面向SDN防火墙的网络用户行为分析研究

发布时间：2018-07-03 09:31

本文选题：软件定义网络 + 防火墙技术　；参考：《浙江工商大学》2017年硕士论文

【摘要】：网络安全问题是当前网络面临的一项亟待解决的问题,解决网络安全问题最有效的手段之一是使用防火墙。而传统防火墙网络架构存在的主要问题之一是防火墙安全策略是由网络管理员逐一进行配置。随着网络科技迅速发展,网络应用服务复杂化,使得安全策略的数量和复杂性不断增加,因此配置安全策略给网络管理员带来庞大的负担。而软件定义网络(Software Defined Networking,SDN)的出现可以很好的解决上述问题。SDN是一种新型网络架构,实现了对全局网络集中可编程化控制。在SDN网络架构下,网络管理员通过SDN控制器,以一种集中管理的方式实现对安全策略批量处理,并且能够根据底层网络设备的状态信息动态地设置网络中防火墙的数量和位置。此外网络管理员可以通过OpenFlow交换机提供的开发可编程接口,对网络中异常流量或攻击行为进行动态处理。为了更加有效和准确的对异常流量和攻击行为进行动态处理,因此需要对网络用户行为进行分析。而近几年,在大数据环境下的网络用户行为的分析被越来越多的学者和组织机构研究,通过分析网络用户的行为数据可以发现网络用户的行为特征,阻止潜在的威胁,为增强安全策略提供依据。本文借助SDN网络架构和数据挖掘技术,设计了一个SDN防火墙系统。用SDN交换机实现了部分防火墙功能,并使用统计分析和聚类分析两种数据挖掘方法对网络用户行为数据进行分析。分别获取网络用户的个体行为特征和整个网络的集体行为特征,将获取到的行为特征信息应用到安全策略上。并且通过设计防火墙算法实现安全策略的自动动态部署。最后通过动态设置用户端口带宽和基于身份类型的策略部署两个实例对系统进行了验证。其中,前者验证了系统自动动态部署安全策略以及对异常流量能够动态处理的能力。后者验证了将网络用户行为分析结果应用到安全策略上的可行性。
[Abstract]:The problem of network security is an urgent problem that the network faces. One of the most effective methods to solve the problem of network security is to use firewall. One of the main problems in the traditional firewall network architecture is that the firewall security policy is configured by the network administrator one by one. With the rapid development of network technology and the complexity of network application services, the number and complexity of security policies are increasing, so configuring security policies brings a huge burden to network administrators. The emergence of Software defined Network (SDN) can solve the above problems well. SDN is a new type of network architecture, which realizes the centralized programmable control of global network. In the SDN network architecture, the network administrator processes the security policies in batches through SDN controllers in a centralized manner, and can dynamically set the number and location of firewalls in the network according to the state information of the underlying network devices. In addition, the network administrator can dynamically handle the abnormal traffic or attack behavior in the network by developing a programmable interface provided by the OpenFlow switch. In order to deal with the abnormal traffic and attack behavior more effectively and accurately, it is necessary to analyze the behavior of network users. In recent years, more and more scholars and organizations have studied the behavior of network users under the big data environment. By analyzing the behavior data of network users, we can find the behavior characteristics of network users and prevent the potential threats. To provide the basis for enhancing the security policy. This paper designs an SDN firewall system with the help of SDN network architecture and data mining technology. A part of firewall is implemented with SDN switch, and two kinds of data mining methods, statistical analysis and clustering analysis, are used to analyze the behavior data of network users. The individual behavior characteristics of the network users and the collective behavior characteristics of the whole network are obtained, and the obtained behavior characteristics information is applied to the security policy. And design firewall algorithm to realize the automatic dynamic deployment of security policy. Finally, the system is verified by dynamic setting of user port bandwidth and policy deployment based on identity type. The former verifies the ability of automatic dynamic deployment security policy and the ability to deal with abnormal traffic dynamically. The latter verifies the feasibility of applying the network user behavior analysis results to the security policy.
【学位授予单位】：浙江工商大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP393.08

【参考文献】