發(fā)布時間：2018-07-03 09:31

  本文選題：軟件定義網絡 + 防火墻技術　； 參考：《浙江工商大學》2017年碩士論文

【摘要】：網絡安全問題是當前網絡面臨的一項亟待解決的問題,解決網絡安全問題最有效的手段之一是使用防火墻。而傳統防火墻網絡架構存在的主要問題之一是防火墻安全策略是由網絡管理員逐一進行配置。隨著網絡科技迅速發(fā)展,網絡應用服務復雜化,使得安全策略的數量和復雜性不斷增加,因此配置安全策略給網絡管理員帶來龐大的負擔。而軟件定義網絡(Software Defined Networking,SDN)的出現可以很好的解決上述問題。SDN是一種新型網絡架構,實現了對全局網絡集中可編程化控制。在SDN網絡架構下,網絡管理員通過SDN控制器,以一種集中管理的方式實現對安全策略批量處理,并且能夠根據底層網絡設備的狀態(tài)信息動態(tài)地設置網絡中防火墻的數量和位置。此外網絡管理員可以通過OpenFlow交換機提供的開發(fā)可編程接口,對網絡中異常流量或攻擊行為進行動態(tài)處理。為了更加有效和準確的對異常流量和攻擊行為進行動態(tài)處理,因此需要對網絡用戶行為進行分析。而近幾年,在大數據環(huán)境下的網絡用戶行為的分析被越來越多的學者和組織機構研究,通過分析網絡用戶的行為數據可以發(fā)現網絡用戶的行為特征,阻止?jié)撛诘耐{,為增強安全策略提供依據。本文借助SDN網絡架構和數據挖掘技術,設計了一個SDN防火墻系統。用SDN交換機實現了部分防火墻功能,并使用統計分析和聚類分析兩種數據挖掘方法對網絡用戶行為數據進行分析。分別獲取網絡用戶的個體行為特征和整個網絡的集體行為特征,將獲取到的行為特征信息應用到安全策略上。并且通過設計防火墻算法實現安全策略的自動動態(tài)部署。最后通過動態(tài)設置用戶端口帶寬和基于身份類型的策略部署兩個實例對系統進行了驗證。其中,前者驗證了系統自動動態(tài)部署安全策略以及對異常流量能夠動態(tài)處理的能力。后者驗證了將網絡用戶行為分析結果應用到安全策略上的可行性。
[Abstract]:The problem of network security is an urgent problem that the network faces. One of the most effective methods to solve the problem of network security is to use firewall. One of the main problems in the traditional firewall network architecture is that the firewall security policy is configured by the network administrator one by one. With the rapid development of network technology and the complexity of network application services, the number and complexity of security policies are increasing, so configuring security policies brings a huge burden to network administrators. The emergence of Software defined Network (SDN) can solve the above problems well. SDN is a new type of network architecture, which realizes the centralized programmable control of global network. In the SDN network architecture, the network administrator processes the security policies in batches through SDN controllers in a centralized manner, and can dynamically set the number and location of firewalls in the network according to the state information of the underlying network devices. In addition, the network administrator can dynamically handle the abnormal traffic or attack behavior in the network by developing a programmable interface provided by the OpenFlow switch. In order to deal with the abnormal traffic and attack behavior more effectively and accurately, it is necessary to analyze the behavior of network users. In recent years, more and more scholars and organizations have studied the behavior of network users under the big data environment. By analyzing the behavior data of network users, we can find the behavior characteristics of network users and prevent the potential threats. To provide the basis for enhancing the security policy. This paper designs an SDN firewall system with the help of SDN network architecture and data mining technology. A part of firewall is implemented with SDN switch, and two kinds of data mining methods, statistical analysis and clustering analysis, are used to analyze the behavior data of network users. The individual behavior characteristics of the network users and the collective behavior characteristics of the whole network are obtained, and the obtained behavior characteristics information is applied to the security policy. And design firewall algorithm to realize the automatic dynamic deployment of security policy. Finally, the system is verified by dynamic setting of user port bandwidth and policy deployment based on identity type. The former verifies the ability of automatic dynamic deployment security policy and the ability to deal with abnormal traffic dynamically. The latter verifies the feasibility of applying the network user behavior analysis results to the security policy.
【學位授予單位】：浙江工商大學
【學位級別】：碩士
【學位授予年份】：2017
【分類號】：TP393.08

【參考文獻】

相關期刊論文 前2條

1 Zheng Ruijuan;Chen Jing;Zhang Mingchuan;Zhu Junlong;Wu Qingtao;;User abnormal behavior analysis based on neural network clustering[J];The Journal of China Universities of Posts and Telecommunications;2016年03期

2 邱遠興;;淺談下一代防火墻的發(fā)展趨勢[J];網絡與信息;2012年04期

，

本文編號：2093192