摘要
针对现阶段软件定义网络(SDN)控制层流规则窜改攻击以及单点脆弱性问题,提出一种基于动态异构冗余的拟态安全控制器模型,通过分布式冗余架构以及一致性判决机制提高系统可靠性,利用调度机制实现系统动态性以及结合异构因素提高系统安全性,通过一致性容错算法(consistency and fault detection algorithm,CFDA)实现安全数据处理与错误检测,并提高控制器集群动态、可扩展性。仿真结果表明,对于控制器集群网络而言CFDA具有较低的通信复杂度,降低了节点冗余度要求;同时,冗余体的增加可以非线性降低系统被攻击成功概率,而适当的调度策略大大提高了系统安全率,因此拟态安全控制器机制能够有效提高攻击者攻击难度,增加系统安全可靠性。
Aiming at the problem of flow rules tampering attack as well as single point vulnerability in SDN control layer,this paper proposed a mimic security controller model based on dynamic heterogeneous redundancy. The proposed model used distributed architecture and consistency decision mechanism to improve the system reliability,scheduling mechanism to achieve system dynamics and the combination of heterogeneous factors to improve system security. It designed a consistency fault-tolerant algorithm CFDA to achieve safe data processing with fault detection and scalability. Simulation experiments show that the proposed algorithm has lower communication complexity for the controller cluster network and reduces the multi-controller node redundancy requirements,and that the mimic security controller mechanism can effectively improve the attacker's difficulty,which increases the safety factor and reliability of the system.
作者
顾泽宇
张兴明
林森杰
Gu Zeyu;Zhang Xingming;Lin Senjie(National Digital Switching System Engineering & Technological R&D Center,Zhengzhou 450002,China)
出处
《计算机应用研究》
CSCD
北大核心
2018年第7期2148-2152,共5页
Application Research of Computers
基金
国家自然科学基金面上项目(61572520)
国家自然科学基金创新研究群体项目(61521003)
关键词
SDN控制层
流规则窜改
单点脆弱性
动态异构冗余
调度机制
一致性与错误检测
SDN control layer
flow rule tampering attack
single point vulnerability
dynamic heterogeneous redundancy
scheduling mechanism
consistency and fault detection