A security situation awareness method for software defined network
Zheng Zhongbin1,Li Cong2,Wang Chaodong1
(1.Industrial Internet Innovation Center (Shanghai) Co.,Ltd.,Shanghai 201303,China;2.Tongji University,Shanghai 200092,China)
Abstract: With the rapid development of Internet infrastructure and the constant emergence of new applications,denialofservice attack as a typical example of network layer attack is always the object that security personnel focus on preventing.Emerging as it is,SDN network also risks of getting denialofservice attack in its control layer and infrastructure layer.Among the current security technologies,the unique advantages of Network Security Situational Awareness technology have rendered NSSA competitive in applying both to traditional network model and SDN.Hence this paper studies the application of algorithms in the network security situational awareness,and implements a JDLmultisensordatafusionbased network security situational awareness model,applied to SDN network perception and evaluation of Denial of Service attacks.The experimental results show that the false alarm rate (negative positive) and nonresponse rate (positive negative) of fusion decision have both remarkably decreased compared with the IDS method,and the situational value of the output is of certain accuracy,which is in line with the intuitive evaluation results of system administrator.
Key words : network security;situational awareness;software defined network;data fusion;denial of service attacks
0 引言
隨著互聯(lián)網(wǎng)基礎(chǔ)設(shè)施的飛速發(fā)展和新應(yīng)用的不斷涌現(xiàn),網(wǎng)絡(luò)在規(guī)模和拓?fù)渖隙既遮厰U(kuò)大化、復(fù)雜化,各種層出不窮、更新?lián)Q代的網(wǎng)絡(luò)攻擊給安全管理者帶來了巨大的挑戰(zhàn)。在諸多網(wǎng)絡(luò)攻擊手段中,拒絕服務(wù)攻擊作為歷史最為久遠(yuǎn)、造成資產(chǎn)損失最為嚴(yán)重的攻擊手段之一,始終是政企以及軍方網(wǎng)絡(luò)安全管理人員重點防范的對象。自1999年第一次分布式拒絕服務(wù)攻擊(Distributed Denial of Service,DDoS)出現(xiàn)以來,DDoS攻擊經(jīng)歷了探索期、組織攻擊期、國家網(wǎng)絡(luò)戰(zhàn)期幾個階段,直至今天已成為高度普及化、成熟化、組織化的攻擊方式。從2008年至今,智能聯(lián)網(wǎng)終端設(shè)備的全面普及產(chǎn)生的大量的僵尸網(wǎng)絡(luò)更是為不法分子開展DDoS攻擊提供了便利。2018年3月出現(xiàn)的MemcacheUDP以TB級的帶寬攻擊了Github,引發(fā)了網(wǎng)絡(luò)安全從業(yè)者的警惕,意味著目前的DDoS攻擊制造出TB乃至PB級的攻擊已不是難事。鑒于目前的服務(wù)器的帶寬壓力承載量大多不足以應(yīng)對此種級別的攻擊,一次精心預(yù)謀的DDoS攻擊將不僅會造成網(wǎng)絡(luò)資產(chǎn)損失,也會造成企業(yè)乃至國家政府機構(gòu)的職能癱瘓,產(chǎn)生的后果難以估量。
