Research On Trust Evaluation Technology Based On SDN/NFV

The emergence of technologies such as software defined networking and network function virtualization has eliminated the problems of tight coupling,lack of flexibility,and long deployment cycles of traditional Internet hardware devices.However,the network functional unit in the form of software breaks the closed nature of traditional networks,and the defense layer provided by traditional software heterogeneity and integrated control no longer exists.Virtualization security and trust management have become major challenges restricting 5G security.Facing the new challenges of security trust assessment in the virtualized network environment,the existing security assessment methods for traditional networks are no longer used.On the one hand,the blurred network boundary caused by the virtualized network introduces new security risks and attack surfaces.The traditional concept of trust is relatively backward and does not meet the needs of new scenarios.On the other hand,the traditional concept of trust is based on entities rather than data.Many emerging mobile network scenarios are functionally data-centric,and there is a relative lack of data-centric trust assessment in virtualization scenarios.Aiming at the potential risks and bottlenecks of security trust assessment in the above virtualized network environment,the research work and innovation points of this thesis are as follows:(1)Aiming at the lack of data trust and lack of research on the physical layer in SDN/NFV scenarios,This thesis proposes an information trust evaluation model in the virtualized scenario.The model consists of two parts.The first part is an information trust evaluation scheme based on the Shannon-Weaver model.The mathematical model of the process of data transmission between VNFs is quantified.And consider various factors that affect the untrustworthiness of information,such as data factors,channel factors,calculation factors,and the interference of forwarding nodes on the characteristics of information privacy and integrity.The second part is the VNF information dissemination algorithm,which combines VNF geographic location and information trust in the selection of forwarding nodes and routes.Experiments show that under the trust evaluation model,the trust degree of forged information attack and tampered information attack decreases by 25.7%and 28.8%on average.(2)Aiming at the problem that the traditional trust concept does not take into account the characteristics of virtualized networks and gradually does not adapt to emerging network scenarios,this thesis proposes a virtualized VNF credibility assessment scheme based on fuzzy analysis,and summarizes the factors that affect the security and trustworthiness of VNFs.First,the fidelity and availability of VNFs are defined,and then,for the reliability of VNF s,an analytic hierarchy model is constructed,and the bottom-up analysis and calculation of the reliability of each layer is performed.Finally,the credibility of the VNF is quantitatively calculated.In addition,aiming at the trust problem in the deployment of service function chains,this thesis proposes a credibility-based SFC deployment strategy.Experiments show that the credibility-based SFC deployment strategy effectively improves the credibility and user acceptance rate of SFC.(3)Aiming at the challenges of new security risks and attack surfaces in SDN/NFV networks,as well as the lack of a systematic assessment scheme,this thesis proposes a risk assessment framework based on credibility.It is used to predict and reduce network risks in SDN/NFV scenarios,and to carry out safe and reliable SFC deployment.The framework consists of three modules:a VNF clustering module based on credibility features,which is used for SFC deployment of customized security levels;a active and standby SFC module based on the heterogeneous,which is used to reduce the network risk;a risk assessment module based on credibility,which is used to predict the network risk.The simulation confirms the effectiveness of the risk assessment module,and that the active and standby SFC module can effectively reduce the risk of the network.