ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2019, Vol. 56 ›› Issue (5): 955-966.doi: 10.7544/issn1000-1239.2019.20190019

所属专题: 2019智能网络理论与关键技术专题

• 网络技术 • 上一篇    下一篇

DiffSec:一种差别性的智能网络安全服务模型

邓理,吴伟楠,朱正一,陈鸣   

  1. (南京航空航天大学计算机科学与技术学院 南京 211106) (dengli@nuaa.edu.cn)
  • 出版日期: 2019-05-01
  • 基金资助: 
    国家自然科学基金项目(61772271,61379149)

DiffSec: A Differentiated Intelligent Network Security Service Model

Deng Li, Wu Weinan, Zhu Zhengyi, Chen Ming   

  1. (College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing 211106)
  • Online: 2019-05-01

摘要: 网络安全对于现代信息社会越来越重要,随之而来的是网络安全的代价也越来越高.如何在保证网络安全的前提下,尽可能降低网络安全的开销是一个挑战性的任务.基于不同的用户群体具有不同安全需求的事实,提出了根据用户安全等级不同而提供有差别的安全服务的模型DiffSec,论证了该模型能够有效降低网络安全服务开销和提升网络性能,能够适应网络安全技术长期发展的需要.基于该模型,采用NFV和SDN结合的技术设计了安全接入网络(SANet)的结构和相应的智能控制方法,实现了原型系统.原型系统的实验结果表明:SANet不仅能够提供灵活、正确的网络安全功能,也具有良好的网络性能和实用价值.

关键词: 网络安全, 软件定义网络, 网络功能虚拟化, 智能控制, 原型系统

Abstract: Network security for our modern information society is more and more important, and what followed by the cost of network security is increasing. It is a challenging task to reduce the cost of network security as much as possible on the premise of ensuring network security. Based on the fact that different user communities have different security requirements, this paper proposes a model called DiffSec that provides differentiated security services according to different user security levels. We argue that this model can effectively reduce the network security service cost and improve the network performance and can meet the needs of long-term development of the network security technology. Based on the DiffSec, we design the structure of the secure access network (SANet) and the corresponding intelligent control method using the combination of NFV and SDN, and implement the prototype system. The experimental results of the prototype system show that SANet can not only provide flexible and correct network security functions, but also has good network performance and practical value.

Key words: network security, software-defined networking (SDN), network function virtualization (NFV), intelligent control, prototype system

中图分类号: