Design and Implementation of Mimic Network Operating System

Wang Zhenpeng; Hu Hongchao; Cheng Guozhen

doi:10.7544/issn1000-1239.2017.20170444

Journal of Computer Research and Development > 2017 > 54(10): 2321-2333. > DOI: 10.7544/issn1000-1239.2017.20170444 CSTR: 32373.14.issn1000-1239.2017.20170444

Wang Zhenpeng, Hu Hongchao, Cheng Guozhen. Design and Implementation of Mimic Network Operating System[J]. Journal of Computer Research and Development, 2017, 54(10): 2321-2333. DOI: 10.7544/issn1000-1239.2017.20170444

Citation:

PDF (3663 KB)

Design and Implementation of Mimic Network Operating System

(National Digital Switching System Engineering & Technological Research Center, Zhengzhou 450003)

More Information

Published Date: September 30, 2017

Graphical Abstract

Abstract

Abstract

As a mission-critical network component in software defined networking (SDN), SDN control plane is suffering from the vulnerabilities exploited to launch malicious attacks, such as malicious applications attack, modifying flow rule attack, and so on. In this paper, we design and implement mimic network operating system (MNOS), an active defense architecture based on mimic security defense to deal with it. In addition to the SDN data plane and control plane, a mimic plane is introduced between them to manage and dynamically schedule heterogeneous SDN controllers. First, MNOS dynamically selects m controllers to be active to provide network service in parallel according to a certain scheduling strategy, and then judges whether controllers are in benign conditions via comparing the m responses from the controllers, and decides a most trusted response to send to switches so that the minority of malicious controllers will be tolerated. Theoretical analysis and experimental results demonstrate that MNOS can reduce the successful attack probability and significantly improve network security, and these benefits come at only modest cost: the latency is only about 9.47% lower. And simulation results prove that the scheduling strategy and decision fusion method proposed can increase system diversity and the accuracy of decisions respectively, which will enhance the security performance further.

FullText(HTML)

References (0)

[1]	Wang Fengjuan, Lü Pan, Jin Ouwen, Xing Qinghui, Deng Shuiguang. A Resource Allocation Method for Neuron Computer Operating System[J]. Journal of Computer Research and Development, 2023, 60(9): 1948-1959. DOI: 10.7544/issn1000-1239.202330422
[2]	Wu Song, Wang Kun, Jin Hai. Research Situation and Prospects of Operating System Virtualization[J]. Journal of Computer Research and Development, 2019, 56(1): 58-68. DOI: 10.7544/issn1000-1239.2019.20180720
[3]	Wang Tao, Chen Hongchang, Cheng Guozhen. A Dynamic Defense Mechanism for SDN DoS Attacks Based on Network Resource Management Technology[J]. Journal of Computer Research and Development, 2017, 54(10): 2356-2368. DOI: 10.7544/issn1000-1239.2017.20170389
[4]	Lin Wangqun, Wang Hui, Liu Jiahong, Deng Lei, Li Aiping, Wu Quanyuan, and Jia Yan. Research on Active Defense Technology in Network Security Based on Non-Cooperative Dynamic Game Theory[J]. Journal of Computer Research and Development, 2011, 48(2): 306-316.
[5]	Zhao Xia, Chen Xiangqun, Guo Yao, Yang Fuqing. A Survey on Operating System Power Management[J]. Journal of Computer Research and Development, 2008, 45(5): 817-824.
[6]	Shan Zhiyong and Shi Wenchang. STBAC: A New Access Control Model for Operating System[J]. Journal of Computer Research and Development, 2008, 45(5): 758-764.
[7]	Rui Jianwu, Wu Jian, and Sun Yufang. Design of Mongolian Operating System Within the Framework of Internationalization[J]. Journal of Computer Research and Development, 2006, 43(4): 716-721.
[8]	Li Hong, Chen Xianglan, Wu Mingqiao, Gong Yuchang, and Zhao Zhenxi. Design of a Servent Based Operating System[J]. Journal of Computer Research and Development, 2005, 42(7): 1272-1276.
[9]	Meng Dan, Zhan Jianfeng, Wang Lei, Tu Bibo, Zhang Zhihong. Fully Integrated Cluster Operating System: Phoenix[J]. Journal of Computer Research and Development, 2005, 42(6): 979-986.
[10]	Zheng Zhirong, Cai Yi, and Shen Changxiang. Research on an Application Class Communication Security Model on Operating System Security Framework[J]. Journal of Computer Research and Development, 2005, 42(2): 322-328.