Research On Security Issues Of Wireless Mesh Software Defined Networks

With the development of science and technology,people increasingly rely on the Internet. Traditional hierarchical forwarding network has failed to meet people’s needs, so we need a new network architecture to solve the problem. Software Defined Network(SDN) is respected as a new architecture by the industry. It’s thought to be one of the main development direction of the next generation networks. As a way of military communications,civil emergency command communications in no optical fiber and other infrastructure areas, wireless mesh network acts as an irreplaceable role in many cases. With further research and development in SDN, wireless mesh software defined network(wmSDN) architecture appeared.Control and forwarding separation is the basic characteristics of SDN, so that the network is programmable. With centralized control, SDN can greatly simplify the switch because switch just need to follow the command of the controller and execute the forward mission. As a result, it can reduce the cost of equipment. Programmable network also enables the network to provide a variety of business services, which significantly improves the efficiency and resource utilization. But this consequent security threats cannot be ignored. As a network decision-making unit, controller is a weak point in the network system. Once the controller under attack, it can affect the entire network, even brings paralysis.This article investigates the security threats that SDN faced and the corresponding solutions. Then we study on the security problems wmSDN faced. We put forward a network authentication approach,security of multi-controller, security module maintain network security. The security module is placed in the POX controller, can maintain the security of the whole network system. The module consists of two parts: firewall module, which based on Pyretic tools to build, can effectively prevent the communication between the attacker and node; another is DDoS attack identification module, which is based on artificial neural network. This module contents an extraction module, a classification module and a decision module of three parts. This module can extract flow characteristics, and analyse the flows are abnormal or not. We built wmSDN simulation platform by CORE and NS3 simulation software. We verify that the anti-DDoS attack module can identify abnormal flows and also prevent the communication between the attacker and node which can maintain network security.We use Python language to develop this module, so that can easy to expend in POX.