基于OpenFlow的网络层移动目标防御方案

发布时间：2018-05-26 09:35

本文选题：主动防御 + OpenFlow　；参考：《通信学报》2017年10期

【摘要】：为在网络攻防博弈中占据主动地位,利用OpenFlow网络结构提供的网络灵活性,提出一个基于OpenFlow的网络层移动目标防御方案。在网络层,通过对防护区域内通信中的每一跳网络地址进行伪随机变换,对跨区域网络通信的出口端口进行伪随机映射,从而实现通信节点的隐藏以及网络结构的保护。实验表明,该方案有效可行。相比于现有移动目标防御方案,该方案易部署、兼容性好,并实现了节点全网的通信保护。
[Abstract]:In order to play an active role in the network attack and defense game, a network layer mobile target defense scheme based on OpenFlow is proposed by using the network flexibility provided by the OpenFlow network structure. In the network layer, the pseudorandom mapping of the exit port of the cross-area network communication is carried out through the pseudorandom transformation of each hop network address in the protected area, so as to realize the hiding of the communication node and the protection of the network structure. Experiments show that the scheme is effective and feasible. Compared with the existing mobile target defense scheme, this scheme is easy to deploy, has good compatibility, and realizes the communication protection of the whole node network.
【作者单位】：北京邮电大学网络空间安全学院;贵州大学公共大数据国家重点实验室;
【基金】：国家重点研发计划基金资助项目(No.2017YFB0802703) 国家自然科学基金资助项目(No.61602052)~~
【分类号】：TP393.08

【相似文献】