Research On Network Of Moving Target Defense Based On SDN

Moving Target Defense is a new kind of network security techniques,which is to create,evaluate,and deploy mechanisms and strategies that are diverse,continually shift,and change over time to increase complexity and costs for attackers,limit the exposure of vulnerabilities and opportunities for attack,and increase system resiliency.In this thesis,the corresponding key techniques for moving target defense network based on SDN was researched,the main research work and innovations are as follows:For the route randomization techniques based on SDN,the corresponding problems of route randomization were analyzed.From the perspective of protecting both routers and terminal data streams,a new route randomization technique based on SDN was proposed around the goal of improving the performance and security effectiveness of route randomization.The performance analysis and evaluation of the proposed technique was done from route randomization space,route randomization frequency,data transmission time and packet loss rate,the results show that,compared with the current route randomization techniques,the proposed route randomization technique can greatly expand the route randomization space and improve the route randomization frequency of the data streams in the transmission processes on the basis of ensuring the end-to-end reachability.For the address randomization techniques based on SDN,the corresponding problems of address randomization were analyzed.From the perspective of protecting hosts,a new address randomization technique based on SDN was proposed around the goal of improving the performance and security performance of address randomization.The performance analysis and evaluation of the proposed technique was done from address randomization space,address randomization frequency,data transmission time and packet loss rate,the results show that,compared with the current address randomization techniques,the proposed address randomization technique can greatly expand the address randomization space of the hosts in the transmission processes on the basis of ensuring the end-to-end reachability.For the address and route integrated randomization techniques based on SDN,a new address and route integrated randomization technique based on SDN was proposed from the perspective of protecting routers,terminal data streams and hosts in the network.The performance analysis and evaluation of the proposed technique was done from route randomization space,address randomization space,route randomization frequency,address randomization frequency,data transmission time and packet loss rate,the results show that,compared with the current address and route integrated randomization techniques,the proposed address and route integrated randomization technique can greatly expand the address randomization space of the hosts and the route randomization space of the data streams as well as improve the route randomization frequency of the data streams in the transmission processes on the basis of ensuring the end-to-end reachability.For the security effectiveness performance of dynamic target defense network techniques,security effectiveness analysis models of route randomization techniques were proposed.The security effectiveness of route randomization techniques was theoretically analyzed according to the proposed models.The security effectiveness of route randomization techniques facing with vulnerability attacks for routers as well as denial of service attacks for terminal data streams was evaluated.The results show that the security effectiveness of proposed route randomization technique for routers and terminal data streams is higher than current route randomization techniques.After that,security effectiveness analysis model of address randomization techniques was proposed.The security effectiveness of address randomization techniques was theoretically analyzed according to the proposed models.The security effectiveness of address randomization techniques facing with Trojan attack for hosts was evaluated.The results show that the security effectiveness of proposed address randomization technique for hosts is higher than current address randomization techniques.