一种基于路径跟踪反馈的SDN网络可信传输方案

摘要/Abstract

摘要： 针对软件定义网络(SDN)中的转发设备存在不可避免的漏洞和后门、缺乏主动监测或被动检查网络行为的机制等问题，提出一种基于路径跟踪反馈的SDN网络可信传输方案，设计基于跟踪反馈的传输路径可信验证机制，依据反馈信息分析节点的可信性，以此评估路径的可信度；同时，提出一种基于路径跟踪反馈的不相交多路径可信路由算法DMTRA-PTF，能够通过路径跟踪反馈和可信评估引导新的路径及时规避恶意交换机节点，构造不相交多路径路由方案以增强SDN网络传输服务的可信性。对比实验结果表明，路径跟踪反馈机制能够以较小的性能代价准确识别恶意交换机，提出的可信路由算法能够以此为后续路由动态规划不相交多条可信路径，有效提升网络整体的可信性。

关键词: 路径跟踪反馈, 软件定义网络, 可信性分析, 多路径, 可信传输

Abstract: To address the problems with software defined network, such as the inevitable loopholes in the forwarding equipment and the lack of mechanisms for the controller to actively check network behaviors, a trusted transmission scheme of the SDN based on path tracking feedback is proposed. A transmission path trust verification mechanism based on tracking feedback is proposed in the scheme. Based on the feedback information, the credibility of the node is analyzed and the credibility of the path is evaluated. At the same time, a disjoint multi-path trusted routing algorithm DMTRA-PTF based on path tracking feedback is proposed to avoid malicious switch nodes through path tracking feedback and trusted evaluation, so as to construct disjoint multipath routing scheme to enhance the reliability of SDN transmission service. The experimental results show that the path tracking feedback mechanism can accurately identify the malicious switch with a small performance cost, and the trusted routing algorithm proposed in this paper can dynamically plan disjoint multiple trusted paths for subsequent routes, which can effectively improve the credibility of the whole network.

Key words: path tracking feedback, software defined network, trustworthiness analysis, multipath; , trusted transmission

高枫, 庄毅, 刘骁. 一种基于路径跟踪反馈的SDN网络可信传输方案[J]. 计算机与现代化, 2022, 0(12): 102-110.

GAO Feng, ZHUANG Yi, LIU Xiao. A Trusted Transmission Scheme of SDN Based on Path Tracking Feedback[J]. Computer and Modernization, 2022, 0(12): 102-110.

参考文献［25］

［1］	TSAI P W, TSAI C W, HSU C W, et al. Network monitoring in software-defined networking: A review［J］. IEEE Systems Journal, 2018,12(4):3958-3969.
［2］	CHIU Y C, LIN P C. Rapid detection of disobedient forwarding on compromised OpenFlow switches［C］// 2017 International Conference on Computing, Networking and Communications (ICNC). 2017:672-677.
［3］	GAO S, LI Z, XIAO B, et al. Security threats in the data plane of software-defined networks［J］. IEEE Network, 2018,32(4):108-113.
［4］	JIMNEZ M B, FERNNDEZ D, RIVADENEIRA J E, et al. A survey of the main security issues and solutions for the SDN architecture［J］. IEEE Access, 2021,9:122016-122038.
［5］	MIDHA S, TRIPTAHI K. Extended TLS security and defensive algorithm in OpenFlow SDN［C］// 2019 9th International Conference on Cloud Computing, Data Science & Engineering (Confluence). 2019:141-146.
［6］	REHMAN A U, AGUIAR R L, BARRACA J P. Fault-tolerance in the scope of software-defined networking (SDN)［J］. IEEE Access, 2019,7:124474-124490.
［7］	SHUKLA A, SAIDI S J, SCHMID S, et al. Toward consistent SDNs: A case for network state fuzzing［J］. IEEE Transactions on Network and Service Management, 2020,17(2):668-681.
［8］	SASAKI T, PAPPAS C, LEE T, et al.SDNsec: Forwarding accountability for the SDN data plane［C］// 2016 25th International Conference on Computer Communication and Networks (ICCCN). 2016. DOI:10.1109/ICCCN.2016.7568569.
［9］	ZHANG P, WU H, ZHANG D, et al. Verifying rule enforcement in software defined networks with REV［J］. IEEE/ACM Transactions on Networking, 2020,28(2):917-929.
［10］	MOHAMMADI A A, KAZEMIAN P, PAKRAVAN M R. Detecting malicious packet drops and misroutings using Header Space Analysis［C］// 2016 8th International Symposium on Telecommunications (IST). 2016:521-526. 〖HJ0.92mm〗
［11］	LI T, HOFMANN C, FRANZ E. Secure and reliable data transmission in SDN-based backend networks of industrial IoT［C］// 2020 IEEE 45th Conference on Local Computer Networks (LCN). 2020:365-368.
［12］	GUILLEN L, IZUMI S, ABE T, et al. SDN implementation of multipath discovery to improve network performance in distributed storage systems［C］// 2017 13th International Conference on Network and Service Management (CNSM). 2017. DOI:10.23919/CNSM.2017.8256054.
［13］	REN Q, HU T, WU J, et al. Multipath resilient routing for endogenous secure software defined networks［J］. Computer Networks, 2021,194. DOI:10.1016/j.comnet.2021.108134.
［14］	GAO C F, RAJABIAN-SCHWART V, ZHANG W Y, et al. How would you like your packets delivered? An SDN-enabled open platform for QoS routing［C］// 2018 IEEE/ACM 26th International Symposium on Quality of Service (IWQoS). 2018. DOI: 10.1109/IWQoS.2018.8624137.
［15］	张卫峰. 深度解析SDN:利益、战略、技术、实践［M］. 北京:电子工业出版社, 2014:68-75.〖HJ0.93mm〗
［16］	TUPAKULA U, VARADHARAJAN V, KARMAKAR K K. Attack detection on the software defined networking switches［C］// 2020 6th IEEE Conference on Network Softwarization (NetSoft). 2020:262-266.
［17］	HUSSEIN A, ELHAJJ I H, CHEHAB A, et al. SDN security plane: An architecture for resilient security services［C］// 2016 IEEE International Conference on Cloud Engineering Workshop (IC2EW). 2016:54-59.
［18］	CHI P, KUO C, GUO J, et al. How to detect a compromised SDN switch［C］// Proceedings of the 2015 1st IEEE Conference on Network Softwarization (NetSoft). 2015. DOI:10.1109/NETSOFT.2015.7116184.
［19］	XU S, WANG X, YANG G, et al. Routing optimization for cloud services in SDN-based Internet of Things with TCAM capacity constraint［J］. Journal of Communications and Networks, 2020,22(2):145-158.
［20］	SHEU J P, LIN W T, CHANG G Y. Efficient TCAM rules distribution algorithms in software-defined networking［J］. IEEE Transactions on Network and Service Management, 2018,15(2):854-865.
［21］	HOU A, WU C Q, FANG D, et al. Bandwidth scheduling with multiple variable node-disjoint paths in high-performance networks［C］// 2016 IEEE 35th International Performance Computing and Communications Conference (IPCCC). 2016. DOI:10.1109/PCCC.2016.7820600.
［22］	ABE J O, MANTAR H A, YAYIMLI A G. K-Maximally disjoint path routing algorithms for SDN［C］// 2015 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery. 2015:499-508.
［23］	PAN Q, ZHENG X. Multi-path SDN route selection subject to multi-constraints［C］// The 3rd International Conference on Cyberspace Technology (CCT 2015). 2015. DOI:10.1049/cp.2015.0818.
［24］	鲁垚光,王兴伟,李福亮,等. 软件定义网络中的动态负载均衡与节能机制［J］. 计算机学报, 2020,43(10):1969-1982.
［25］	卓力,张菁,赵霙頔,等. 一种面向无线视频传感器网络的多径QoS保障路由协议［J］. 电子学报, 2013(6):1122-1129.

[1]	王重阳, 庄毅. 基于SDN和改进CSA算法的多作业集群的负载均衡算法[J]. 计算机与现代化, 2023, 0(11): 28-35.
[2]	陈晨, 庄毅, 高增. QoE驱动的SDN网络高可用传输框架[J]. 计算机与现代化, 2023, 0(11): 62-68.
[3]	姜厚海, 庄毅, 曹子宁. 一种基于流聚合与拥塞避免的SDN快速故障恢复方案[J]. 计算机与现代化, 2023, 0(10): 77-83.
[4]	姜厚海, 庄毅, 曹子宁. 一种基于改进BDD的SDN可靠性评估算法[J]. 计算机与现代化, 2023, 0(09): 64-69.
[5]	雷依翰, 曹利峰, 韩孟达, 韩雪. 软件定义天地一体化网络安全切换架构与方法[J]. 计算机与现代化, 2023, 0(08): 119-126.
[6]	包春晖, 庄毅, 郭黎烨. 面向服务传输的SDN移动网络脆弱性评估模型[J]. 计算机与现代化, 2022, 0(11): 43-51.
[7]	凌致远, 陈晓, 宋磊, . 基于匹配动作表模型的可编程数据平面流表归并[J]. 计算机与现代化, 2022, 0(07): 74-78.
[8]	王文蔚, 肖军弼, 程鹏, 张悦. 基于SDN的DDoS攻击防御系统[J]. 计算机与现代化, 2021, 0(02): 117-121.
[9]	戴松, 孙延涛, 刘强, 贾泽群, . 基于多模电台的SDMANET网络组网方法[J]. 计算机与现代化, 2020, 0(08): 82-88.
[10]	肖军弼, 程鹏, 谭立状, 孟祥泽. 基于SDN的数据中心动态优先级多路径调度算法[J]. 计算机与现代化, 2020, 0(07): 21-26.
[11]	麻朴方1,2，王劲林1,2，尤佳莉1,2. 一种基于马尔可夫模型的加速ICN路径收敛性的方法[J]. 计算机与现代化, 2020, 0(01): 28-.
[12]	耿岚岚1，孙延涛2，戴松1. 一种面向软件定义移动自组网的拓扑发现方法[J]. 计算机与现代化, 2019, 0(09): 53-.
[13]	詹晗. 基于OpenStack的分布式SDN控制器Dragonflow研究[J]. 计算机与现代化, 2017, 0(7): 91-94.
[14]	印苏凯1,刘光杰1,刘伟伟1,翟江涛2,戴跃伟1,2. 软件定义网络中的多流时间式隐信道设计[J]. 计算机与现代化, 2017, 0(4): 94-98,104.
[15]	井娥林. ZigBee路由算法的改进及在智能家居中的应用[J]. 计算机与现代化, 2016, 0(12): 92-96,101.