The continuous expansion in scale of multi-field entries and the growing increase in bit-width bring heavy storage pressure in hardware on the Internet. In order to solve this problem, a compression method based on Bit Extraction of Independent rule Subsets (BEIS) was proposed. Firstly, some fields were merged based on the logical relationships among multiple match fields, thus reducing the number of match fields and the width of flow tables. Secondly, with the division of independent rule subsets for the merged rule set, some differentiate bits in the divided subsets were extracted to achieve the matching and searching function, further reducing the used Ternary Content Addressable Memory (TCAM) space. Finally, the lookup hardware architecture of this method was put forward. Simulation results show that, with certain time complexity, the storage space of the proposed method can be reduced by 20% compared with Field Trimmer (FT) in OpenFlow flow table; in addition, for common packet classification rule sets such as access control list and firewall in practical application, the compression ratio of 20%-40% can be achieved.

Concerning the flow rule tampering attacks and other single point vulnerability threats towards Software Defined Network (SDN) controller, traditional security solutions such as backup and fault-tolerant mechanisms which are based on passive defense defects, cannot fundamentally solve the control layer security issues. Combined with the current moving target defense and cyberspace mimic defense, a dynamic security scheduling mechanism based on heterogeneous redundant structure was proposed. A controller scheduling model was established in which the dynamic scheduling strategy was designed based on security principle combined with attack exception and heterogeneity. By considering the system load, the scheduling problem was transformed into a dynamic two-objective optimization problem by LA-SSA (Load-Aware Security Scheduling Algorithm) to achieve an optimal scheduling scheme. Simulation results show that compared with static structure, the dynamic scheduling mechanism has obvious advantages in cumulative number of exceptions and output safety rate, and the dynamic and diversity in the security scheduling mechanism can significantly improve the system's ability to resist attacks.The load variance of LA-SSA is more stable than that of safety priority scheduling, and the security imbalance is avoided, and the effectiveness of the security scheduling mechanism is verified.