本文關(guān)鍵詞： 軟件定義網(wǎng)絡(luò) 攻擊檢測(cè) 安全等級(jí)劃分 網(wǎng)絡(luò)感知 業(yè)務(wù)劃分　出處：《鄭州大學(xué)》2017年碩士論文　論文類型：學(xué)位論文

【摘要】：軟件定義網(wǎng)絡(luò)(Software Defined Network,SDN)是一種新型的網(wǎng)絡(luò)架構(gòu),它的核心思想是將控制平面與數(shù)據(jù)轉(zhuǎn)發(fā)平面相分離,將交換機(jī)變成了簡(jiǎn)單的轉(zhuǎn)發(fā)設(shè)備,控制器具有了全局性的控制能力,從而實(shí)現(xiàn)了網(wǎng)絡(luò)的集中式控制和可編程性。目前,控制平面與轉(zhuǎn)發(fā)平面之間主流的協(xié)議是Openflow,它的修訂與發(fā)布由開放式網(wǎng)絡(luò)基金會(huì)(Open Network Foundation,ONF)主導(dǎo)。軟件定義網(wǎng)絡(luò)引入了數(shù)據(jù)平面與控制平面的分離,同時(shí)也帶來了與傳統(tǒng)網(wǎng)絡(luò)不同的攻擊方式。針對(duì)軟件定義網(wǎng)絡(luò)中新流路徑安裝的安全性進(jìn)行了研究,為交換機(jī)引入安全等級(jí)劃分機(jī)制,根據(jù)交換機(jī)所處的狀態(tài),將交換機(jī)劃分成三個(gè)安全等級(jí),并將攻擊檢測(cè)與路由選擇相結(jié)合。該機(jī)制首先通過K最短路徑計(jì)算出前K條路徑,然后把路徑中交換機(jī)安全等級(jí)的最低值作為該路徑的安全等級(jí)值,最后挑選出安全等級(jí)值最高的路徑作為最終路徑,當(dāng)安全等級(jí)值最高的路徑存在多條時(shí),將會(huì)選擇可用帶寬最大的一條作為最終路徑。該機(jī)制使軟件定義網(wǎng)絡(luò)面對(duì)攻擊表現(xiàn)出動(dòng)態(tài)可伸縮的能力,進(jìn)而減小攻擊對(duì)網(wǎng)絡(luò)所造成的危害。當(dāng)前軟件定義網(wǎng)絡(luò)中依然存在著負(fù)載不均衡和不能滿足網(wǎng)絡(luò)流量QoS要求的問題,結(jié)合SDN控制器掌握全局網(wǎng)絡(luò)視圖的優(yōu)點(diǎn)、網(wǎng)絡(luò)感知功能和網(wǎng)絡(luò)流量的業(yè)務(wù)劃分,提出一種基于業(yè)務(wù)劃分的路由選擇機(jī)制。該機(jī)制首先計(jì)算出前K條最短路徑,然后根據(jù)流量的業(yè)務(wù)屬性,對(duì)K條路徑進(jìn)行權(quán)值計(jì)算,權(quán)值最大的路徑將作為最佳路徑。該機(jī)制能夠?yàn)椴煌瑯I(yè)務(wù)類型的數(shù)據(jù)流選擇一條最能滿足其QoS要求的路徑,并使整個(gè)網(wǎng)絡(luò)達(dá)到負(fù)載均衡,進(jìn)而提高底層網(wǎng)絡(luò)資源的利用率。
[Abstract]:Software defined Network Defined Network (SDN) is a new network architecture. Its core idea is to separate the control plane from the data forwarding plane, to turn the switch into a simple forwarding device, and the controller has the overall control ability. Thus realizing the centralized control and programmability of the network. The main protocol between the control plane and the forwarding plane is Openflow, whose revision and release is dominated by the Open Network Foundation of ONF.Software defines the network by introducing the separation of the data plane and the control plane. At the same time, it also brings different attacks from the traditional network. The security of the new stream path installation in the software defined network is studied, and the security hierarchy mechanism is introduced for the switch, according to the state of the switch, The switch is divided into three security levels, and the attack detection is combined with routing selection. Then the lowest value of the switch security level in the path is taken as the security level value of the path. Finally, the path with the highest security level is selected as the final path. When there are multiple paths with the highest security level, The maximum available bandwidth will be chosen as the final path. This mechanism enables the software to define the network to show dynamic scalability in the face of attacks. In order to reduce the harm caused by the attack to the network, there are still some problems in the current software definition network, such as the imbalance of the load and the failure to meet the QoS requirements of network traffic. Combined with the advantages of the SDN controller to master the global network view, In this paper, a route selection mechanism based on traffic partition is proposed, which firstly calculates the first K shortest path, and then calculates the weight of K path according to the traffic attribute. The path with the largest weight value will be the best path. This mechanism can select one path that can best meet the QoS requirements for different traffic types of data flow, and make the whole network achieve load balance, and then improve the utilization of the underlying network resources.
【學(xué)位授予單位】：鄭州大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類號(hào)】：TP393.02

【相似文獻(xiàn)】

相關(guān)期刊論文 前10條

1 安暉;;從“世界定義軟件”穩(wěn)穩(wěn)做起[J];軟件和信息服務(wù);2013年11期

2 郭嘉凱;;軟件定義存儲(chǔ):將用戶從硬件綁定中解放[J];軟件和信息服務(wù);2014年05期

3 章必雄;基于軟件定義的多模式無線網(wǎng)絡(luò)[J];武漢理工大學(xué)學(xué)報(bào)(信息與管理工程版);2005年02期

4 Ron Harrison;;通訊測(cè)量無國(guó)界 軟件定義測(cè)試平臺(tái)后勢(shì)看漲[J];電子測(cè)試;2006年11期

5 袁航;;軟件定義負(fù)載均衡[J];軟件和信息服務(wù);2014年02期

6 王偉;;趨勢(shì)之七 金融業(yè)“軟件定義”濫觴期[J];金融電子化;2014年03期

7 王叢;;軟件定義存儲(chǔ)市場(chǎng)趨勢(shì)[J];電腦與電信;2014年06期

8 王叢;;軟件定義存儲(chǔ)價(jià)值[J];電腦與電信;2014年06期

9 王叢;;如何評(píng)估軟件定義存儲(chǔ)[J];電腦與電信;2014年06期

10 翁繼東;;軟件定義網(wǎng)絡(luò)關(guān)鍵技術(shù)及其實(shí)現(xiàn)研究[J];電子技術(shù)與軟件工程;2014年04期

相關(guān)會(huì)議論文 前9條

1 孫家偉;趙霆;徐冰;陳龍明;;模糊評(píng)價(jià)安全等級(jí)特征量的探討[A];中國(guó)金屬學(xué)會(huì)2004’冶金安全年會(huì)論文集[C];2004年

2 許秀紅;閆敏慧;潘華盛;于震宇;王承偉;王建一;矯玲玲;;黑龍江道路交通事故氣象分析及安全等級(jí)標(biāo)準(zhǔn)[A];第26屆中國(guó)氣象學(xué)會(huì)年會(huì)氣象災(zāi)害與社會(huì)和諧分會(huì)場(chǎng)論文集[C];2009年

3 溫華;王丹;;一種網(wǎng)絡(luò)安全等級(jí)的計(jì)算模型設(shè)計(jì)[A];四川省通信學(xué)會(huì)2003年學(xué)術(shù)年會(huì)論文集[C];2003年

4 錢偉中;傅，

本文編號(hào)：1515685