With the development of network technologies, since the existing network structure cannot meet the requirements of rapidly expanded network scales and constantly enriched application types, all the countries in the world have carried out researches on future network architectures and have made some progress. A software defined network (SDN) has received extensive attention from industry and academia, which is a novel network innovation architecture, and is a manner for implementing network virtualization. The core technology, i.e. OpenFlow implements the flexible control of network traffic by separating a control plane of a network device from a data plane, so that a network as a pipeline becomes more intelligent. A control function is separated from the network device by the SDN, a flow table structure is maintained on an SDN switch, data packets are forwarded according to a flow table, and the generation, maintenance and configuration of the flow table are managed by a management controller. The flow table structure flattens network processing levels, so that the processing of network data meets the processing requirements of fine granularity. Under such a forwarding and control separation architecture, a logic control function of the network and a high-level policy can be flexibly managed and configured dynamically by the management controller, and a novel network architecture can be implemented and deployed in the existing network in the case where the normal traffic of the traditional network is not affected. A basic network architecture of the SDN is shown in FIG. 1.
At present, researches on the application of the SDN to an industrial control system have been carried out in industry at home and abroad. The United States Department of Energy (DOE) carried out an SDN-based industrial network research project in October, 2013 to introduce an SDN-based flow controller into an energy system, meet information transmission and exchange goals of an energy transfer system, and construct an energy transfer system which can maintain key functions, resist attack events and have elasticity. Moreover, in industry 4.0, the SDN is also used as important research content for industrial communications.
The transmission control technology of data communications can also be called an access control technology of communications, which is a security guarantee method for controlling data flow transmission in a network, and is applied to the design of various firewalls in general, especially firewalls based on packet filtering. The transmission control technology can enhance the security inside the network, and can determine that legal data communication flows are allowed to be transmitted, and illegal data communication flows are dropped. During access control, data parsing is performed by checking each data packet which flows through, the parsing result is matched with preset access control rules, one-one comparison is performed according to the order of the rules, and a processing operation conforming to the rules is executed, thereby protecting the communication security of the network. A processing operation of access control includes two manners in general: one manner is to prevent a transmission flow from passing through; and the other manner is to allow the transmission flow to pass through.
The communication flow transmission control of the industrial control system should be oriented to a plurality of industrial proprietary communication protocols, for example, Modbus/TCP, OPC, DNP3 and the like which all belong to an application layer protocol. Therefore, a deep packet parsing technology is needed to perform in-depth parsing on application data of various industrial proprietary communication protocols, so that the transmission control of an industrial communication data flow is implemented on this basis.