ISSN 1000-1239 CN 11-1777/TP

Journal of Computer Research and Development ›› 2019, Vol. 56 ›› Issue (5): 955-966.doi: 10.7544/issn1000-1239.2019.20190019

Special Issue: 2019智能网络理论与关键技术专题

Previous Articles     Next Articles

DiffSec: A Differentiated Intelligent Network Security Service Model

Deng Li, Wu Weinan, Zhu Zhengyi, Chen Ming   

  1. (College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing 211106)
  • Online:2019-05-01

Abstract: Network security for our modern information society is more and more important, and what followed by the cost of network security is increasing. It is a challenging task to reduce the cost of network security as much as possible on the premise of ensuring network security. Based on the fact that different user communities have different security requirements, this paper proposes a model called DiffSec that provides differentiated security services according to different user security levels. We argue that this model can effectively reduce the network security service cost and improve the network performance and can meet the needs of long-term development of the network security technology. Based on the DiffSec, we design the structure of the secure access network (SANet) and the corresponding intelligent control method using the combination of NFV and SDN, and implement the prototype system. The experimental results of the prototype system show that SANet can not only provide flexible and correct network security functions, but also has good network performance and practical value.

Key words: network security, software-defined networking (SDN), network function virtualization (NFV), intelligent control, prototype system

CLC Number: