CN104683333A - Method for implementing abnormal traffic interception based on SDN - Google Patents
Method for implementing abnormal traffic interception based on SDN Download PDFInfo
- Publication number
- CN104683333A CN104683333A CN201510070235.2A CN201510070235A CN104683333A CN 104683333 A CN104683333 A CN 104683333A CN 201510070235 A CN201510070235 A CN 201510070235A CN 104683333 A CN104683333 A CN 104683333A
- Authority
- CN
- China
- Prior art keywords
- sdn
- interception
- characteristic information
- traffic interception
- forwarding unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Abstract
Embodiments of the invention provide a method and a system for implementing abnormal traffic interception. The method mainly comprises the following steps: extracting abnormal traffic characteristic information in a network, developing an appropriate traffic interception policy according to the abnormal traffic characteristic information, and transmitting the abnormal traffic characteristic information and the traffic interception policy to an SDN (Software Defined Network) controller; generating a traffic interception matching table item of forwarding equipment by the SDN controller according to the abnormal traffic characteristic information and the traffic interception policy, and transmitting the traffic interception matching table item to SDN forwarding equipment; matching received characteristic information of a packet to be forwarded with the traffic interception matching table item by the SDN forwarding equipment, and after matching successfully, performing interception on the packet to be forwarded according to the traffic interception matching table item. The embodiments of the invention can effectively and flexibly intercept the abnormal traffic or attack of the network without affecting normal services of the network, and are applicable to enterprise networks, campus networks, data center networks, internet networks and other traditional networks or novel SDN networks for intercepting the abnormal traffic.
Description
Technical field
The present invention relates to technical field of network security, particularly relate to a kind of method realizing abnormal flow interception based on SDN.
Background technology
Along with the fast development of the Internet, network opening, the degree of freedom is more and more higher, the importance of network security also highlights thereupon increasingly, current security solution mainly with Prevention-Security technology (as firewall system) and Intrusion Detection Technique (as intruding detection system, intrusion prevention system, network audit system, database audit system, malicious code monitoring system etc.) be main, disabled user is stoped to enter network by Prevention-Security technology, reduce the security risk of network, by detection technique implementing monitoring and Sampling network exception or attack, but although existing security means to some extent solves the safety problem of network and equipment, but all there is certain defect, such as traditional fire compartment wall is deployed in network edge, be intended to refuse those obviously suspicious external network traffic, but still allow the intrusion behavior of some normal discharge that disguises oneself as to pass through, moreover and not all threatens all from outside, therefore, fire compartment wall is still at one's wit's end for the attack of much attacking especially between internal network.
The bypass detection system of disposing can the further attack behavior of those firewall-penetratings of Timeliness coverage, but cannot tackle suspicious message in real time or interception result undesirable, it is passive that most intruding detection system is.
Therefore, in the urgent need to the effective scheme of one, detecting extremely, interception interception can carried out to abnormal flow or application fast and effectively.
Summary of the invention
The embodiment provides a kind of method realizing abnormal flow interception based on SDN (Software Defined Network, software defined network) controller, effectively, neatly to tackle exception flow of network or attack.
According to an aspect of the present invention, provide a kind of method realizing abnormal flow interception based on SDN, comprising:
Extract the abnormal flow characteristic information in network, make corresponding traffic interception strategy according to described abnormal flow characteristic information, described abnormal flow characteristic information, traffic interception strategy are sent to SDN controller;
Described traffic interception coupling list item, according to the traffic interception coupling list item of described abnormal flow characteristic information, traffic interception strategy generating forwarding unit, is sent to described SDN forwarding unit by described SDN controller;
The characteristic information of the data to be forwarded bag received and described traffic interception coupling list item mate by described SDN forwarding unit, after the match is successful, carry out intercept process according to described traffic interception coupling list item to described data to be forwarded bag.
Preferably, described described abnormal flow characteristic information, traffic interception strategy are sent to SDN controller before, also comprise:
Arrange SDN forwarding unit in legacy network porch, this SDN forwarding unit is communicated with described SDN controller by OFP agreement;
Or,
Forward-path between the different forwarding units of legacy network inside arranges SDN forwarding unit, and this SDN forwarding unit is communicated with described SDN controller by OFP agreement;
Or,
Utilize SDN controller and SDN forwarding unit in existing SDN, described SDN forwarding unit is communicated with described SDN controller by OFP agreement.
Preferably, the abnormal flow characteristic information in described extraction network, makes corresponding traffic interception strategy according to described abnormal flow characteristic information, described abnormal flow characteristic information, traffic interception strategy is sent to SDN controller, comprises:
Arrange network security monitoring system and abnormal flow intercepting system in a network, described abnormal flow intercepting system comprises: traffic interception interface module, described SDN controller and described SDN forwarding unit;
After network security monitoring system detects that abnormal conditions appear in the traffic transport in network, abnormal conditions information is sent to abnormal flow intercepting system, after traffic interception interface module in described abnormal flow intercepting system receives described abnormal conditions information, according to the abnormal flow characteristic information in abnormal conditions information extraction network, make corresponding traffic interception strategy according to described abnormal flow characteristic information;
Described abnormal flow characteristic information, traffic interception strategy transmission are given described SDN controller by application programming interface API by described traffic interception interface module.
Preferably, described traffic interception coupling list item, according to the traffic interception coupling list item of described abnormal flow characteristic information, traffic interception strategy generating forwarding unit, is sent to described SDN forwarding unit, comprises by described SDN controller:
SDN controller is according to the configuration information of the abnormal flow feature received, traffic interception strategy and each SDN forwarding unit, generate the traffic interception coupling list item that each SDN forwarding unit is corresponding, described traffic interception coupling list item comprises packet characteristic information and the traffic interception strategy of needs interception, by OFP agreement, the OFP protocol package of carrying described traffic interception coupling list item is sent to corresponding SDN forwarding unit;
After what described SDN forwarding unit received that described SDN controller sends over carry the OFP protocol package of described traffic interception coupling list item, after verifying that the mark of the device identification and SDN forwarding unit self comprised in described OFP protocol package is consistent, described traffic interception coupling list item is stored.
Preferably, described packet characteristic information includes but not limited to port, VLAN ID, source IP, object IP, source MAC, object MAC, EtherType, at least one item in TCP/UDP port information, and described traffic interception strategy comprises and abandons or change forward-path.
Preferably, the characteristic information of the data to be forwarded bag received and described traffic interception coupling list item mate by described SDN forwarding unit, after the match is successful, according to described traffic interception coupling list item, intercept process is carried out to described data to be forwarded bag, comprising:
After SDN forwarding unit receives packet to be forwarded, extract the packet characteristic information of described packet, each packet characteristic information that the packet characteristic information of extraction and described traffic interception coupling list item comprise is mated one by one;
When after certain packet characteristic information coupling that the packet characteristic information extracted and described traffic interception coupling list item comprise, the traffic interception strategy that described in comprising according to described traffic interception coupling list item, certain packet characteristic information is corresponding, carries out intercept process to described packet to be forwarded;
When after not the mating of the packet characteristic information extracted and all packet characteristic informations of comprising of described traffic interception coupling list item, according to original forwardings is regular, described packet to be forwarded is forwarded.
According to a further aspect in the invention, provide a kind of system realizing abnormal flow interception based on SDN, comprising: traffic interception interface module, SDN controller and SDN forwarding unit;
Described traffic interception interface module, for extracting the abnormal flow characteristic information in network, makes corresponding traffic interception strategy according to described abnormal flow characteristic information, described abnormal flow characteristic information, traffic interception strategy is sent to SDN controller;
Described SDN controller, for the traffic interception coupling list item according to described abnormal flow characteristic information, traffic interception strategy generating forwarding unit, sends to described SDN forwarding unit by described traffic interception coupling list item;
Described SDN forwarding unit, for the characteristic information of the data to be forwarded received bag and described traffic interception coupling list item being mated, after the match is successful, carries out intercept process according to described traffic interception coupling list item to described data to be forwarded bag.
Preferably, described SDN forwarding unit is arranged on the porch of legacy network, and this SDN forwarding unit is communicated with described SDN controller by OFP agreement; Or described SDN forwarding unit is arranged between the different forwarding units of legacy network inside, and this SDN forwarding unit is communicated with described SDN controller by OFP agreement; Or utilize the SDN controller in existing SDN and SDN forwarding unit, described SDN forwarding unit is communicated with described SDN controller by OFP agreement.
Preferably, described system also comprises: network security monitoring system, described traffic interception interface module, SDN controller and SDN forwarding unit composition abnormal flow intercepting system;
Described network security monitoring system, after abnormal conditions appear in the traffic transport for detecting in network, sends to abnormal flow intercepting system by abnormal conditions information;
Described traffic interception interface module, for being connected with described SDN controller, after receiving described abnormal conditions information, according to the abnormal flow characteristic information in abnormal conditions information extraction network, make corresponding traffic interception strategy according to described abnormal flow characteristic information, give described SDN controller by application programming interface API by described abnormal flow characteristic information, traffic interception strategy transmission.
Preferably, described SDN controller, for the configuration information according to the abnormal flow feature, traffic interception strategy and each SDN forwarding unit that receive, generate the traffic interception coupling list item that each SDN forwarding unit is corresponding, described traffic interception coupling list item comprises packet characteristic information and the traffic interception strategy of needs interception, by OFP agreement, the OFP protocol package of carrying described traffic interception coupling list item is sent to corresponding SDN forwarding unit;
Described SDN forwarding unit, for receive that described SDN controller sends over carry the OFP protocol package of described traffic interception coupling list item after, after verifying that the mark of the device identification and SDN forwarding unit self comprised in described OFP protocol package is consistent, described traffic interception coupling list item is stored.
Preferably, described SDN forwarding unit, after receiving packet to be forwarded, extract the packet characteristic information of described packet, each packet characteristic information that the packet characteristic information of extraction and described traffic interception coupling list item comprise is mated one by one;
When after certain packet characteristic information coupling that the packet characteristic information extracted and described traffic interception coupling list item comprise, the traffic interception strategy that described in comprising according to described traffic interception coupling list item, certain packet characteristic information is corresponding, carries out intercept process to described packet to be forwarded;
When after not the mating of the packet characteristic information extracted and all packet characteristic informations of comprising of described traffic interception coupling list item, according to original forwardings is regular, described packet to be forwarded is forwarded.
The technical scheme provided as can be seen from the embodiment of the invention described above, the embodiment of the present invention is by arranging SDN controller and SDN forwarding unit in network, can when not affecting network regular traffic, effectively, neatly exception flow of network or attack are tackled, go for the legacy networks such as enterprise network, Campus Networks, data center network, internet or the interception of SDN enforcement abnormal flow.
The aspect that the present invention adds and advantage will part provide in the following description, and these will become obvious from the following description, or be recognized by practice of the present invention.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, below the accompanying drawing used required in describing embodiment is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
A kind of application scenarios schematic diagram that SDN forwarding unit is set in legacy network porch that Fig. 1 provides for the embodiment of the present invention one;
A kind of forward-path between the different forwarding units of legacy network inside that Fig. 2 provides for the embodiment of the present invention one is arranged the application scenarios schematic diagram of SDN forwarding unit;
A kind of application scenarios schematic diagram implementing abnormal flow interception in SDN that Fig. 3 provides for the embodiment of the present invention one;
A kind of process chart realizing the method for abnormal flow interception based on SDN that Fig. 4 provides for the embodiment of the present invention one;
A kind of structural representation realizing the system of abnormal flow interception based on SDN that Fig. 5 provides for the embodiment of the present invention two, in figure, network security monitoring system 51 and abnormal flow intercepting system 52, abnormal flow intercepting system 52 comprises: traffic interception interface module 521, SDN controller 522 and SDN forwarding unit 523.
Embodiment
Be described below in detail embodiments of the present invention, the example of described execution mode is shown in the drawings, and wherein same or similar label represents same or similar element or has element that is identical or similar functions from start to finish.Being exemplary below by the execution mode be described with reference to the drawings, only for explaining the present invention, and can not limitation of the present invention being interpreted as.
Those skilled in the art of the present technique are appreciated that unless expressly stated, and singulative used herein " ", " one ", " described " and " being somebody's turn to do " also can comprise plural form.Should be further understood that, the wording used in specification of the present invention " comprises " and refers to there is described feature, integer, step, operation, element and/or assembly, but does not get rid of and exist or add other features one or more, integer, step, operation, element, assembly and/or their group.Should be appreciated that, when we claim element to be " connected " or " coupling " to another element time, it can be directly connected or coupled to other elements, or also can there is intermediary element.In addition, " connection " used herein or " coupling " can comprise wireless connections or couple.Wording "and/or" used herein comprises one or more arbitrary unit listing item be associated and all combinations.
Those skilled in the art of the present technique are appreciated that unless otherwise defined, and all terms used herein (comprising technical term and scientific terminology) have the meaning identical with the general understanding of the those of ordinary skill in field belonging to the present invention.Should also be understood that those terms defined in such as general dictionary should be understood to have the meaning consistent with the meaning in the context of prior art, unless and define as here, can not explain by idealized or too formal implication.
For ease of the understanding to the embodiment of the present invention, be further explained explanation below in conjunction with accompanying drawing for several specific embodiment, and each embodiment does not form the restriction to the embodiment of the present invention.
Embodiment one
A kind of new network innovation of SDN framework, it is a kind of implementation of network virtualization, its core technology OpenFlow by network equipment chain of command and data surface being separated, thus achieves the flexible control of network traffics, makes network become more intelligent as pipeline.
The embodiment of the present invention arranges network security monitoring system and abnormal flow intercepting system in a network, abnormal flow intercepting system comprises abnormal flow interception interface module, SDN controller and SDN forwarding unit, abnormal flow interception interface module is connected with SDN controller, and SDN controller and SDN forwarding unit support openflow agreement.
It can be that the various network such as internet, wireless network, Ethernet or internal lan connects that network between network security monitoring system and abnormal flow intercepting system, between abnormal flow interception interface module and SDN controller connects.
In embodiments of the present invention, abnormal flow interception can be implemented by the inside forward-path that SDN forwarding unit is arranged on legacy network entrance or network, also can directly utilize existing SDN to implement.The quantity of SDN forwarding unit can be one or more.
What this embodiment provided a kind ofly arranges the application scenarios schematic diagram of SDN forwarding unit as shown in Figure 1 in legacy network porch such as internet, in FIG, this SDN forwarding unit is communicated with SDN controller by OFP agreement, this SDN forwarding unit is also connected with the forwarding unit of legacy network inside (shown in black oblique line), the all packets of the legacy network be transferred in Fig. 1 are forwarded, blocking-up interception can be carried out to abnormal flow interior in the legacy network in whole Fig. 1.
Forward-path between a kind of different forwarding units in legacy network inside such as internet that this embodiment provides (shown in black oblique line) arranges the application scenarios schematic diagram of SDN forwarding unit as shown in Figure 2, in fig. 2, this SDN forwarding unit is communicated with described SDN controller by OFP agreement, SDN forwarding unit carries out forward process to the packet on the forward-path at place, can carry out blocking-up interception according to demand to the internal abnormality flow of the legacy network in Fig. 2.
A kind of application scenarios schematic diagram utilizing existing SDN to implement abnormal flow interception that this embodiment provides as shown in Figure 3, in SDN, comprise SDN controller and SDN forwarding unit, described SDN forwarding unit is communicated with described SDN controller by OFP agreement.SDN is that typical control forwards divergence type network, and SDN controller is responsible for the generation of forwarding-table item and is issued, and the forwarding-table item that forwarding unit then issues according to SDN controller carries out message coupling and forward process.
The embodiment of the present invention does not limit to the concrete placement location of above-mentioned SDN forwarding unit, and any modes of emplacement of above-mentioned SDN forwarding unit in legacy network and SDN is all in the protection range of the embodiment of the present invention.
Those skilled in the art will be understood that the application type of above-mentioned legacy network and SDN is only citing; other network application types that are existing or that may occur from now on are as being applicable to the embodiment of the present invention; also within scope should being included in, and this is contained at this with way of reference.
Those skilled in the art will be understood that, Fig. 1 and Fig. 2 and Fig. 3 only for simplicity's sake and the quantity of the disparate networks element illustrated may be less than the quantity in a real network, but this omission beyond doubt with can not affect to inventive embodiments carry out clear, be disclosed as prerequisite fully.
This embodiment offers a kind of handling process realizing the method for abnormal flow interception based on SDN as shown in Figure 4, comprise following treatment step:
Step S410, network security monitoring system send abnormal conditions information to abnormal flow intercepting system.
Network security monitoring system detects that abnormal conditions appear in the traffic transport in network, the abnormality detection technology that network security monitoring system adopts can use existing detection technique, detection as Corpus--based Method, the detection based on threshold value, neural net, model prediction, genetic algorithm, data mining, IDS (Intrusion Detection Systems, intruding detection system) technology etc., the abnormal conditions information detected includes but not limited to virus, malicious attack, network failure, illegal invasion etc.Above-mentioned network can be legacy network and the SDN emerging networks such as enterprise network, Campus Networks, data center network, internet.
The abnormal conditions information detected is sent to the process of abnormal flow intercepting system by network security monitoring system.
Traffic interception interface module in step S420, abnormal flow intercepting system by abnormal flow characteristic information, traffic interception strategy transmission to SDN controller.
In this embodiment, above-mentioned controller and SDN forwarding unit build based on SDN, support openflow agreement, are communicated between them by openflow agreement.
A controller can be connected with multiple SDN forwarding unit, the configuration information of each SDN forwarding unit is set, this configuration information comprises the information such as address, mark, forward-path, forwarding rule of SDN forwarding unit, stores the information of the packet that each SDN forwarding unit forwards.This SDN forwarding unit can be router or switch etc.
Traffic interception interface module according to the abnormal flow characteristic information in abnormal conditions information extraction network, makes corresponding traffic interception strategy according to abnormal flow characteristic information after receiving the abnormal conditions information that network security monitoring system sends.Abnormal flow characteristic information includes but not limited to port, VLAN (Virtual Local Area Network, VLAN) ID, source IP, object IP, source MAC, object MAC, EtherType, TCP/UDP port information.
Then, traffic interception interface module utilize communication network by the north orientation API (Application Programming Interface, application programming interface) of SDN controller by above-mentioned abnormal flow characteristic information, traffic interception strategy transmission to SDN controller.
The abnormal flow characteristic sum traffic interception strategy that step S430, SDN controller are transmitted by north orientation api interface reception traffic interception interface module, according to above-mentioned abnormal flow characteristic sum traffic interception strategy, and the configuration information of each SDN forwarding unit, generate the traffic interception coupling list item that each SDN forwarding unit is corresponding, by OFP agreement, the OFP packet carrying above-mentioned traffic interception coupling list item is issued to corresponding SDN forwarding unit.
Above-mentioned traffic interception coupling list item comprises packet characteristic information and the traffic interception strategy of needs interception, above-mentioned characteristic information is the port information of packet, VLAN ID, source IP, object IP, source MAC, object MAC, EtherType, at least one item in the information such as TCP/UDP port information, above-mentioned traffic interception strategy can for abandoning or changing forward-path etc.
Exemplary, a kind of above-mentioned traffic interception coupling list item is as shown in table 1:
Table 1
Step S440, SDN forwarding unit by OFP interface receive SDN controller be its issue carry traffic interception coupling list item OFP protocol package after, after verifying that the mark of the device identification and SDN forwarding unit self comprised in OFP protocol package is consistent, traffic interception is mated list item and stores.
Then, after SDN forwarding unit receives packet to be forwarded, extract the packet characteristic information of described packet, each packet characteristic information that the packet characteristic information of extraction and described traffic interception coupling list item comprise is mated one by one;
Step S450, when extract packet characteristic information and described traffic interception coupling list item comprise certain packet characteristic information coupling after, perform step S460;
When after not the mating of the packet characteristic information extracted and all packet characteristic informations of comprising of described traffic interception coupling list item, perform step S170.
Step S460, to comprise according to described traffic interception coupling list item described in traffic interception strategy corresponding to certain packet characteristic information, packet to be forwarded is abandoned or the intercept process such as alternative routing.
Such as, network security monitoring system detects the data exception being derived from IP address 192.168.45.136, by the abnormal flow intercepting system of abnormal conditions circular with its interlock, the abnormal flow interception interface module of abnormal flow intercepting system extracts abnormal flow feature, i.e. source IP-192.168.45.136, formulate the process of traffic interception strategy-DROP (packet loss) packet loss, and by these information by SDN controller north orientation api interface write SDN controller, SDN controller generates corresponding discharge interception coupling list item according to the information of write and is issued to forwarding unit, traffic interception coupling list item matching field is source IP, coupling target is 192.168.45.136, operation-DROP packet loss, forwarding unit carries out list item coupling after receiving data message, if message source address is 192.168.45.136, then discard processing is carried out to message, other messages forward the normal forwarding of rule according to list item.
When needs carry out traffic interception to SDN, only need by traffic interception interface module after receiving the abnormal data that network security monitoring system detects, extract abnormal flow feature, make traffic interception strategy, and by these information write SDN controller, SDN controller, receiving the traffic interception information of traffic interception interface module write, generates corresponding list item, and issues the interception that forwarding unit carries out individual features message/data flow.
Step S470, according to original forwarding rule, described packet to be forwarded to be forwarded.
Legacy network is being carried out in the scene of traffic interception, the SDN forwarding unit that the embodiment of the present invention relates under normal circumstances forwards message as common forwarding unit, adding of SDN forwarding unit does not affect Network and performance, when network security monitoring system has detected abnormal conditions, the characteristic information and the strategic decision-making that need intercepted traffic is generated by traffic interception interface module, and inform SDN controller, SDN controller generates the list item being used for abnormal flow coupling according to these information, comprise occurrence, traffic interception strategy etc., be handed down to SDN forwarding unit, SDN forwarding unit receives the forwarding-table item that SDN controller issues, preferentially according to list item, matching treatment is carried out to message, the carrying out interception matched blocks, otherwise continue to forward according to the normal rule that forwards.
In actual applications; the function of above-mentioned traffic interception interface module can be integrated in SDN controller and realize; namely above-mentioned traffic interception interface module can combine with above-mentioned SDN controller, and this version is also within the protection range of the embodiment of the present invention.
Embodiment two
This embodiment offers a kind of system realizing abnormal flow interception based on SDN, its specific implementation structure as shown in Figure 5, specifically can comprise following module: network security monitoring system 51 and abnormal flow intercepting system 52, abnormal flow intercepting system 52 comprises: traffic interception interface module 521, SDN controller 522 and SDN forwarding unit 523.
Described traffic interception interface module 521, for extracting the abnormal flow characteristic information in network, make corresponding traffic interception strategy according to described abnormal flow characteristic information, described abnormal flow characteristic information, traffic interception strategy are sent to SDN controller;
Described SDN controller 522, for the traffic interception coupling list item according to described abnormal flow characteristic information, traffic interception strategy generating forwarding unit, sends to described SDN forwarding unit by described traffic interception coupling list item;
Described SDN forwarding unit 523, for the characteristic information of the data to be forwarded received bag and described traffic interception coupling list item being mated, after the match is successful, carries out intercept process according to described traffic interception coupling list item to described data to be forwarded bag.
Further, described SDN forwarding unit is arranged on-legacy network porch, and this SDN forwarding unit is communicated with described SDN controller by OFP agreement; Or described SDN forwarding unit is arranged on-the different forwarding units of legacy network inside between, this SDN forwarding unit is communicated with described SDN controller by OFP agreement; Or utilize the SDN controller in existing SDN and SDN forwarding unit, described SDN forwarding unit is communicated with described SDN controller by OFP agreement.
Further, described network security monitoring system, after abnormal conditions appear in the traffic transport for detecting in network, sends to abnormal flow intercepting system by abnormal conditions information;
Described traffic interception interface module, for being connected by network with described SDN controller, after receiving described abnormal conditions information, according to the abnormal flow characteristic information in abnormal conditions information extraction network, make corresponding traffic interception strategy according to described abnormal flow characteristic information, utilize communication network by application programming interface API by described abnormal flow characteristic information, traffic interception strategy transmission give described SDN controller.
Further, described SDN controller, for the configuration information according to the abnormal flow feature, traffic interception strategy and each SDN forwarding unit that receive, generate the traffic interception coupling list item that each SDN forwarding unit is corresponding, described traffic interception coupling list item comprises packet characteristic information and the traffic interception strategy of needs interception, by OFP agreement, the OFP protocol package of carrying described traffic interception coupling list item is sent to corresponding SDN forwarding unit;
Described SDN forwarding unit, for receive that described SDN controller sends over carry the OFP protocol package of described traffic interception coupling list item after, after verifying that the mark of the device identification and SDN forwarding unit self comprised in OFP protocol package is consistent, described traffic interception coupling list item is stored.
Further, described SDN forwarding unit, after receiving packet to be forwarded, extract the packet characteristic information of described packet, each packet characteristic information that the packet characteristic information of extraction and described traffic interception coupling list item comprise is mated one by one;
When after certain packet characteristic information coupling that the packet characteristic information extracted and described traffic interception coupling list item comprise, the traffic interception strategy that described in comprising according to described traffic interception coupling list item, certain packet characteristic information is corresponding, carries out intercept process to described packet to be forwarded;
When after not the mating of the packet characteristic information extracted and all packet characteristic informations of comprising of described traffic interception coupling list item, according to original forwardings is regular, described packet to be forwarded is forwarded.
With the system of the embodiment of the present invention carry out based on SDN realize abnormal flow interception detailed process and preceding method embodiment similar, repeat no more herein.
In sum, the embodiment of the present invention is by arranging traffic interception interface module, SDN controller and SDN forwarding unit in network, can when not affecting network regular traffic, effectively, neatly exception flow of network or attack are tackled, go for the network of the various enforcement abnormal flow interception of legacy network or the SDN etc. such as internet.
The embodiment of the present invention detecting abnormal after, not only initiatively can effectively tackle internetwork attack, also can the attack of initiative recognition and interception network internal; Can initiatively find and tackle the further attack behavior of those firewall-penetratings in time.
One of ordinary skill in the art will appreciate that: accompanying drawing is the schematic diagram of an embodiment, the module in accompanying drawing or flow process might not be that enforcement the present invention is necessary.
As seen through the above description of the embodiments, those skilled in the art can be well understood to the mode that the present invention can add required general hardware platform by software and realizes.Based on such understanding, technical scheme of the present invention can embody with the form of software product the part that prior art contributes in essence in other words, this computer software product can be stored in storage medium, as ROM/RAM, magnetic disc, CD etc., comprising some instructions in order to make a computer equipment (can be personal computer, server, or the network equipment etc.) perform the method described in some part of each embodiment of the present invention or embodiment.
Each embodiment in this specification all adopts the mode of going forward one by one to describe, between each embodiment identical similar part mutually see, what each embodiment stressed is the difference with other embodiments.Especially, for device or system embodiment, because it is substantially similar to embodiment of the method, so describe fairly simple, relevant part illustrates see the part of embodiment of the method.Apparatus and system embodiment described above is only schematic, the wherein said unit illustrated as separating component or can may not be and physically separates, parts as unit display can be or may not be physical location, namely can be positioned at a place, or also can be distributed in multiple network element.Some or all of module wherein can be selected according to the actual needs to realize the object of the present embodiment scheme.Those of ordinary skill in the art, when not paying creative work, are namely appreciated that and implement.
The above; be only the present invention's preferably embodiment, but protection scope of the present invention is not limited thereto, is anyly familiar with those skilled in the art in the technical scope that the present invention discloses; the change that can expect easily or replacement, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.
Claims (11)
1., based on the method realizing abnormal flow interception of SDN, it is characterized in that, comprising:
Extract the abnormal flow characteristic information in network, make corresponding traffic interception strategy according to described abnormal flow characteristic information, described abnormal flow characteristic information, traffic interception strategy are sent to SDN controller;
Described traffic interception coupling list item, according to the traffic interception coupling list item of described abnormal flow characteristic information, traffic interception strategy generating forwarding unit, is sent to described SDN forwarding unit by described SDN controller;
The characteristic information of the data to be forwarded bag received and described traffic interception coupling list item mate by described SDN forwarding unit, after the match is successful, carry out intercept process according to described traffic interception coupling list item to described data to be forwarded bag.
2. the method realizing abnormal flow interception based on SDN according to claim 1, is characterized in that, described described abnormal flow characteristic information, traffic interception strategy are sent to SDN controller before, also comprise:
Arrange SDN forwarding unit in legacy network porch, this SDN forwarding unit is communicated with described SDN controller by OFP agreement;
Or,
Forward-path between the different forwarding units of legacy network inside arranges SDN forwarding unit, and this SDN forwarding unit is communicated with described SDN controller by OFP agreement;
Or,
Utilize SDN controller and SDN forwarding unit in existing SDN, described SDN forwarding unit is communicated with described SDN controller by OFP agreement.
3. the method realizing abnormal flow interception based on SDN according to claim 2, it is characterized in that, abnormal flow characteristic information in described extraction network, corresponding traffic interception strategy is made according to described abnormal flow characteristic information, described abnormal flow characteristic information, traffic interception strategy are sent to SDN controller, comprise:
Arrange network security monitoring system and abnormal flow intercepting system in a network, described abnormal flow intercepting system comprises: traffic interception interface module, described SDN controller and described SDN forwarding unit;
After network security monitoring system detects that abnormal conditions appear in the traffic transport in network, abnormal conditions information is sent to abnormal flow intercepting system, after traffic interception interface module in described abnormal flow intercepting system receives described abnormal conditions information, according to the abnormal flow characteristic information in abnormal conditions information extraction network, make corresponding traffic interception strategy according to described abnormal flow characteristic information;
Described abnormal flow characteristic information, traffic interception strategy transmission are given described SDN controller by application programming interface API by described traffic interception interface module.
4. the method realizing abnormal flow interception based on SDN according to claim 1, it is characterized in that, described SDN controller is according to the traffic interception coupling list item of described abnormal flow characteristic information, traffic interception strategy generating forwarding unit, described traffic interception coupling list item is sent to described SDN forwarding unit, comprising:
SDN controller is according to the configuration information of the abnormal flow feature received, traffic interception strategy and each SDN forwarding unit, generate the traffic interception coupling list item that each SDN forwarding unit is corresponding, described traffic interception coupling list item comprises packet characteristic information and the traffic interception strategy of needs interception, by OFP agreement, the OFP protocol package of carrying described traffic interception coupling list item is sent to corresponding SDN forwarding unit;
After what described SDN forwarding unit received that described SDN controller sends over carry the OFP protocol package of described traffic interception coupling list item, after verifying that the mark of the device identification and SDN forwarding unit self comprised in described OFP protocol package is consistent, described traffic interception coupling list item is stored.
5. the method realizing abnormal flow interception based on SDN according to claim 4, it is characterized in that, described packet characteristic information includes but not limited to port, VLAN ID, source IP, object IP, source MAC, object MAC, EtherType, at least one item in TCP/UDP port information, described traffic interception strategy comprises and abandons or change forward-path.
6. the method realizing abnormal flow interception based on SDN according to any one of claim 1 to 5, it is characterized in that, the characteristic information of the data to be forwarded bag received and described traffic interception coupling list item mate by described SDN forwarding unit, after the match is successful, according to described traffic interception coupling list item, intercept process is carried out to described data to be forwarded bag, comprising:
After SDN forwarding unit receives packet to be forwarded, extract the packet characteristic information of described packet, each packet characteristic information that the packet characteristic information of extraction and described traffic interception coupling list item comprise is mated one by one;
When after certain packet characteristic information coupling that the packet characteristic information extracted and described traffic interception coupling list item comprise, the traffic interception strategy that described in comprising according to described traffic interception coupling list item, certain packet characteristic information is corresponding, carries out intercept process to described packet to be forwarded;
When after not the mating of the packet characteristic information extracted and all packet characteristic informations of comprising of described traffic interception coupling list item, according to original forwardings is regular, described packet to be forwarded is forwarded.
7., based on the system realizing abnormal flow interception of SDN, it is characterized in that, comprising: traffic interception interface module, SDN controller and SDN forwarding unit;
Described traffic interception interface module, for extracting the abnormal flow characteristic information in network, makes corresponding traffic interception strategy according to described abnormal flow characteristic information, described abnormal flow characteristic information, traffic interception strategy is sent to SDN controller;
Described SDN controller, for the traffic interception coupling list item according to described abnormal flow characteristic information, traffic interception strategy generating forwarding unit, sends to described SDN forwarding unit by described traffic interception coupling list item;
Described SDN forwarding unit, for the characteristic information of the data to be forwarded received bag and described traffic interception coupling list item being mated, after the match is successful, carries out intercept process according to described traffic interception coupling list item to described data to be forwarded bag.
8. the system realizing abnormal flow interception based on SDN according to claim 7, it is characterized in that, described SDN forwarding unit is arranged on the porch of legacy network, and this SDN forwarding unit is communicated with described SDN controller by OFP agreement; Or described SDN forwarding unit is arranged between the different forwarding units of legacy network inside, and this SDN forwarding unit is communicated with described SDN controller by OFP agreement; Or utilize the SDN controller in existing SDN and SDN forwarding unit, described SDN forwarding unit is communicated with described SDN controller by OFP agreement.
9. the system realizing abnormal flow interception based on SDN according to claim 7, it is characterized in that, described system also comprises: network security monitoring system, described traffic interception interface module, SDN controller and SDN forwarding unit composition abnormal flow intercepting system;
Described network security monitoring system, after abnormal conditions appear in the traffic transport for detecting in network, sends to abnormal flow intercepting system by abnormal conditions information;
Described traffic interception interface module, for being connected with described SDN controller, after receiving described abnormal conditions information, according to the abnormal flow characteristic information in abnormal conditions information extraction network, make corresponding traffic interception strategy according to described abnormal flow characteristic information, give described SDN controller by application programming interface API by described abnormal flow characteristic information, traffic interception strategy transmission.
10. the system realizing abnormal flow interception based on SDN according to claim 7, is characterized in that:
Described SDN controller, for the configuration information according to the abnormal flow feature, traffic interception strategy and each SDN forwarding unit that receive, generate the traffic interception coupling list item that each SDN forwarding unit is corresponding, described traffic interception coupling list item comprises packet characteristic information and the traffic interception strategy of needs interception, by OFP agreement, the OFP protocol package of carrying described traffic interception coupling list item is sent to corresponding SDN forwarding unit;
Described SDN forwarding unit, for receive that described SDN controller sends over carry the OFP protocol package of described traffic interception coupling list item after, after verifying that the mark of the device identification and SDN forwarding unit self comprised in described OFP protocol package is consistent, described traffic interception coupling list item is stored.
11. according to any one of claim 7 to 10 based on SDN realize abnormal flow interception system, it is characterized in that:
Described SDN forwarding unit, after receiving packet to be forwarded, extract the packet characteristic information of described packet, each packet characteristic information that the packet characteristic information of extraction and described traffic interception coupling list item comprise is mated one by one;
When after certain packet characteristic information coupling that the packet characteristic information extracted and described traffic interception coupling list item comprise, the traffic interception strategy that described in comprising according to described traffic interception coupling list item, certain packet characteristic information is corresponding, carries out intercept process to described packet to be forwarded;
When after not the mating of the packet characteristic information extracted and all packet characteristic informations of comprising of described traffic interception coupling list item, according to original forwardings is regular, described packet to be forwarded is forwarded.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510070235.2A CN104683333A (en) | 2015-02-10 | 2015-02-10 | Method for implementing abnormal traffic interception based on SDN |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510070235.2A CN104683333A (en) | 2015-02-10 | 2015-02-10 | Method for implementing abnormal traffic interception based on SDN |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104683333A true CN104683333A (en) | 2015-06-03 |
Family
ID=53317929
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510070235.2A Pending CN104683333A (en) | 2015-02-10 | 2015-02-10 | Method for implementing abnormal traffic interception based on SDN |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104683333A (en) |
Cited By (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105357129A (en) * | 2015-10-10 | 2016-02-24 | 武汉邮电科学研究院 | Service awareness system and method based on software defined network |
| CN105429974A (en) * | 2015-11-10 | 2016-03-23 | 南京邮电大学 | SDN-oriented intrusion defense system and method |
| CN105516129A (en) * | 2015-12-04 | 2016-04-20 | 重庆邮电大学 | Method and device for blocking botnet control channel based on SDN (Software Defined Network) technology |
| CN105681102A (en) * | 2016-03-01 | 2016-06-15 | 上海斐讯数据通信技术有限公司 | Behavioral strategy method and system based on SDN |
| CN106230650A (en) * | 2016-09-30 | 2016-12-14 | 赛特斯信息科技股份有限公司 | SDN Overlay network fault positioning system and method |
| CN106254338A (en) * | 2016-07-29 | 2016-12-21 | 杭州华三通信技术有限公司 | Message detecting method and device |
| CN106559407A (en) * | 2015-11-19 | 2017-04-05 | 国网智能电网研究院 | A kind of Network traffic anomaly monitor system based on SDN |
| CN107196816A (en) * | 2016-03-14 | 2017-09-22 | 中国移动通信集团江西有限公司 | Anomalous traffic detection method, system and Network analyzing equipment |
| CN107404466A (en) * | 2016-05-20 | 2017-11-28 | 中国移动通信集团上海有限公司 | A kind of SDN network safety protection method and device |
| CN107769954A (en) * | 2016-08-23 | 2018-03-06 | 南京中兴软件有限责任公司 | The screen method and device of equipment alarm |
| CN107835188A (en) * | 2017-11-27 | 2018-03-23 | 浙江宇视科技有限公司 | A kind of equipment safety cut-in method and system based on SDN |
| CN108199906A (en) * | 2018-02-07 | 2018-06-22 | 深圳市风云实业有限公司 | Abnormal flow processing method, device and user terminal in a kind of SDN frameworks |
| CN108353068A (en) * | 2015-10-20 | 2018-07-31 | 慧与发展有限责任合伙企业 | The intrusion prevention system of SDN controllers auxiliary |
| CN109274673A (en) * | 2018-09-26 | 2019-01-25 | 广东工业大学 | A kind of detection of exception of network traffic and defence method |
| CN110069683A (en) * | 2017-09-18 | 2019-07-30 | 北京国双科技有限公司 | A kind of method and device crawling data based on browser |
| CN111277609A (en) * | 2020-02-24 | 2020-06-12 | 深圳供电局有限公司 | SDN network monitoring method and system |
| CN111835709A (en) * | 2020-05-29 | 2020-10-27 | 深圳市风云实业有限公司 | Network security monitoring system and method based on controllable data flow direction |
| CN111835725A (en) * | 2020-06-12 | 2020-10-27 | 北京邮电大学 | Network attack coping method for SDN controller cluster |
| CN112367213A (en) * | 2020-10-12 | 2021-02-12 | 中国科学院计算技术研究所 | SDN (software defined network) -oriented strategy anomaly detection method, system, device and storage medium |
| CN113489708A (en) * | 2021-06-30 | 2021-10-08 | 北京达佳互联信息技术有限公司 | Detection method and device, electronic equipment and computer readable storage medium |
| CN114513343A (en) * | 2022-01-26 | 2022-05-17 | 广州晨扬通信技术有限公司 | Method, device, system, equipment and storage medium for hierarchical interception of signaling firewall |
| CN114978580A (en) * | 2022-04-08 | 2022-08-30 | 中国电信股份有限公司 | Network detection method and device, storage medium and electronic equipment |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103051557A (en) * | 2012-12-27 | 2013-04-17 | 华为技术有限公司 | Data stream processing method and system, controller and switching equipment |
| CN103095701A (en) * | 2013-01-11 | 2013-05-08 | 中兴通讯股份有限公司 | Open flow table security enhancement method and device |
| EP2615781A1 (en) * | 2010-09-08 | 2013-07-17 | Nec Corporation | Switching system, switching control method, and memory medium |
| CN103561011A (en) * | 2013-10-28 | 2014-02-05 | 中国科学院信息工程研究所 | Method and system for preventing blind DDoS attacks on SDN controllers |
| CN103609070A (en) * | 2012-10-29 | 2014-02-26 | 华为技术有限公司 | Network traffic detection method, system, equipment and controller |
| CN103607379A (en) * | 2013-11-04 | 2014-02-26 | 中兴通讯股份有限公司 | Software definition network safety enforcement method, system and controller thereof |
| CN104023034A (en) * | 2014-06-25 | 2014-09-03 | 武汉大学 | Security defensive system and defensive method based on software-defined network |
-
2015
- 2015-02-10 CN CN201510070235.2A patent/CN104683333A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2615781A1 (en) * | 2010-09-08 | 2013-07-17 | Nec Corporation | Switching system, switching control method, and memory medium |
| CN103609070A (en) * | 2012-10-29 | 2014-02-26 | 华为技术有限公司 | Network traffic detection method, system, equipment and controller |
| CN103051557A (en) * | 2012-12-27 | 2013-04-17 | 华为技术有限公司 | Data stream processing method and system, controller and switching equipment |
| CN103095701A (en) * | 2013-01-11 | 2013-05-08 | 中兴通讯股份有限公司 | Open flow table security enhancement method and device |
| CN103561011A (en) * | 2013-10-28 | 2014-02-05 | 中国科学院信息工程研究所 | Method and system for preventing blind DDoS attacks on SDN controllers |
| CN103607379A (en) * | 2013-11-04 | 2014-02-26 | 中兴通讯股份有限公司 | Software definition network safety enforcement method, system and controller thereof |
| CN104023034A (en) * | 2014-06-25 | 2014-09-03 | 武汉大学 | Security defensive system and defensive method based on software-defined network |
Cited By (33)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105357129B (en) * | 2015-10-10 | 2018-09-18 | 武汉邮电科学研究院 | A kind of business sensing system and method based on software defined network |
| CN105357129A (en) * | 2015-10-10 | 2016-02-24 | 武汉邮电科学研究院 | Service awareness system and method based on software defined network |
| CN108353068A (en) * | 2015-10-20 | 2018-07-31 | 慧与发展有限责任合伙企业 | The intrusion prevention system of SDN controllers auxiliary |
| CN108353068B (en) * | 2015-10-20 | 2021-05-07 | 慧与发展有限责任合伙企业 | SDN controller assisted intrusion prevention system |
| CN105429974A (en) * | 2015-11-10 | 2016-03-23 | 南京邮电大学 | SDN-oriented intrusion defense system and method |
| CN105429974B (en) * | 2015-11-10 | 2018-09-11 | 南京邮电大学 | A kind of intrusion prevention system and method towards SDN |
| CN106559407A (en) * | 2015-11-19 | 2017-04-05 | 国网智能电网研究院 | A kind of Network traffic anomaly monitor system based on SDN |
| CN105516129A (en) * | 2015-12-04 | 2016-04-20 | 重庆邮电大学 | Method and device for blocking botnet control channel based on SDN (Software Defined Network) technology |
| CN105681102A (en) * | 2016-03-01 | 2016-06-15 | 上海斐讯数据通信技术有限公司 | Behavioral strategy method and system based on SDN |
| CN107196816A (en) * | 2016-03-14 | 2017-09-22 | 中国移动通信集团江西有限公司 | Anomalous traffic detection method, system and Network analyzing equipment |
| CN107404466A (en) * | 2016-05-20 | 2017-11-28 | 中国移动通信集团上海有限公司 | A kind of SDN network safety protection method and device |
| CN106254338A (en) * | 2016-07-29 | 2016-12-21 | 杭州华三通信技术有限公司 | Message detecting method and device |
| CN106254338B (en) * | 2016-07-29 | 2019-09-06 | 新华三技术有限公司 | Message detecting method and device |
| CN107769954A (en) * | 2016-08-23 | 2018-03-06 | 南京中兴软件有限责任公司 | The screen method and device of equipment alarm |
| CN107769954B (en) * | 2016-08-23 | 2022-09-30 | 中兴通讯股份有限公司 | Method and device for shielding equipment alarm |
| CN106230650A (en) * | 2016-09-30 | 2016-12-14 | 赛特斯信息科技股份有限公司 | SDN Overlay network fault positioning system and method |
| CN110069683A (en) * | 2017-09-18 | 2019-07-30 | 北京国双科技有限公司 | A kind of method and device crawling data based on browser |
| CN110069683B (en) * | 2017-09-18 | 2021-08-13 | 北京国双科技有限公司 | Method and device for crawling data based on browser |
| CN107835188A (en) * | 2017-11-27 | 2018-03-23 | 浙江宇视科技有限公司 | A kind of equipment safety cut-in method and system based on SDN |
| CN108199906A (en) * | 2018-02-07 | 2018-06-22 | 深圳市风云实业有限公司 | Abnormal flow processing method, device and user terminal in a kind of SDN frameworks |
| CN108199906B (en) * | 2018-02-07 | 2021-03-30 | 深圳市风云实业有限公司 | Abnormal traffic processing method and device in SDN framework and user terminal |
| CN109274673B (en) * | 2018-09-26 | 2021-02-12 | 广东工业大学 | Network flow abnormity detection and defense method |
| CN109274673A (en) * | 2018-09-26 | 2019-01-25 | 广东工业大学 | A kind of detection of exception of network traffic and defence method |
| CN111277609A (en) * | 2020-02-24 | 2020-06-12 | 深圳供电局有限公司 | SDN network monitoring method and system |
| CN111835709A (en) * | 2020-05-29 | 2020-10-27 | 深圳市风云实业有限公司 | Network security monitoring system and method based on controllable data flow direction |
| CN111835725A (en) * | 2020-06-12 | 2020-10-27 | 北京邮电大学 | Network attack coping method for SDN controller cluster |
| CN112367213A (en) * | 2020-10-12 | 2021-02-12 | 中国科学院计算技术研究所 | SDN (software defined network) -oriented strategy anomaly detection method, system, device and storage medium |
| CN113489708A (en) * | 2021-06-30 | 2021-10-08 | 北京达佳互联信息技术有限公司 | Detection method and device, electronic equipment and computer readable storage medium |
| CN113489708B (en) * | 2021-06-30 | 2023-04-25 | 北京达佳互联信息技术有限公司 | Detection method and device, electronic equipment and computer readable storage medium |
| CN114513343A (en) * | 2022-01-26 | 2022-05-17 | 广州晨扬通信技术有限公司 | Method, device, system, equipment and storage medium for hierarchical interception of signaling firewall |
| CN114513343B (en) * | 2022-01-26 | 2022-10-04 | 广州晨扬通信技术有限公司 | Hierarchical intercepting method and device for signaling firewall, computer equipment and storage medium |
| CN114978580A (en) * | 2022-04-08 | 2022-08-30 | 中国电信股份有限公司 | Network detection method and device, storage medium and electronic equipment |
| CN114978580B (en) * | 2022-04-08 | 2023-09-29 | 中国电信股份有限公司 | Network detection method and device, storage medium and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104683333A (en) | Method for implementing abnormal traffic interception based on SDN | |
| US10785266B2 (en) | Methods and systems for protecting a secured network | |
| US10749906B2 (en) | Methods and systems for protecting a secured network | |
| EP3206356B1 (en) | Controlling transmission security of industrial communications flow in a sdn architecture | |
| EP2991292B1 (en) | Network collaborative defense method, device and system | |
| US10931711B2 (en) | System of defending against HTTP DDoS attack based on SDN and method thereof | |
| US8060927B2 (en) | Security state aware firewall | |
| US20070101422A1 (en) | Automated network blocking method and system | |
| US10375118B2 (en) | Method for attribution security system | |
| Gao et al. | A review of P4 programmable data planes for network security | |
| WO2019222927A1 (en) | Attack source tracing in sfc overlay network | |
| CN107682342B (en) | Method and system for DDoS (distributed denial of service) flow traction based on openflow | |
| WO2010031084A1 (en) | Distributed packet flow inspection and processing | |
| JP2008306610A (en) | Illicit intrusion/illicit software investigation system, and communicating switching device | |
| CN104579832B (en) | A kind of OpenFlow network security detection methods and system | |
| CN112445956A (en) | Lawful interception of traffic for analysis based on traffic-associated application identifiers or (URLs) | |
| CN113765858A (en) | Method and device for realizing high-performance state firewall | |
| AGR et al. | Mitigating DDoS flooding attacks with dynamic path identifiers in wireless network | |
| CN115174206B (en) | User mode application security detection method and detection system in transparent network bridge mode | |
| Hu et al. | A framework for security on demand | |
| KR101394383B1 (en) | Router deploying system in the AS for DDoS Attack defense | |
| Garg et al. | Current State and Challenges in Privacy of Software Defined Networks for the Internet of Things | |
| CN114900347B (en) | Ethernet-based intrusion detection method and data packet distribution method | |
| JP2017163504A (en) | Relay device, communication system, relay method, and relay program | |
| KR101692619B1 (en) | Apparatus and method for preventing intrusion in network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150603 |