关键词: SDN指纹攻击, 往返时延, 模糊混淆, 指纹信息隐藏, 概率加扰, 动态混淆调度

Abstract: The "three-layer two-interface" architecture of software-defined networking (SDN) enables attackers to infer fingerprint information such as network type,controller type,and key flow rules by analyzing the round-trip time distribution of packets.Currently SDN fingerprint attack and its defense research are not mature,so this paper constructs a full-factor SDN fingerprint attack chain.Then,the probabilistic scrambling mechanism and controller dynamic confusion scheduling mechanism are designed in the dual time dimension respectively.More specifically,the gradient probabilistic scrambling and optimal confusion scheduling synergistically promote the information hiding degree of SDN fingerprint.The experimental results show that the mechanism can effectively hide the SDN fingerprint information while reducing the impact on network performance.

Key words: SDN fingerprint attack, round-trip time, fuzzy confusion, fingerprint information hiding degree, probabilistic scrambling mechanism, controller dynamic confusion scheduling mechanism