基于OpenFlow的SDN网络攻防方法综述

发布时间：2018-04-22 11:43

本文选题：网络安全 + 软件定义网络　；参考：《计算机科学》2017年06期

【摘要】：软件定义网络(Software Defined Network,SDN)的控制与转发分离、统一配置管理的特性使其网络部署的灵活性、网络管理的动态性以及网络传输的高效性均有大幅提升,但是其安全性方面的问题却比较突出。综述了基于OpenFlow的SDN在安全方面的研究现状,首先根据SDN的三层架构分析了其脆弱性,介绍SDN不同平面面临的安全威胁,并根据网络攻击的流程来介绍当前主要的攻击手段,包括目标网络探测、伪造欺骗实现网络接入以及拒绝服务攻击和信息窃取;其次,针对不同攻击环节,分别从探测阻断、系统加固、攻击防护3个方面对当前主要的防御手段进行论述;最后,从SDN潜在的攻击手段和可能的防御方法两方面来探讨未来SDN安全的研究趋势。
[Abstract]:Software definition Software Defined Network (SDN) separation of control and forwarding, the characteristics of unified configuration management make its network deployment flexibility, network management dynamic and network transmission efficiency are greatly improved. But its safety aspect question actually quite prominent. This paper summarizes the research status of SDN based on OpenFlow in the aspect of security. Firstly, according to the three-layer architecture of SDN, it analyzes its vulnerability, introduces the security threats faced by different planes of SDN, and introduces the main attack methods according to the flow of network attack. Including target network detection, forgery spoofing to realize network access, denial of service attacks and information theft; secondly, for different attack links, respectively from detection blocking, system reinforcement, At last, the research trend of SDN security in the future is discussed from two aspects: the potential attack means of SDN and the possible defense methods.
【作者单位】：解放军信息工程大学;数学工程与先进计算国家重点实验室;
【分类号】：TP393.08

【相似文献】