基于端口跳变的SD N网络防御技术

摘要

端口跳变是移动目标防御典型技术，通过持续改变服务端口来隐藏服务标志和迷惑攻击者。利用SDN逻辑集中控制与网络可编程特性，提出基于端口跳变的SDN网络防御技术。使用SDN控制器承担服务端的端口跳变功能，不但可以减轻服务端负载，而且能提前检测过滤恶意数据包，并能抵御内部攻击者。理论分析与实验结果表明，所提技术对SDN控制器负载增加较少，可有效抵御DoS攻击。%Port hopping was a typical technology of moving target defense,which constantly changed service port number to hide service identifications and confused potential attackers.Using SDN logically centralized control and network programma-ble features,this paper proposed a port hopping based SDN network defense technology,which utilized SDN controller to im-plement port hopping function.This proposed technology not only could reduce protected server’s load caused by port hopping,but also could detect and early filter malicious packets.At the same time,it could defend against internal attackers. Theoretical analysis and experimental results show that this proposed technology can effectively resist DoS attack without adding much load on SDN controller in SDN.