江苏大学学报(自然科学版)2016,Vol.37Issue(2):201-208,8.DOI:10.3969/j.issn.1671-7775.2016.02.013
一种基于SDN的流接入安全系统的设计与实现
Design and implementation of a flow access security system based on SDN
摘要
Abstract
To create a network security environment to prevent attacks and monitor flows,based on the software defined networking (SDN)with network data plane and control plane,the OpenFlow protocol flow-controller was used to integrate two network security technologies of access control and network audit.A SDN based flow access security system (SDN-FASS)was proposed.The architecture of SDN-FASS was designed to discuss the working process of access control and audit function,and the security policy of access control and the flow log extraction and analysis were studied.To test the access control and network security audit characteristics of SDN-FASS,a prototype system was built to conduct the test of multi-dimensional control and flow-log trace back analysis.The results show that the system has flexible definition of network access control security policy,high online efficient access to stream record and fast searching for mass flow-log.The proposed system can prevent network attacks and monitor illegal operation of network.关键词
软件定义网络/接入控制/安全审计/OpenFlow/HadoopKey words
software defined networking/access control/security audit/OpenFlow/Hadoop分类
信息技术与安全科学引用本文复制引用
吴泉峰,陈鸣,邢长友,张国敏,许博,文艾..一种基于SDN的流接入安全系统的设计与实现[J].江苏大学学报(自然科学版),2016,37(2):201-208,8.基金项目
国家“973”计划项目(2012CB315806);国家自然科学基金资助项目(61379149);江苏省科技计划项目 ()
