POF协议解析器  

作　　者：储苏红 刘磊[1,2] CHU Su-hong;LIU Lei(National Network New Media Engineering Research Center,Institute of Acoustics,Chinese Academy of Sciences,Beijing 100190,China;University of Chinese Academy of Sciences,Beijing 100049,China)

机构地区：[1]中国科学院声学研究所国家网络新媒体工程技术研究中心,北京100190 [2]中国科学院大学,北京100049

出　　处：《计算机与现代化》2022年第9期93-98,105,共7页Computer and Modernization

基　　金：中国科学院战略性科技先导专项课题(XDC02070100)。

摘　　要：针对SDN的安全问题,传统的防火墙、防病毒软件能在一定程度上防止外部非法入侵,但是对于防御非法修改交换机/控制器配置和流规则造成的重要信息泄露等内部威胁的效果甚微。POF协议作为SDN的南向接口协议,实现了控制器对网络的配置管理。通过解析POF消息可监控SDN网络通信内容,从而发掘内部安全问题。本文对POF协议进行详细的研究和分析,并基于网络安全审计系统设计POF协议解析器。该协议解析器能够在线解析识别POF消息类型及其关键字段,并生成会话日志和操作日志进行存储展示,有助于及时发掘非法行为,并可在网络安全事件发生后协助溯源取证。通过实验测试,系统集成POF协议解析器后在满足不丢包情况下至少能达到30000的每秒并发连接数、460Mbps的吞吐以及每秒处理53万个数据包的性能。For the security issues of SDN,the traditional firewalls and antivirus softwares can only prevent unauthorized external intrusions,but have little effect on preventing internal threats such as important information leakage caused by unauthorized modification of switch or controller configurations and flow rules. As the southbound interface of SDN,POF enables the controller to configure and control network behavior. By parsing POF messages,the communication content of SDN can be monitored and internal security problems can be discovered. In this paper,the POF is carefully studied and analyzed,and a protocol parser is designed based on network security audit system,through which the POF message types and key fields can be parsed and identified online,and session logs and operation logs can be generated for storage and display. This helps discover illegal behaviors in time and trace the source of evidence after a cyber security incident occurs. Through experimental tests,the system can achieve at least30000 connections per second,460 Mbps throughput,and 530000 packets per second processing performance under the premise of zero packet loss.

关 键 词：网络安全审计系统 SDN POF 协议解析 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]