Research On The Key Technologies Of Mimic SDN Controller Architecture Security

Recently,with the widespread application of Software Defined Network,the characteristics of data forwarding and control separation have been increasingly favored by the industry,which can realize flexible control of network traffic and programmability of the network.However,due to its centralized control features,the network architecture is suffering from many security threats,especially the core component of the control layer—controllers.Due to problems such as single-point failure,researchers are paying more attention to how to develop multi-NOS architecture.The first is the study of distributed architecture,such as ONOS,OpenDaylight,etc.,the second is the Byzantine fault-tolerant mechanism,such as Byzantine fault-tolerant control architecture,but in these two architectures,the homogeneous controllers are interactive and may cause attack infection.Therefore,some researchers have proposed a mimetic network operating system to introduce the mimicry of dynamic heterogeneous redundancy into the SDN control layer,which increases the attack difficulty of external attackers and improves the security performance of the network architecture.However,in the specific implementation,there are problems such as inconsistent flow table and insufficient structure adaptive ability.In order to maximize the utility of the mimetic network operating system,this paper will study the three aspects of flow consistency,dynamic scheduling and performance evaluation based on the existing mimic network operating system.It is expected to solve the problems of the architecture and improve the architecture so as to improve the security performance of the SDN control layer.The main work and research results of this paper are as follows:1.In view of the inconsistency of the flow table in the mimic NOS architecture,a fine-grained flow consistent ruling method is proposed.Firstly,the key fields in the flow table are split,and different matching methods are adopted for different fields,then the matching results are scored and summed,thereby obtaining the credibility of each flow table,and finally the reliability is correctly obtained.If the flow tables are all untrustworthy,they will not be sent.In addition,the self-cleaning mechanism is also proposed based on the feedback information.If the number of flow table errors sent by the controller reaches a certain threshold,the abnormal controller will be replaced.The simulation results and analysis show that the proposed method has certain effectiveness in defensive flow rule tampering attacks,and can effectively improve the security performance of the architecture.2.Aiming at the problem of lack of adaptive ability of the mimic NOS architecture,a dynamic negative feedback scheduling method based on attack information is proposed.The method first distinguishes the controllers according to categories,then counts the number of times that the controllers are detected,and uses mathematical methods to perform hypothesis testing on the statistical data,finally we can obtain the tendency of the attacker's attack target and it will be used as the basis for scheduling.Simulation experiments and analysis show that the proposed method can effectively defend against attackers' attack attacks to a certain extent in order to guarantee the security of the network architecture effectively.3.Aiming at the lack of evaluation of the security performance of the mimic NOS architecture in the current research,a safety performance evaluation method for the mimic control plane is proposed.Firstly,abstract the network attack and defense problem as a game problem between the offensive and defensive sides competing for controller control by establishing a game model.At the same time,the state information of the controller is used to characterize the state and behavior of the attack and defense sides and the strategies adopted,then define the income function of both offense and defense,finally,use the game theory knowledge to measure the security performance of the architecture.Simulation experiments and analysis show that the proposed method can quantitatively evaluate the mimic SDN security architecture.In addition,the architecture has certain resistance in the face of attackers' attacks,which can better improve the security performance of the SDN control layer.