 李勇飞, 陈庆礼, 方晨, 胡阳阳. 融合Focal Loss的网络威胁情报实体抽取[J]. 通信学报, 2022, 43(7): 85-92. |
[9] | 燕昺昊, 刘勤让, 沈剑良, 汤先拓, 梁栋. 软件定义网络中一种快速无循环路径迁移策略[J]. 通信学报, 2022, 43(5): 24-35. |
[10] | 吴平, 常朝稳, 左志斌, 马莹莹. 基于地址重载的SDN分组转发验证[J]. 通信学报, 2022, 43(3): 88-100. |
[11] | 李传煌, 陈泱婷, 唐晶晶, 楼佳丽, 谢仁华, 方春涛, 王伟明, 陈超. QL-STCT:一种SDN链路故障智能路由收敛方法[J]. 通信学报, 2022, 43(2): 131-142. |
[12] | 吴平, 常朝稳, 马莹莹. 基于端址重载的SDN包转发验证[J]. 通信学报, 2021, 42(7): 70-83. |
[13] | 常朝稳, 金建树, 韩培胜, 祝现威. 基于属性签名标识的SDN数据包转发验证方案[J]. 通信学报, 2021, 42(6): 131-144. |
[14] | 张红斌, 尹彦, 赵冬梅, 刘滨. 基于威胁情报的网络安全态势感知模型[J]. 通信学报, 2021, 42(6): 182-194. |
[15] | 张腾飞, 余顺争. 移动设备加密流量的用户信息探测研究展望[J]. 通信学报, 2021, 42(2): 154-167. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|