为了解决软件定义网络(software defined networking,SDN)架构面临的安全挑战,针对SDN网络架构中的安全审计环节,将传统网络中的安全审计解决方案与SDN网络集中控制的特性相结合,依托Floodlight控制器设计并实现适用于SDN网络环境的安全审计系统,包括安全审计事件的收集、分析、存储、响应等功能.提出一种针对分布式拒绝服务(distributed denial of service,DDoS)攻击的攻击回溯算法对安全审计事件进行追溯,确定出DDoS攻击发起者及僵尸主机集合.同时,采用滑动窗口分割算法从安全审计事件中提取出用户行为序列模式,基于Levenshtein算法计算用户行为序列模式之间的相似度,并根据用户当前行为和历史行为的相似度来判断是否出现可疑的攻击行为.经实验验证,该系统能准确地回溯出DDoS攻击发生时被控的僵尸主机集合及攻击者,并且可以有效地检测出用户攻击行为.%To address security challenges in software defined networking (SDN) architecture,centered on the security audit aspect of the SDN architecture,the traditional network security audit solutions and the SDN architecture's centralized control features were combined.A security audit system was designed and implemented based on the Floodlight controller and was operated in the SDN environment,in which the collection,analysis,storage of audit events and other functions were included.A backtrackingalgorithm against DDoS scenario was designed to detect the attackers and dummy hosts via reviewing and analyzing security audit events retrospectively.Besides,a sliding window segmentation algorithm wasproposed which extracted user's behavior patterns after implementing sequence analysis against securityaudit events.Based on the Levenshtein algorithm to the similarity of sequence patterns were calculated,then according to the similarity of the current user's behaviors and historical behaviors,suspected attackbehaviors were detected.
展开▼
