摘要
设计并仿真实现了一种基于安全博弈的SDN数据包抽检策略,以优化SDN数据包抽检问题中的网络安全资源配置.将SDN数据包抽检问题建模成攻防双方参与的零和安全博弈;根据网络节点重要性量化网络节点收益值以确定攻防双方收益;通过对上述安全博弈模型求解得到防御者的均衡策略,即为有限安全资源约束下最优的SDN数据包抽检策略.仿真结果表明,提出的基于安全博弈的SDN数据包抽检策略是有效的.
In order to optimize the allocation of network security resources,an SDN packet sampling detection strategy based on security game was devised and simulated. The SDN packet sampling detection problem was modeled as a zero-sum security game with players as defender or attacker. Payoff of network nodes was quantified according to their importance thus to determine players' payoff. The equilibrium strategy of defender was obtained by solving the security game model mentioned above,which was the optimal SDN packet sampling strategy within the context of limited security resource constraints. Simulation proved that the proposed SDN packet sampling strategy based on security game was effective.
引文
[1]KREUTZ D,RAMOS F M V,VERISSIMO P.Towards secure and dependable software-defined networks[C]//ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking.Hong Kong,2013:55-60.
[2]DABBAGH M,HAMDAOUI B,GUIZANI M,et al.Software-defined networking security:pros and cons[J].IEEE communications magazine,2015,53(6):73-79.
[3]AKHUNZADA A,AHMED E,GANI A,et al.Securing software defined networks:taxonomy,requirements,and open issues[J].Communications magazine,2015,53(4):36-44.
[4]SHIN S,YEGNESWARAN V,PORRAS P,et al.Avant-guard:scalable and vigilant switch flow management in software-defined networks[C]//Proceedings of the 2013 ACM SIGSAC Conference on Computer&Communications Security.Berlin,2013:413-424.
[5]KIM H,SCHLANSKER M,SANTOS J R,et al.Coronet:fault tolerance for software defined networks[C]//Proceedings of the20th IEEE International Conference on Network Protocols(ICNP).Austin,2012:1-2.
[6]PORRAS P,SHIN S,YEGNESWARAN V,et al.A security enforcement kernel for open flow networks[C]//Proceedings of the ACM Hot SDN.Helsinki,2012:121-126.
[7]HU Z,WANG M,YAN X,et al.A comprehensive security architecture for SDN[C]//International Conference on Intelligence in Next Generation Networks.Paris,2015:30-37.
[8]CONITZER V,SANDHOLM T.Computing the optimal strategy to commit to[C]//ACM Conference on Electronic Commerce.Ann Arbor,2006:82-90.
[9]TSAI J,RATHI S,KIEKINTVELD C,et al.IRIS:a tool for strategic security allocation in transportation network[C]//Proceedings of the 8th International Conference on Autonomous Agents and Multiagent Systems.Budapest,2009:37-44.
[10]YIN Z Y,JIANG A X,TAMBE M,et al.Trusts:scheduling randomized patrols for fare inspection in transit systems using game theory[J].AI magazine,2012,33(4):59-72.
[11]PITA J,JAIN M,ORDEZ F,et al.Using game theory for Los Angeles airport security[J].AI magazine,2009,30(1):43-57.
[12]FREEMAN L C.A set of measures of centrality based on betweenness[J].Sociometry,1977,40(1):35-41.
[13]KITSAK M,GALLOS L K,HAVLIN S,et al.Identifying influential spreaders in complex networks[J].Nature physics,2010,6(11):888-893.
[14]NEUMANN J V.Zur theorie der gesellschaftsspiele[J].Mathematische annalen,1928,100(1):295-320.