针对传统的入侵防御系统是串联在网络环境中,处理能力有限且易造成网络拥塞的问题,面向云计算应用,设计了一种基于软件定义网络(SDN)的入侵防御方案.首先,在OpenStack平台中集成了SDN控制器.然后,利用控制器的可编程特性,设计了入侵检测和控制器的联动机制,实现了入侵防御功能.联动机制实现原理是在入侵检测系统检测到入侵时把入侵信息传给控制器,控制器下发安全策略到虚拟交换机,达到过滤入侵流量、动态阻止入侵行为的目的.最后,通过实验将所提方案与传统入侵防御方案相比较,对比分析结果表明,相比传统方案能成功检测85%入侵(攻击速率为12 000 packet/s),所提方案的入侵检测效率在90%以上(攻击效率为40 000 packet/s),可以用于提高云环境下入侵防御的检测效率.%The traditional intrusion prevention system is the serially connected in the network environment,its ability to deal with the intrusion is limited and may cause network congestion easily.In order to solve the problems,an intrusion prevention scheme for cloud computing applications was designed based on Software Defined Network (SDN).Firstly,the SDN controller was integrated in the OpenStack platform.Then,by using the programmable characteristics of the controller,the linkage mechanism of intrusion detection and controller was designed to realize the intrusion prevention.The principle of the linkage mechanism is that the intrusion information is passed to the controller when the intrusion detection system detects the intrusion,then the security policy was issued to the virtual switch by the controller for filtering the intrusion traffic and dynamically preventing the intrusion.Finally,the proposed scheme was compared with the traditional intrusion prevention scheme in experiment.The comparison and analysis results show that,the proposed scheme can detect more than 90% of the instructions when they come at 40000 packets per second,while the traditional scheme only detect 85% of the instructions when they come at 12 000 packets per second.The proposed scheme can be used to improve the detection efficiency of intrusion prevention in the cloud environment.
展开▼
