Abstract:To create a network security environment to prevent attacks and monitor flows, based on the software defined networking (SDN) with network data plane and control plane, the OpenFlow protocol flowcontroller was used to integrate two network security technologies of access control and network audit. A SDN based flow access security system (SDNFASS) was proposed. The architecture of SDNFASS was designed to discuss the working process of access control and audit function, and the security policy of access control and the flow log extraction and analysis were studied. To test the access control and network security audit characteristics of SDNFASS, a prototype system was built to conduct the test of multidimensional control and flowlog trace back analysis. The results show that the system has flexible definition of network access control security policy, high online efficient access to stream record and fast searching for mass flowlog. The proposed system can prevent network attacks and monitor illegal operation of network.
2016, Vol. 37 
