Subjects: Computer Science >> Integration Theory of Computer Science submitted time 2018-05-20 Cooperative journals: 《计算机应用研究》
Abstract: The target network information which intruder learn will gradually increase in the intrusion process. According to the new information , intruder will find a better intrusion path than before and adjust strategy. This paper presented a method which can more accurately predict intrusion path. First, it established a dynamic defense graph based on hypergraph theory and proposed the method to update dynamic defense graph. Second, it established incomplete information multi-stage game model. Finally, it designed the dynamic defense graph path predictive algorithm based on game. The experiment gives a concrete example about the model of predicting intrusion path. The reasonableness and accuracy of the model are illustrated by the analysis of the example results.
Subjects: Computer Science >> Integration Theory of Computer Science submitted time 2018-05-18 Cooperative journals: 《计算机应用研究》
Abstract: The virtual network function in the security service chain decouples the traditional network security functions from the hardware devices, making the deployment of service functions more dynamic and extensible. However, the rational allocation of the VNF to the node and the efficient scheduling of the VNF on the node still need to be solved urgently. To this end, this paper presented a solution using optimization algorithm based on the software defined network and network function virtualization environment. First, this paper made an example of resource allocation and scheduling problem and formalizes the objective. Then, this paper proposed a resource allocation scheme based on greedy algorithm and a resource scheduling scheme based on hybrid bee colony algorithm to solve the problem coordinately. Finally, the simulation experiment is designed to verify the time complexity and the improvement of total resource cost and total service income of the proposed algorithm. Meanwhile, it compared the hybrid bee colony algorithm with the traditional bee colony algorithm, indicating that the former has better convergence rate.
Subjects: Computer Science >> Integration Theory of Computer Science submitted time 2018-04-12 Cooperative journals: 《计算机应用研究》
Abstract: For defending the new link flooding attack, this paper proposed an active defense method of Openflow channel link flooding based on Renyi entropy. Analyzing the changes in the number of ICMP timeout messages produced by an attacker in the construction of the Openflow channel Linkmap from Renyi entropy. Once attacks precursor was detected, flow monitoring server sends an attack warning to the controller, then controller start switch-controller connection migration mechanism, migrate the switch to a new controller and communicate with the new Openflow channel. Experimental results show that the active defense method can effectively avoid the impact of link flooding attack between controller and switch and ensure that controller and switch can provide continuous network services and enhance the robustness of SDN network.
Hits
YES
Hits
Downloads
Comment