3S网络：面向业务、安全增强的软件定义网络

[摘要] 针对如何在软件定义网络（SDN）体系架构下设计管理灵活、复杂性可控的网络以及如何保障网络安全等问题，提出了一种面向业务、安全增强、软件定义（3S）的网络体系架构。基于3S架构，设计实现了一种针对中国铁路通信信号系统网络的统一安全管控方案，并借助3S特性及神经网络算法，设计实现了一种有效的分布式拒绝服务攻击（DDoS）检测方法。

[关键词] 软件定义网络；网络安全；分布式拒绝服务攻击；中国列车运行控制系统

[Abstract] We proposes a service-oriented, security-enhanced and software-defined (3S) network (SDN) architecture which is flexible. And in this architecture, the network complexity can be reduced and security has been enhanced. Based on the 3S architecture, we design a unified security management scheme to guarantee network security. To tackle distrubted denial of service attack (DDoS) attacks, we designed a DDoS detection mechanism comprising attack trigger, attack detection, attack traceback, and attack mitigation.

[Keywords] SDN; network security; distributed denial of service; Chinese train control system