XJIPC OpenIR  > 多语种信息技术研究室
云环境下基于SDN的流量异常检测技术研究
马超
学位类型硕士
导师程力
2015-05-25
学位授予单位中国科学院大学
学位授予地点北京
学位专业计算机技术
关键词软件定义网络 云平台 流量异常检测 网络安全
摘要

近些年,云计算作为一种新型服务模式,成为信息技术领域最令人关注的话题之一。随着云计算的迅猛发展,服务器虚拟化等新技术带来的动态变化使网络可管理性面临严峻挑战,目前的网络体系结构无法满足新的需求。由于复杂的混合云网络逐渐成为云计算发展的瓶颈,软件定义网络(SDN)技术近年来成为学术界和工业界关注的热点。通过分离网络控制面和数据面,基于OpenFlow的SDN体系结构通过抽象底层基础设施,使网络实现集中管理和具备可编程性。在网络安全领域,由于虚拟化技术的引入,打破了传统网络边界的划分方式,网络边界变的模糊和动态。同时,云计算规模的不断扩大也使从内部发起网络攻击成为可能。面对这些新出现的问题,传统的安全技术手段无法做到有效的安全防护。SDN的出现为云计算安全带来新的视角,它的技术特点表明SDN能针对云计算环境中的动态变化及时作出反应。目前对于应用SDN来解决网络攻击的研究尚处于起步阶段,SDN是否能够高效检测来自内部的网络攻击尚无定论。针对该问题,本文首先对近些年云计算安全研究进行了分析,尤其详细总结了SDN为云计算安全带来的崭新成果。随后,在分析了SDN技术框架的基础上,针对云计算复杂的内部网络环境和新的安全需求,提出了基于SDN的异常检测方案,并从设计思想、模块构成等方面进行了详细介绍。最后,设计了基于OpenStack的云环境实验方案,模拟了DDoS攻击和端口扫描攻击,分析了SDN在检测攻击时的精确度和资源使用率。结果表明,在云环境下利用SDN检测内部威胁时比传统网络环境占用更少的物理内存而不影响精确度,但直接在SDN控制器上部署安全应用的方式也存在性能瓶颈。

其他摘要
In those years, cloud computing as a new service model has become one of the most interesting topics in the field of information technology. With the rapid development of cloud computing, dynamic changes brought by server virtualization and other new technologies make the manageability of network facing severe challenges, and the current network architectures cannot meet the new requirements. As the increasing complexity of hybrid cloud networks becomes a bottleneck of cloud computing, a potential solution, SDN has gained great attentions from both industry and academic. By separating the network control plane and data plane, OpenFlow based SDN architecture can abstract the underlying infrastructure, make the network scale programming and centralized management. In the network security domain, due to the introduction of virtualization technology, which breaking the manner of division boundaries of traditional network, network boundaries become blurred and dynamic. At the same time, the constantly expand scales of the cloud also make it possible to launched attacks from inside. Faced with these emerging issues, traditional security techniques cannot achieve effective security. SDN's emergence has also brought a new perspective for cloud computing security, it’s technical features show that can make a timely response to a cloud computing environment dynamic changes. So far, research on utilizing SDN in network attack detection is still in its inception phase. Specifically, it has not been evaluated whether SDN can efficiently detect internal network attacks in a cloud environment. In this research, firstly, the security of cloud computing research in recent years were analyzed, in particular a detailed summary of new achievements for cloud computing security brought by SDN. Subsequently, based on the analysis SDN technology framework, towards the complexity of the internal network for cloud computing environments and new security requirements, proposed anomaly detection scheme based on SDN and described in detail from the design, modules and so on. Finally, we implement both SDN and traditional network infrastructures based on OpenStack platform. We simulate both flood and port-scan attacks and utilize two types of traffic anomaly detection algorithms. Experiment results indicates that the SDN method shows better performance in memory usage without degrading its accuracy, while it also suffers performance bottleneck when directly deployed into SDN controllers.
文献类型学位论文
条目标识符http://ir.xjipc.cas.cn/handle/365002/4248
专题多语种信息技术研究室
作者单位中国科学院新疆理化技术研究所
推荐引用方式
GB/T 7714
马超. 云环境下基于SDN的流量异常检测技术研究[D]. 北京. 中国科学院大学,2015.
条目包含的文件
文件名称/大小 文献类型 版本类型 开放类型 使用许可
云环境下基于SDN的流量异常检测技术研究(786KB)学位论文 开放获取CC BY-NC-SA浏览 请求全文
个性服务
推荐该条目
保存到收藏夹
查看访问统计
导出为Endnote文件
谷歌学术
谷歌学术中相似的文章
[马超]的文章
百度学术
百度学术中相似的文章
[马超]的文章
必应学术
必应学术中相似的文章
[马超]的文章
相关权益政策
暂无数据
收藏/分享
文件名: 云环境下基于SDN的流量异常检测技术研究.pdf
格式: Adobe PDF
所有评论 (0)
暂无评论
 

除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。