摘要
软件定义网络是基于开放标准的灵活架构,通过控制层管理网络功能和服务,具有控转分离、集中控制的特性;移动目标防御技术致力于构建一个不断变换的环境以提高网络系统的视在不确定性,需要灵活可定制、集中可控制的网络架构加以实施,因此将移动目标防御与软件定义网络相结合已成为更具应用价值研究热点。首先,分别介绍了软件定义网络和移动目标防御的基本概念,概括了软件定义网络所面临的安全威胁,阐述了面向SDN的移动目标防御的实现模型;其次,分别从SDN数据层、控制层和应用层归纳了移动目标防御的技术方法;最后,总结了现有SDN动态防御面临的挑战,对面向SDN的移动目标防御技术发展方向进行了展望。
Software-defined network is based on flexible and open standards, which manages network functions and services by the control layer. And it has the unique advantages of control-separation and centralized control. The moving target defense technology is dedicated to build an ever-changing environment to increase the uncertainty of the network system, which requires a flexible and customizable, centralized and controllable network architecture to implement it. Therefore, the combination of moving target defense and software-defined network have become a more valuable research hotspot. Firstly, the basic concepts of software-defined network and moving target defense were introduced, the security threats of software-defined network was summarized, and the realization model of moving target defense for SDN network was described. Secondly, the technical methods for moving target defense were summarized respectively form the data layer, control layer and application layer of the SDN. Finally, summing up the challenges of existing SDN dynamic defense, and looking forward to the development direction of moving target defense technologies for the SDN.
作者
谭晶磊
张红旗
雷程
刘小虎
王硕
TAN Jinglei;ZHANG Hongqi;LEI Cheng;LIU Xiaohu;WANG Shuo(School of Cryptography Engineering,Information Engineering University,Zhengzhou 450001,China;Henan Provincial Key Laboratory of Information Security,Zhengzhou 450001,China)
出处
《网络与信息安全学报》
2018年第7期1-12,共12页
Chinese Journal of Network and Information Security
基金
国家高技术研究发展计划("863"计划)基金资助项目(No.2012AA012704
No.2015AA7116040)
郑州市科技领军人才基金资助项目(No.131PLJRC644)~~
关键词
软件定义网络
移动目标防御
动态化
多样性
随机性
software-defined network
moving target defense
dynamic
diversity
randomness