关键词: 单点脆弱性, 主动防御技术, 动态调度机制, 安全策略, 负载感知

Abstract: Concern the problem of the flow rules tampering attacks and other single point vulnerability threats towards SDN controller, traditional security solutions such as backup and fault-tolerant mechanisms which are based on passive defense defects, cannot fundamentally solve the control layer security issues. Combined with the current Moving Target defense and Cyberspace Mimic defense, a dynamic security scheduling mechanism was proposed based on heterogeneous redundant structure. The controller scheduling model was established in which the dynamic scheduling strategy was designed based on security principle combined with attack exception and heterogeneity. Considering the system load factor, the proposed algorithm LA-SSA transform scheduling problem into a dynamic optimization problem. Simulation results show that compared with static structure, the dynamic and diversity of the security scheduling mechanism can significantly improve the system’s ability to resist the attack. And the LA-SSA algorithm which senses load factor guarantees the security while avoiding load imbalance problem.

Key words: single point vulnerability, active defense technology, dynamic scheduling mechanism, security strategy, load sensing