电光与控制, 2016, 23 (3): 49, 网络出版: 2016-04-05  

面向SDN的源地址验证方法研究

Source Address Validation Methods Based on SDN
作者单位
中国电子科技集团公司电子科学研究院,北京 100041
摘要
当前互联网上出现越来越多的基于源地址欺骗的网络攻击,这类攻击很难被追查,对网络安全造成巨大威胁。在传统网络条件的限制下,实现源地址验证会遇到很多困难。得益于软件定义网络(SDN)带来的网络革新,网络控制变得更加便捷。面向SDN架构,利用可编程控制器对源地址验证方法进行重新设计和实现,提出两种面向SDN的源地址验证方法:一种是将无状态的IP地址与底层不可变标记如MAC地址、端口号绑定起来,在交换机中形成(MAC地址,端口号,源IP地址)三元组流表的过滤规则;另一种是利用最短路径算法计算路由路径,向路径上交换机下发(源IP地址,目的IP地址,入端口,出端口)四元组流表作为过滤准则。最后进行仿真实验,比较两种方案的实验结果。
Abstract
Nowadays, more and more attacks based on source address spoofing appear on the internet, which is difficult to trace and is a big threat to network security.Under the condition of the existing network environment, it is very difficult to implement source address validation.A significant network innovation brought by Software-Defined Networking (SDN) has made the network control more convenient.This article utilizes programmable controller to redesign and implement source address validation method, and puts forward two kinds of source address validation methods based on SDN.One is binding the stateless IP address and underlying immutable tags like MAC address/Port, forming a triple flow table filtering rules (MAC, Port and IP) in the interchanger;the other is to compute routing path with the shortest path algorithm, sending flow tables like source_IP, destination_IP, in_port and out_port as filtering rules.Simulation experiment was made to compare the effect of the two schemes.

孙鹏. 面向SDN的源地址验证方法研究[J]. 电光与控制, 2016, 23(3): 49. SUN Peng. Source Address Validation Methods Based on SDN[J]. Electronics Optics & Control, 2016, 23(3): 49.

关于本站 Cookie 的使用提示

中国光学期刊网使用基于 cookie 的技术来更好地为您提供各项服务,点击此处了解我们的隐私策略。 如您需继续使用本网站,请您授权我们使用本地 cookie 来保存部分信息。
全站搜索
您最值得信赖的光电行业旗舰网络服务平台!