SDN中意向回溯和分類故障安全策略研究總結(jié)與參考文獻(xiàn),計算機(jī)網(wǎng)絡(luò)論文

SDN中意向回溯和分類故障安全策略研究總結(jié)與以下為參考文獻(xiàn),計算機(jī)網(wǎng)絡(luò)論文本篇論文目錄導(dǎo)航：【題目】【第一章】【第二章】【第三章】【第四章】【第五章】【總結(jié)/以下為參考文獻(xiàn)】SDN中意向回溯和分類故障安全策略研究總結(jié)與以下為參考文獻(xiàn)第六章總結(jié)與瞻望6.1論文工作總結(jié)本文主要在SDN的環(huán)境中，討論怎樣使用數(shù)據(jù)包回溯和故障排除技術(shù)加強(qiáng)網(wǎng)絡(luò)可靠性，改善現(xiàn)有方式方法的操作復(fù)雜并且維護(hù)困難的缺點，提出一種安全策略的擴(kuò)展方式方法，結(jié)合意向策略和基于途徑的分類策略，能夠提高管理效率，合理解決網(wǎng)絡(luò)故障。撰寫本文前，主要在如下幾個方面進(jìn)行了研究和實驗工作：〔1〕基于SDN的數(shù)據(jù)包回溯技術(shù)和途徑跟蹤技術(shù)的研究，明確傳統(tǒng)IP回溯技術(shù)與SDN回溯的不同，結(jié)合現(xiàn)有基于SDN的意向應(yīng)用方案，提出意向回溯策略，對用戶不同類型的意向區(qū)別對待，分別定義帶有應(yīng)用特征、控制器特征、移動設(shè)備特征的用戶意向特征。開發(fā)意向回溯接口，通過實驗驗證得出意向回溯策略得到完好數(shù)據(jù)包途徑?！?〕基于策略層的故障回溯策略不需要交換機(jī)固件或者代理軟件等其他附加條件，本文提出結(jié)合基于途徑查詢的分類策略能夠發(fā)現(xiàn)網(wǎng)絡(luò)中的能否存在故障，結(jié)合故障排除算法定位鏈路故障和擴(kuò)大故障排除的范圍，能夠有效檢測流規(guī)則沖突和規(guī)則丟失這兩類事件，是對來源回溯方案的重要補(bǔ)充?！?〕逆向策略需要在數(shù)據(jù)層獲取數(shù)據(jù)包進(jìn)行回溯，而故障排除策略從網(wǎng)絡(luò)管理員解決故障的角度獲取數(shù)據(jù)包。提出基于途徑查詢的故障排除框架包括發(fā)現(xiàn)、定位、測試故障經(jīng)過，發(fā)現(xiàn)經(jīng)過通過分析鏈路處于故障途徑上的比例，定位經(jīng)過對鏈路進(jìn)行權(quán)重計算得到最大可能性發(fā)生故障的位置，然后通過測試環(huán)境來驗證故障修復(fù)的結(jié)果。6.2下一步工作瞻望本文基于SDN的安全策略擴(kuò)展，完成了意向接口定義，故障類型分類，但是在應(yīng)用層策略集成、組件間消息傳遞、系統(tǒng)優(yōu)化方面還存在缺乏之處，下一步工作能夠繼續(xù)完善的地方重點將集中在如下四個方面：〔1〕事件回溯與意向性結(jié)合。意向需要用戶自個根據(jù)網(wǎng)絡(luò)地址集合進(jìn)行定義，帶有隨意性。將檢測到的惡意流量由控制器應(yīng)用自動歸類進(jìn)行回溯，控制器具有學(xué)習(xí)功能的組件能夠更好的幫助用戶完成意向的定義，簡單的意向能夠根據(jù)用戶的需要能夠通過模塊化的組件自動完成開創(chuàng)建立，用戶僅需要簡單的操作步驟進(jìn)行調(diào)整即可?！?〕建立意向回溯系統(tǒng)。不僅能夠?qū)崿F(xiàn)簡單的意向回溯策略，還要能夠?qū)崿F(xiàn)更復(fù)雜的意向回溯功能，如對惡意流量進(jìn)行回溯,則需要惡意流量檢測組件的聯(lián)合使用。當(dāng)用戶的需求發(fā)生變化后，怎樣保障新增加的意向與前面定義的意向協(xié)同工作。有效的意向沖突檢測機(jī)制能夠幫助用戶解決意向添加問題，因而更多的意向管理功能還需要逐步添加到意向回溯系統(tǒng)中?！?〕瞬時故障問題。固然瞬時故障在大部分故障檢測系統(tǒng)中并沒有引起重視，但是對于實時性和可靠性要求都較高的通信系統(tǒng)中，瞬時故障的異常感覺和狀態(tài)可能由于頻繁出現(xiàn)而引起誤報警，所以怎樣解決瞬時問題或由于過于敏感故障檢測機(jī)制而產(chǎn)生的不準(zhǔn)確的故障發(fā)現(xiàn)結(jié)果，當(dāng)發(fā)生虛假的異常感覺和狀態(tài)時，管理系統(tǒng)可能無法確認(rèn)所觀察到的警報，進(jìn)而難以實現(xiàn)故障定位的經(jīng)過?！?〕建立自動化測試環(huán)境。丟包測試中存在自動化程度不高的事實，對于故障之間復(fù)雜的相關(guān)性和由于無關(guān)故障的存在，難以在很短的時間內(nèi)構(gòu)造自動化的測試經(jīng)過。測試中需要將故障管理系統(tǒng)盡可能地隔離，在保衛(wèi)故障現(xiàn)場的前提下，才能保證在一個很短的時間內(nèi)每次故障測試都測試的是同樣的故障問題，而不會產(chǎn)生重復(fù)告警。以下為參考文獻(xiàn)[1]FonsecaR,PorterG,KatzRH,etal.X-trace:Apervasivenetworktracingframework[C].Proceedingsofthe4thUSENIXconferenceonNetworkedsystemsdesignimplementation.USENIXAssociation,2007:1-14.[2]AnandA,AkellaA.Netreplay:anewnetworkprimitive[J].ACMSIGMETRICSPerformanceEvaluationReview,2018,37〔3〕：14-19.[3]TennenhouseDL,SmithJM,SincoskieWD,etal.Asurveyofactivenetworkresearch[J].CommunicationsMagazine,IEEE,1997,35〔1〕：80-86.[4]YangL,DantuR,AndersonT,etal.Forwardingandcontrolelementseparation〔ForCES〕framework[R].RFC3746,April,2004.[5]McKeownN.Software-definednetworking[J].INFOCOMkeynotetalk,2018,17〔2〕：30-32.[6]McKeownN,AndersonT,BalakrishnanH,etal.OpenFlow:enablinginnovationincampusnetworks[J].ACMSIGCOMMComputerCommunicationReview,2008,38〔2〕：69-74.[7]ONF,Opennetworkingfoundation,2021.[Online].Available:[8]OpenDaylight,OpenDaylight:ALinuxFoundationCollaborativeProject,2021.[Online].Available:[9]CasadoM,GarfinkelT,AkellaA,etal.SANE:AProtectionArchitectureforEnterpriseNetworks[C].UsenixSecurity.2006:137-151.[10]CasadoM,FreedmanMJ,PettitJ,etal.Ethane:takingcontroloftheenterprise[J].ACMSIGCOMMComputerCommunicationReview.ACM,2007,37〔4〕：1-12.[11]GreenbergA,HjalmtyssonG,MaltzDA,etal.Acleanslate4Dapproachtonetworkcontrolandmanagement[J].ACMSIGCOMMComputerCommunicationReview,2005,35〔5〕：41-54.[12]ShinS,GuG.CloudWatcher:NetworksecuritymonitoringusingOpenFlowindynamiccloudnetworks〔or:Howtoprovidesecuritymonitoringasaserviceinclouds?〕[C].202020thIEEEInternationalConferenceonNetworkProtocols〔ICNP〕，2020:1-6.[13]ShinS,PorrasPA,YegneswaranV,etal.FRESCO:ModularComposableSecurityServicesforSoftware-DefinedNetworks[C].NDSS.2020:1-16.[14]KumarS,KumarT,SinghG,etal.Openflowswitchwithintrusiondetectionsystem[J].InternationalJ.SchientificResearchEngineeringTechonology〔IJSRET〕，2020〔1〕：1-4.[15]胡章豐，郭春梅，畢學(xué)堯。云計算及SDN與安全技術(shù)研究[J].信息網(wǎng)絡(luò)安全，2020〔10〕：40-43.[16]YaoG,BiJ,XiaoP.SourceaddressvalidationsolutionwithOpenFlow/NOXarchitecture[C].201819thIEEEInternationalConferenceonNetworkProtocols〔ICNP〕，2018:7-12.[17]BragaR,MotaE,PassitoA.LightweightDDoSfloodingattackdetectionusingNOX/OpenFlow[C].2018IEEE35thConferenceonLocalComputerNetworks〔LCN〕，2018:408-415.[18]HandR,TonM,KellerE.Activesecurity[C].ProceedingsoftheTwelfthACMWorkshoponHotTopicsinNetworks.ACM,2020:1-7.[19]BiermanA,BjorklundM,WatsenK,etal.RESTCONFprotocol[J].IETFdraft,workinprogress,2020.[20]NelsonT,FergusonAD,ScheerMJG,etal.Tierlessprogrammingandreasoningforsoftware-definednetworks[C].11thUSENIXSymposiumonNetworkedSystemsDesignandImplementation〔NSDI14〕。2020:519-531.[21]JafarianJH,Al-ShaerE,DuanQ.Openflowrandomhostmutation:transparentmovingtargetdefenseusingsoftwaredefinednetworking[C].ProceedingsofthefirstworkshoponHottopicsinsoftwaredefinednetworks.ACM,2020:127-132.[22]JohnW,PentikousisK,AgapiouG,etal.Researchdirectionsinnetworkservicechaining[C].2020IEEESDNforFutureNetworksandServices〔SDN4FNS〕，2020:1-7.[23]SavageS,WetherallD,KarlinA,etal.PracticalnetworksupportforIPtraceback[C].ACMSIGCOMMComputerCommunicationReview.ACM,2000,30〔4〕：295-306.[24]SnoerenAC,PartridgeC,SanchezLA,etal.Hash-basedIPtraceback[C].ACMSIGCOMMComputerCommunicationReview.ACM,2001,31〔4〕：3-14.[25]SuzukiK,SonodaK,TomizawaN,etal.AsurveyonOpenFlowtechnologies[J].IEICETransactionsonCommunications,2020,97〔2〕：375-386.[26]ZhangH,LumezanuC,RheeJ,etal.Enablinglayer2pathlettracingthroughcontextencodinginsoftware-definednetworking[C].ProceedingsofthethirdworkshoponHottopicsinsoftwaredefinednetworking.ACM,2020:169-174.[27]董玲，陳一民。使用帶認(rèn)證的入口包標(biāo)記追蹤IP源地址[J].計算機(jī)工程與科學(xué)，2004,26〔4〕：11-14.[28]KihongPark,HeejoLee.Ontheeffectivenessofroute-basedpacketfilteringfordistributedDOSattackpreventioninpower-lawinternets[J].ComputerCommunicationReview,2001,31〔4〕：15-26.[29]李勇輝。IP網(wǎng)絡(luò)中基于數(shù)據(jù)包標(biāo)記的溯源方式方法研究[D].北京郵電大學(xué)，2018.[30]李國劍，許福永，馬阿寧，等?；谏窠?jīng)網(wǎng)絡(luò)的主動IP回溯[J].計算機(jī)工程與設(shè)計，2007,28〔17〕：4105-4107.[31]StoneR.CenterTrack:AnIPOverlayNetworkforTrackingDoSFloods[C].USENIXSecuritySymposium.2000,21:114.[32]HilgenstielerE,DuarteEP,Mansfield-KeeniG,etal.Extensionstothesourcepathisolationengineforpreciseandefficientlog-basedIPtraceback[J].computerssecurity,2018,29〔4〕：383-392.[33]SuhJ,KwonTT,DixonC,etal.OpenSample:Alow-latency,sampling-basedmeasurementplatformforcommoditySDN[C].2020IEEE34thInternationalConferenceonDistributedComputingSystems〔ICDCS〕，2020:228-237.[34]sFForum,sFlow,2021.[Online].Available:[35]AgarwalK,RoznerE,DixonC,etal.SDNtraceroute:TracingSDNforwardingwithoutchangingnetworkbehavior[C].ProceedingsofthethirdworkshoponHottopicsinsoftwaredefinednetworking.ACM,2020:145-150.[36]?gorzataSteinderM,SethiAS.Asurveyoffaultlocalizationtechniquesincomputernetworks[J].Scienceofcomputerprogramming,2004,53〔2〕：165-194.[37]HandigolN,HellerB,JeyakumarV,etal.Iknowwhatyourpacketdidlasthop:Usingpackethistoriestotroubleshootnetworks[C].11thUSENIXSymposiumonNetworkedSystemsDesignandImplementation〔NSDI14〕。2020:71-85.[38]MahajanR,SpringN,WetherallD,etal.User-levelinternetpathdiagnosis[J].ACMSIGOPSOperatingSystemsReview,2003,37〔5〕：106-119.[39]MotiwalaM,LychevR,ONeillA,etal.In-BandNetworkFaultLocalization[J].[40]BarakB,GoldbergS,XiaoD.ProtocolsandlowerboundsforfailurelocalizationintheInternet[M].BerlinHeidelberg:Springer,2008:341-360.[41]ArgyrakiK,ManiatisP,IrzakO,etal.LossanddelayaccountabilityfortheInternet[C].IEEEInternationalConferenceonICNP,2007:194-205.[42]WundsamA,LevinD,SeetharamanS,etal.OFRewind:EnablingRecordandReplayTroubleshootingforNetworks[C].USENIXAnnualTechnicalConference.2018:1-14.[43]HandigolN,HellerB,JeyakumarV,etal.Whereisthedebuggerformysoftware-definednetwork?[C].ProceedingsofthefirstworkshoponHottopicsinsoftwaredefinednetworks.ACM,2020:55-60.[44]GheorgheG,AvanesovT,PalattellaMR,etal.SDN-RADAR:NetworktroubleshootingcombininguserexperienceandSDNcapabilities[C].20211stIEEEConferenceonNetworkSoftwarization〔NetSoft〕，2021:1-5.[45]LooBT,CondieT,GarofalakisM,etal.Declarativenetworking[J].CommunicationsoftheACM,2018,52〔11〕：87-95.[46]WuY,ZhaoM,HaeberlenA,etal.Diagnosingmissingeventsindistributedsystemswithnegativeprovenance[J].ACMSIGCOMMComputerCommunicationReview,2021,44〔4〕：383-394.[47]ZengH,KazemianP,VargheseG,etal.Automatictestpacketgeneration[C].Proceedingsofthe8thinternationalconferenceonEmergingnetworkingexperimentsandtechnologies.ACM,2020:241-252.[48]ScottC,WundsamA,RaghavanB,etal.TroubleshootingblackboxSDNcontrolsoftwarewithminimalcausalsequences[C].ACMSIGCOMMComputerCommunicationReview.ACM,2020,44〔4〕：395-406.[49]ZhangH,ReichJ,REXFORDJENN.Packettracebackforsoftware-definednetworks[J].Dept.Comput.Sci.,PrincetonUniversity,Princeton,NJ,USA,Tech.Rep.TR-978-15,2021.[50]NarayanaS,RexfordJ,WalkerD.Compilingpathqueriesinsoftware-definednetworks[C].ProceedingsofthethirdworkshoponHottopicsinsoftwaredefinednetworking.ACM,2020:181-186.[51]HellerB,ScottC,McKeownN,etal.LeveragingSDNlayeringtosystematicallytroubleshootnetworks[C].ProceedingsofthesecondACMSIGCOMMworkshoponHottopicsinsoftwaredefinednetworking.ACM,2020:37-42.[52]DonovanS,FeamsterN.IntentionalNetworkMonitoring:FindingtheNeedleWithoutCapturingtheHaystack[C].Proceedingsofthe13thACMWorkshoponHotTopicsinNetworks.ACM,2020:5.[53]MonsantoC,ReichJ,FosterN,etal.Composingsoftwaredefinednetworks[C].Presentedaspartofthe10thUSENIXSymposiumonNetworkedSystemsDesignandImplementation〔NSDI13〕。2020:1-13.[54]LantzB,HellerB,McKeownN.Anetworkinalaptop:rapidprototypingforsoftware-definednetworks[C].Proceedingsofthe9thACMSIGCOMMWorkshoponHotTopicsinNetworks.ACM,2018:19.[55]AndersonC