西安电子科技大学学报 ›› 2019, Vol. 46 ›› Issue (1): 158-165.doi: 10.19665/j.issn1001-2400.2019.01.025

• • 上一篇    下一篇

一种软件定义网络的安全服务路径优化构建机制

刘益岑,陈兴凯,卢昱,乔文欣   

  1. 陆军工程大学 装备模拟训练中心,河北 石家庄 050003
  • 收稿日期:2018-07-24 出版日期:2019-02-20 发布日期:2019-03-05
  • 作者简介:刘益岑(1993-),男,陆军工程大学硕士研究生,E-mail: 18419764051@163.com
  • 基金资助:
    国家自然科学基金(61271152);国家自然科学基金青年基金(61602505)

SDN-based optimal security service path construction mechanism

LIU Yicen,CHEN Xingkai,LU Yu,QIAO Wenxin   

  1. Equipment Simulation Training Center, Army Engineering Univ., Shijiazhuang 050003, China
  • Received:2018-07-24 Online:2019-02-20 Published:2019-03-05

摘要:

针对现有的安全服务路径优化构建方法缺乏综合考虑具体安全需求和底层资源状态的问题,提出一种基于启发式广度优先搜索算法的安全服务路径优化构建机制。首先,给出了基于软件定义网络的安全服务路径构建的总体结构,并引入整数线性规划对安全服务路径优化构建问题进行数学建模;其次,提出一种启发式广度优先搜索的模型求解算法,主要采用“先选择后搜索”的方式,解决同时考虑具体安全需求和底层资源状态的安全服务路径优化构建问题。仿真实验结果表明,所提出的构建机制在性能指标上优于对比方法。

关键词: 软件定义网络, 安全服务路径, 线性整数规划, 广度优先搜索

Abstract:

In view of the fact that existing security service path optimization methods lack a comprehensive consideration of the specific security requirements and the underlying resource status, a dynamic construction mechanism of security service path based on the heuristic breadth first search algorithm is proposed. First, the overall structure of the dynamic construction of the security service path based on the software-defined networking is given, and the integer linear programming is introduced to model this problem. Second, a model solving algorithm is proposed, which mainly adopts the "first select after search" method to solve the security service path construction problem which considers both the specific security needs and the underlying resource status. Finally, simulation results show that the proposed construction mechanism is better than the compared method in terms of the performance index.

Key words: software-defined networking, security service path, integer linear programming, breadth first search algorithm

中图分类号: 

  • TN915.81