Research On Network Security Intent Deployment Based On Knowledge Graph

Software Defined Network(SDN)adopts centralized network management and control method and mainly relies on manual configuration and management of network policies,leading to the network configuration being error-prone and lacking intelligence.In addition,when multiple users collaborate to manage networks,conflicts between policies are likely to occur and it is difficult to troubleshoot the conflicts between policies before they run.The future of communication is oriented to the Internet of Everything,new services keep emerging,and network information and data are growing explosively.Therefore,a more intelligent network configuration method is urgently needed to make up for the deficiency of SDN in network configuration and management.Intent-Driven Network(IDN)is an emerging network paradigm,which continues the " data surface and control surface separation" of SDN and shields the low-level details of network.Users only need to use "Intent" to show the desired state of the network.IDN automatically orchestrates the input intents and translates them into network device executable policies.Therefore,based on the artificial intelligence technology,this paper studies the network security intent configuration problem and how to use the intent-driven network to complete the automated configuration and deployment of user network management intent at the early stage of network construction and network security policy deployment.The specific research is as follows:Firstly,supported by the architecture of SDN,a network security intent deployment architecture based on knowledge graph is constructed,including user side,knowledge-intent side,control side,and data side.The deployment process of network security intents mainly includes intent input,intent verification and intent-policy mapping.The intent input is completed on the user side,and the rest are completed on the knowledge-intent side.Second,we establish an intent quadruplet model for normalizing the input of user intents and providing structured intent information for the intent deployment process,which combines the configuration requirements,it solves the problem of how to select the intent language selection to manage the network.Then,we study the verification and conflict resolution of multiple input intents when multiuser cooperative management networks.The intent verification and conflict resolution process is responsible for converting the set of intent containing potential conflicts into the set of intent without conflicts.In this process,the advantages of knowledge graph technology,such as strong structure,scalability and fast query speed,are utilized to provide knowledge driving force for IDN.Specifically,we constructed the network information knowledge graph and intent knowledge graph to provide structured storage network topology information and save and update intent information for the intent verification process.After the process of intent verification and conflict decomposition is completed,the intent-policy mapping module will convert the conflict-free intent set into Pyretic language and deliver it to the control layer.Finally,based on the intent deployment scheme proposed in this paper,we use Python and Django framework to design and implement a knowledge graph-based network security intent deployment system,which provides users with a graphical intent input front-end,and automatically completes user input through the intent verification and intent-policy mapping process realizes the deploymention of the intent,and completes the precise transformation from the input of the intent to the machine-executable policy.By testing the stability and effectiveness of the system,the feasibility of the research scheme in this paper is verified.