• 文献检索
  • 文档翻译
  • 深度研究
  • 学术资讯
  • Suppr Zotero 插件Zotero 插件
  • 邀请有礼
  • 套餐&价格
  • 历史记录
应用&插件
Suppr Zotero 插件Zotero 插件浏览器插件Mac 客户端Windows 客户端微信小程序
定价
高级版会员购买积分包购买API积分包
服务
文献检索文档翻译深度研究API 文档MCP 服务
关于我们
关于 Suppr公司介绍联系我们用户协议隐私条款
关注我们

Suppr 超能文献

核心技术专利:CN118964589B侵权必究
粤ICP备2023148730 号-1Suppr @ 2026

文献检索

告别复杂PubMed语法,用中文像聊天一样搜索,搜遍4000万医学文献。AI智能推荐,让科研检索更轻松。

立即免费搜索

文件翻译

保留排版,准确专业,支持PDF/Word/PPT等文件格式,支持 12+语言互译。

免费翻译文档

深度研究

AI帮你快速写综述,25分钟生成高质量综述,智能提取关键信息,辅助科研写作。

立即免费体验

软件定义网络中虚拟化安全服务的动态构建方案

Dynamic Construction Scheme for Virtualization Security Service in Software-Defined Networks.

作者信息

Lin Zhaowen, Tao Dan, Wang Zhenji

机构信息

Network and Information Center, Institute of Network Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China.

Science and Technology on Information Transmission and Dissemination in Communication Networks Laboratory, Beijing University of Posts and Telecommunications, Beijing 100876, China.

出版信息

Sensors (Basel). 2017 Apr 21;17(4):920. doi: 10.3390/s17040920.

DOI:10.3390/s17040920
PMID:28430155
原文链接:https://pmc.ncbi.nlm.nih.gov/articles/PMC5426916/
Abstract

For a Software Defined Network (SDN), security is an important factor affecting its large-scale deployment. The existing security solutions for SDN mainly focus on the controller itself, which has to handle all the security protection tasks by using the programmability of the network. This will undoubtedly involve a heavy burden for the controller. More devastatingly, once the controller itself is attacked, the entire network will be paralyzed. Motivated by this, this paper proposes a novel security protection architecture for SDN. We design a security service orchestration center in the control plane of SDN, and this center physically decouples from the SDN controller and constructs SDN security services. We adopt virtualization technology to construct a security meta-function library, and propose a dynamic security service composition construction algorithm based on web service composition technology. The rule-combining method is used to combine security meta-functions to construct security services which meet the requirements of users. Moreover, the RETE algorithm is introduced to improve the efficiency of the rule-combining method. We evaluate our solutions in a realistic scenario based on OpenStack. Substantial experimental results demonstrate the effectiveness of our solutions that contribute to achieve the effective security protection with a small burden of the SDN controller.

摘要

对于软件定义网络(SDN)而言,安全性是影响其大规模部署的一个重要因素。现有的SDN安全解决方案主要集中在控制器本身,该控制器必须利用网络的可编程性来处理所有的安全保护任务。这无疑会给控制器带来沉重负担。更具破坏性的是,一旦控制器本身受到攻击,整个网络将陷入瘫痪。受此启发,本文提出了一种新颖的SDN安全保护架构。我们在SDN的控制平面中设计了一个安全服务编排中心,该中心与SDN控制器进行物理解耦并构建SDN安全服务。我们采用虚拟化技术构建一个安全元功能库,并基于Web服务组合技术提出一种动态安全服务组合构建算法。使用规则组合方法来组合安全元功能,以构建满足用户需求的安全服务。此外,引入RETE算法来提高规则组合方法的效率。我们在基于OpenStack的实际场景中评估我们的解决方案。大量实验结果证明了我们的解决方案的有效性,这些解决方案有助于在SDN控制器负担较小的情况下实现有效的安全保护。

https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1d38/5426916/667fe67dcd49/sensors-17-00920-g013.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1d38/5426916/765bfb4a91f8/sensors-17-00920-g001.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1d38/5426916/f044821d1eb7/sensors-17-00920-g002.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1d38/5426916/26e5ca2bbb7d/sensors-17-00920-g003.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1d38/5426916/8d1d6ef863d5/sensors-17-00920-g004.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1d38/5426916/0eca9bfe6964/sensors-17-00920-g005.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1d38/5426916/6a23ba48b647/sensors-17-00920-g006.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1d38/5426916/f58fb5c53260/sensors-17-00920-g007.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1d38/5426916/ef7e8a0a76da/sensors-17-00920-g008.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1d38/5426916/086300ea699c/sensors-17-00920-g009.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1d38/5426916/61e63ca8b509/sensors-17-00920-g010a.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1d38/5426916/45cf58d98107/sensors-17-00920-g011.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1d38/5426916/4799849db161/sensors-17-00920-g012.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1d38/5426916/667fe67dcd49/sensors-17-00920-g013.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1d38/5426916/765bfb4a91f8/sensors-17-00920-g001.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1d38/5426916/f044821d1eb7/sensors-17-00920-g002.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1d38/5426916/26e5ca2bbb7d/sensors-17-00920-g003.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1d38/5426916/8d1d6ef863d5/sensors-17-00920-g004.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1d38/5426916/0eca9bfe6964/sensors-17-00920-g005.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1d38/5426916/6a23ba48b647/sensors-17-00920-g006.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1d38/5426916/f58fb5c53260/sensors-17-00920-g007.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1d38/5426916/ef7e8a0a76da/sensors-17-00920-g008.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1d38/5426916/086300ea699c/sensors-17-00920-g009.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1d38/5426916/61e63ca8b509/sensors-17-00920-g010a.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1d38/5426916/45cf58d98107/sensors-17-00920-g011.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1d38/5426916/4799849db161/sensors-17-00920-g012.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1d38/5426916/667fe67dcd49/sensors-17-00920-g013.jpg

相似文献

1
Dynamic Construction Scheme for Virtualization Security Service in Software-Defined Networks.软件定义网络中虚拟化安全服务的动态构建方案
Sensors (Basel). 2017 Apr 21;17(4):920. doi: 10.3390/s17040920.
2
Software-Defined Networking: Categories, Analysis, and Future Directions.软件定义网络:类别、分析及未来发展方向
Sensors (Basel). 2022 Jul 25;22(15):5551. doi: 10.3390/s22155551.
3
Explainable Security in SDN-Based IoT Networks.基于 SDN 的物联网网络中的可解释安全。
Sensors (Basel). 2020 Dec 20;20(24):7326. doi: 10.3390/s20247326.
4
SDN Controller Placement in IoT Networks: An Optimized Submodularity-Based Approach.物联网网络中的 SDN 控制器放置:一种基于优化子模性的方法。
Sensors (Basel). 2019 Dec 12;19(24):5474. doi: 10.3390/s19245474.
5
Semantic-Aware Security Orchestration in SDN/NFV-Enabled IoT Systems.SDN/NFV 启用的物联网系统中的语义感知安全编排。
Sensors (Basel). 2020 Jun 27;20(13):3622. doi: 10.3390/s20133622.
6
Adaptive Suspicious Prevention for Defending DoS Attacks in SDN-Based Convergent Networks.基于软件定义网络的融合网络中用于防御拒绝服务攻击的自适应可疑预防
PLoS One. 2016 Aug 5;11(8):e0160375. doi: 10.1371/journal.pone.0160375. eCollection 2016.
7
Termite inspired algorithm for traffic engineering in hybrid software defined networks.混合软件定义网络中用于流量工程的白蚁启发式算法
PeerJ Comput Sci. 2020 Aug 17;6:e283. doi: 10.7717/peerj-cs.283. eCollection 2020.
8
An intelligent zero trust secure framework for software defined networking.一种用于软件定义网络的智能零信任安全框架。
PeerJ Comput Sci. 2023 Nov 17;9:e1674. doi: 10.7717/peerj-cs.1674. eCollection 2023.
9
Dynamic Service Function Chaining Orchestration in a Multi-Domain: A Heuristic Approach Based on SRv6.多域中的动态服务功能链编排:一种基于SRv6的启发式方法。
Sensors (Basel). 2021 Sep 30;21(19):6563. doi: 10.3390/s21196563.
10
SCM: A method to improve network service layout efficiency with network evolution.SCM:一种随着网络演进提高网络服务布局效率的方法。
PLoS One. 2017 Dec 21;12(12):e0189336. doi: 10.1371/journal.pone.0189336. eCollection 2017.

引用本文的文献

1
A New Bit Repair Fast Reroute Mechanism for Smart Sensors IoT Network Infrastructure.一种用于智能传感器物联网网络基础设施的新型位修复快速重路由机制。
Sensors (Basel). 2020 Sep 14;20(18):5230. doi: 10.3390/s20185230.
2
Enhanced Multicast Repair Fast Reroute Mechanism for Smart Sensors IoT and Network Infrastructure.用于智能传感器物联网和网络基础设施的增强型组播修复快速重路由机制
Sensors (Basel). 2020 Jun 17;20(12):3428. doi: 10.3390/s20123428.
3
NovaGenesis Applied to Information-Centric, Service-Defined, Trustable IoT/WSAN Control Plane and Spectrum Management.
用于信息中心、服务定义、可信物联网/无线传感器网络控制平面和频谱管理的 NovaGenesis。
Sensors (Basel). 2018 Sep 19;18(9):3160. doi: 10.3390/s18093160.
4
IoT Hierarchical Topology Strategy and Intelligentize Evaluation System of Diesel Engine in Complexity Environment.物联网分层拓扑策略与复杂环境下柴油机智能化评估系统。
Sensors (Basel). 2018 Jul 10;18(7):2224. doi: 10.3390/s18072224.
5
An Architecture Framework for Orchestrating Context-Aware IT Ecosystems: A Case Study for Quantitative Evaluation .用于编排情境感知IT生态系统的架构框架:定量评估案例研究
Sensors (Basel). 2018 Feb 12;18(2):562. doi: 10.3390/s18020562.