期刊文献+

基于OpenFlow的SDN状态防火墙 被引量:6

State firewall of SDN based on OpenFlow
下载PDF
导出
摘要 提出了一种基于OpenFlow的状态检测防火墙系统,该方案通过在SDN控制器和交换机中添加状态表和变换流表,并根据包的类型分别制定相应的状态转换规则,实现对SDN网络状态的监测。最后,在开源控制器Floodlight和Open vSwitch上实现了一个基于状态检测的防火墙系统,并对该防火墙的性能进行了评估,结果表明基于OpenFlow的SDN状态检测防火墙能够识别不同类型的包并实现现有SDN防火墙不能实现的基于状态的细粒度访问控制。 A new SDN state inspection firewall system on OpenFlow protocol is proposed.In this scheme,state tables and shifted flow tables are added into SDN controller and switch,and corresponding state transition rules are also formulated on the basis of packet type,so firewall is able to inspect SDN network state.SDN state inspection firewall is implemented on opensource controller Floodlight and Open vSwitch.The performance evaluation result shows that the SDN state inspection firewall can recognize the type of packets,moreover,it achieves the fine-grained access control which present SDN firewall cannot offer.
作者 王鹃 刘世辉 文茹 洪智 王江 樊成阳 张浩喆 WANG Juan;LIU Shihui;WEN Ru;HONG Zhi;WANG Jiang;FAN Chengyang;ZHANG Haozhe(State Key Laboratory of Software Engineering,Wuhan 430072,China;Key Laboratory of Aerospace Information Security and Trust Computing,Ministry of Education,Wuhan 430072,China;Computer School of Wuhan University,Wuhan 430072,China;Department of Computer Science and Technology,Tsinghua University,Beijing 100084,China)
出处 《计算机工程与应用》 CSCD 北大核心 2018年第15期84-90,共7页 Computer Engineering and Applications
基金 国家自然科学基金重点项目(No.61402342 No.61173138 No.61103628) 国家重点基础研究发展规划(973)(No.2014CB340600)
关键词 软件定义网络 OpenFlow协议 状态检测 防火墙 Software Defined Network(SDN) OpenFlow protocol state inspection firewall
  • 相关文献

参考文献2

二级参考文献58

  • 1Open Networking Foundation. Software-defined networking: the new norm for networks [ R/OL]. [ 2013-11 - 16 ]. https ://www. opennet- working, org/images/stories/downloads/sdnresources/white-papers/ wpsdn-newnorm, pdf. 被引量:1
  • 2ZARGAR S T, JOSHI J, TIPPER D. A survey of defense mechanisms against distributed denial of service ( DDoS ) flooding attacks [ J ]. IEEE Communications Surveys & Tutorials,2013,15 (4) :2046- 2069. 被引量:1
  • 3ZHOU Wan-lei. Keynote Ⅲ: detection and traceback of DDoS attacks [C]//Proc of the 8th IEEE International Conference on Computer and Information Technology. [ S. l. ] :IEEE Press,2008. 被引量:1
  • 4Real time threat mitigation through intelligent network quarantine [ EB/OL ]. [ 2013- 11- 18 ]. http://www, opennetsummit, org/ar- chives/apr12/site/pdf/varmour, pdf. 被引量:1
  • 5PORRAS P, SHIN S, YEGNESWARAN V, et al. A security en- forcement kernel for OpenFlow networks [ C ]//Proc of the 1 st Work- shop on Hot Topics in Software Defined Networks. New York : ACM Press,2012 : 121 - 126. 被引量:1
  • 6ANTONATOS S, AKRITIDIS P, MARKATOS E P, et al. Defending against hitlist worms using network address space randomization [ J ]. Computer Networks ,2007,51 ( 12 ) :3471-3490. 被引量:1
  • 7JAFARIAN H J, AI-S E, DUAN Qi. OpenFlow random host muta-tlon : transparent moving target defense using software defined networ- king[C]//Proc of the 1st Workshop on Hot Topics in Software De- fined Networks. New York :ACM Press ,2012 : 127-132. 被引量:1
  • 8KUMAR S, SEHGAL R, BHATIA J S. Hybrid honeypot framework for malware collection and analysis [ C ]//Proe of the 7th International Conference on Industrial and Information Systems. [ S. 1. ] : IEEE Press.2012 : 1-5. 被引量:1
  • 9YEGANEH S H, GANJALI Y. Kandoo: a framework for efficient and scalable offloading of control applications [ C ]//Proc of the 1 st Work- shop on Hot Topics in Software Defined Networks. New York:ACM Press,2012 : 19-24. 被引量:1
  • 10BEHESHTI N, ZHANG Ying. Fast failover for control traffic in soft- ware-defined networks [ C ]//Proc of IEEE Global Communication Conference. [ S. 1. ] : IEEE Press,2012:2665-2670. 被引量:1

共引文献28

同被引文献46

引证文献6

二级引证文献10

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部