Abstract: Network security for our modern information society is more and more important, and what followed by the cost of network security is increasing. It is a challenging task to reduce the cost of network security as much as possible on the premise of ensuring network security. Based on the fact that different user communities have different security requirements, this paper proposes a model called DiffSec that provides differentiated security services according to different user security levels. We argue that this model can effectively reduce the network security service cost and improve the network performance and can meet the needs of long-term development of the network security technology. Based on the DiffSec, we design the structure of the secure access network (SANet) and the corresponding intelligent control method using the combination of NFV and SDN, and implement the prototype system. The experimental results of the prototype system show that SANet can not only provide flexible and correct network security functions, but also has good network performance and practical value.

Key words: network security, software-defined networking (SDN), network function virtualization (NFV), intelligent control, prototype system