软件定义网络(Software Defined Network,SDN)的控制与转发分离、统一配置管理的特性使其网络部署的灵活性、网络管理的动态性以及网络传输的高效性均有大幅提升,但是其安全性方面的问题却比较突出.综述了基于OpenFlow的SDN在安全方面的研究现状,首先根据SDN的三层架构分析了其脆弱性,介绍SDN不同平面面临的安全威胁,并根据网络攻击的流程来介绍当前主要的攻击手段,包括目标网络探测、伪造欺骗实现网络接入以及拒绝服务攻击和信息窃取;其次,针对不同攻击环节,分别从探测阻断、系统加固、攻击防护3个方面对当前主要的防御手段进行论述;最后,从SDN潜在的攻击手段和可能的防御方法两方面来探讨未来SDN安全的研究趋势.%Software defined network (SDN) grants the network an omnipotent power to increase the flexibility of network deployment,the dynamic of network management and the efficiency of network transrnission by centralizing the control plane and separating it with data plane.However,the security of SDN is still outstanding.In this paper,we aimed at analyzing and categorizing a number of relevant research works toward OpenFlow-enabled SDN security.We first provided an overview on threats of SDN with its three layers architecture,and further demonstrated their vulnerabilities within each layer.Thereafter,we presented existing SDN-related attacking approaches according to the procedures of network attacking,such as network probing,defraud inserting and remote controlling.And then we dedicated the next part of this paper to study and compared the current defense approaches underlying probe blocking,system strength,and attack defensing.Furthermore,we reviewed several potential attack and defensed methods as some foreseeable future research challenges.
展开▼