软件定义网络引入了数据平面与控制平面的分离,同时也带来了比传统网络更多的攻击方式.针对软件定义网络从检测出异常到攻击防御结束过程中新流表项下发的安全性进行了研究,为交换机引入安全等级划分机制,根据交换机所处的状态,将交换机划分为三个安全等级,并将攻击检测与路由选择相结合.实验结果表明交换机等级划分的安全路由策略能够使软件定义网络面对攻击表现出动态可伸缩的能力,从而减小攻击对网络所造成的危害.%Software defined network introduces the separation between data plane and control plane,however it encounters more attacks than the traditional network.This paper introduced security hierarchies mechanism for software defined network switch based on the research on the security of new flow table entity delivery during the process from the detection of abnormal status to the completion of defense.According to the status of switches,it used three security levels to classify the switches,and combined the attack detection and routing selection.Experimental results show that the security routing strategy based on switch security levels enables software defined network to show dynamic scalable capacity when it is faced with attack,which reduces the harm caused by the attacks on the network.
展开▼