Research On Topology Security Based On SDN

Posted on:2021-05-03

Degree:Master

Type:Thesis

Country:China

Candidate:Z S Mao

Full Text:PDF

GTID:2428330611966958

Subject:Cyberspace security

Abstract/Summary:

PDF Full Text Request

Software-defined networking(SDN)is a new type of network architecture.Unlike traditional networks,SDN separates the control plane and data plane in the network.The control plane is composed of logically centralized controllers.The data plane consists of forwarding equipment.The controller with network control is one of the core advantages of SDN,but it also expands the attack surface and becomes a key attack target for attackers.Existing research shows that the global topology view in the controller can be easily tampered by an attacker.By launching the topology attack,an attacker can masquerade as a server in the network to obtain the client's traffic,or forge a fake link to create a black hole route or initiate a man-in-the-middle attack.Although researchers have proposed a large number of defense models to prevent topology attacks,these models have limited application scenarios and do not always play a role in protecting the global topology view in the controller.We conducted a security analysis of the existing defense models,analyzed the defense principles of the mainstream defense models,and proposed two new topology attacks on this basis.The attacker can skillfully bypass the attack detection of the existing defense models and disguise into a server or a fake link.In addition,a total of 9 topology attack threat models are established and the attack principles of these threat models are analyzed in depth in this paper.In order to defend against topology attacks,this article starts from the attack principle and adopts different defense strategies for each attack to ensure that the topology view in the controller can be fully and effectively protected.We propose a mathematical model based on information entropy to determine the delay of network links,define port security,and use concepts such as suspicious ports and illegal links to defend against attacks.Based on the above,we propose a method that makes full use of SDN features.Topology attack defense model-Policy Topo.We deployed Policy Topo in the virtual environment and the physical test bench respectively,and conducted offensive and defensive tests on it.The results show that Policy Topo not only effectively protects against topology attacks,but also introduces very low performance overhead.

Keywords/Search Tags:

software-defined networking, cyber security, topology view, topology attack, defense

PDF Full Text Request

Related items

1	Research On DoS Based Topology Amnesia Attack And Its Defense In Software-defined Networking
2	Research And Implementation Of SDN Topology Attack Protection Technology
3	Research On Key Technology Of Topology Management For Software Defined Networking
4	The Research On DDoS Attacks And Adaptive Defense Methods For Cyber-Physical Systems
5	Research And Implementation Of In-band Efficient Networking And Topology Discovery Mechanism For Software-defined Networks
6	Lightweight Trustworthiness Verification Scheme For Topology In SDN
7	Research On Software Defined Network Security Scheme Based On Intelligent Zero Trust Architecture
8	Research On Link Flooding Attack Defense Mechanism In Software-Defined Networking
9	Research On NDN Routing Strategy Based On SDN Centralized Topology Update
10	The Research And Implementaion Of One Kind Of Moving Target Defense Method Based On Software Defined Network