摘要
针对当前网络对内部威胁防御薄弱的现状,提出一种基于软件定义网络(SDN)的自适应网络访问控制系统,利用SDN牵引流量的优势,按需要将网络安全设备编排进终端访问网络的路径,形成网络防御路径,将网络防御策略对应到网络防御路径。同时,利用层次分析法,根据用户流量特征对用户的信任度进行评估,并根据信任度动态调整网络防御路径,实现对内部威胁的实时防护。
Aiming at the situation of the weak defensing against insider threats in current network, a SDN - based adaptive network ac- cess control system is proposed. Using the advantage of SDN to arrange the network security device into the path that the client accesses the network as require. In this way, a path with defensive function is built and the network defense strategy can be mapped to the net- work path. Besides, the Analytic Hierarchy Process is used to calculate the trust of the user according to the user' s traffic, and adjust the access path dynamically according to the trust to realize the real - time protection of the insider threats.
出处
《网络新媒体技术》
2017年第5期20-28,53,共10页
Network New Media Technology
基金
中国科学院重点部署项目(ZDRW-KT-2016-02)课题(ZDRW-KT-2016-02-6
所内编号:Y6X0061105)
国家高技术研究发展计划(863)(2015AA016106)
关键词
网络访问控制
软件定义网络
内部威胁
自适应
层次分析法
network access control, software defined network, insider threat, adaptive, Analytic Hierarchy Process
