CN105933301A - SDN based concentrated network worm prevention-control method and device - Google Patents
SDN based concentrated network worm prevention-control method and device Download PDFInfo
- Publication number
- CN105933301A CN105933301A CN201610230001.4A CN201610230001A CN105933301A CN 105933301 A CN105933301 A CN 105933301A CN 201610230001 A CN201610230001 A CN 201610230001A CN 105933301 A CN105933301 A CN 105933301A
- Authority
- CN
- China
- Prior art keywords
- network
- network worm
- module
- worm
- prevention
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention provides an SDN based concentrated network worm prevention-control method and device. The prevention and control device comprises a user interface module, a network worm prevention and control center and a network worm immunization module, wherein 1) the network worm prevention and control center updates data of a worm characteristic database in real time, and issues the network worm characteristic data; and 2) according to the issued network worm characteristic data, the network worm immunization module redirects flow which is input to or output from local area network and satisfies network worm spreading port information to a network worm detection module for detailed discrimination and processing by utilizing the SDN idea. According to the invention, concentrated immunization monitoring, prevention and control are carried out on worm spreading in the local area network via the SDN idea, network flow is filtered and cleaned in key nodes of network flow input and output of the local area network before network worms are spread, the network worms are prevented from spreading among LANs in large scale, and normal operation of the LANs is ensured.
Description
Technical field
Invention software definition network safety filed, especially design are a kind of realizes network worm concentration based on SDN
The method and apparatus of prevention and control.
Background technology
Along with the fast development of computer networking technology, the Internet has incorporated the life of people, study and work
In work, a lot of business units, residential quarters, Education Center etc. have been owned by the LAN of oneself, the Internet
The miscellaneous service service brought is that people provide a great convenience.But the Internet is double-edged sword, its band
Come simultaneously easily, also the propagation for network worm provides a good platform, strong influence net
The sound development of network environment.So more drawing attention for the prevention and control research of network worm in LAN.
Network worm is a kind of intelligent, automatization, integrated network attack, cryptography and computer virus skill
Art, it is not necessary to attacker that computer user intervention can run or code, it can active scan and attacking
Hit the node host that there is system vulnerability on network, traveled to from a node by LAN or the Internet
Another one node.For the file system that the contagion probability of virus is primarily directed in computer relatively, net
The mechanism of transmission that network anthelmintic is general is to replicate from propagating under internet environment, the infection of network worm
Target is all computers in the Internet, Shared Folders under home network condition, Email Email,
Malicious web pages in network, there is the server etc. of leak in a large number, all become the good approach of worm propagation.
Universal and the development of the Internet so that network worm can carry out propagating infection, its institute the most on a large scale
The threat brought is the hugest.
Software defined network (SDN) is a kind of new network innovation framework extensively mentioned in recent years, SDN
The thing that technology is done is the control on the network equipment to be separated, by the controller management concentrated, and need not
Rely on underlay network device (router, switch, fire wall), shield the difference from underlay network device
Different.And control is wide-open, user can be with self-defined any network route wanting to realize and transmission rule
Then strategy, thus more flexible and intelligent.LAN network worm prevention with control in, Wo Menke
To utilize the flow direction of flow in the self-defined network of SDN thought, the flow of related network anthelmintic is being entered or stream
Just it is purged before going out LAN, thus the safety of protection network more efficient, rapid.
It is one important research topic of network safety filed about the strick precaution of network worm in LAN.Since
After the outburst of calendar year 2001 code red network worm event, people begin to the feature string word for network worm
Section and propagation characteristic are modeled and analyze.At present, to the research of network worm mainly in terms of two, one
Individual is that the mechanism of transmission from network worm is started with, by the packet received being carried out network on fire wall
Connection features analysis carries out the identification of network worm, real-time detecting network worm;One is according to network traffics
Feature detection known or Unknown Worm virus disseminating source procotol used with propagation and target port, with
It is easy to just be controlled by the initial stage of virus outburst, prevents the wide-scale distribution of virus, thus protect network just
Often operating.
Summary of the invention
According to investigation, current related network anthelmintic prevention and control research mainly has following deficiency.1) research emphasis is pin
The network worm of some system is found and recognition mechanism;2) about SDN thought is applied to network worm
The research of prevention and control is relative to be lacked;3) about how solving between LAN (such as: school, enterprise
Industry etc.) the spreading and infect of network worm, an effectively method is not proposed.
For above the deficiencies in the prior art, it is proposed that one can be taken precautions against in advance and effectively stop anthelmintic in phase
Close the transmission of infection in network realizes network worm concentration preventing control method and device based on SDN.The present invention's
Technical scheme is as follows: one realizes network worm based on SDN and concentrates prevention and control device, comprising: user interface
Module, network worm prevention and control center and network worm immunity module.
Described subscriber interface module: for providing a visualization WEB interface, be responsible for issuing relevant configuration (bag
Include: the LAN scope of expanding monitoring, for transferring the script of the network worm disposition of designated local area network
File), the information transferred by subordinate act information database is to check the network operation situation of each LAN;
Described network worm prevention and control center: for controlling according to SDN in the network worm immunity module of each territory
The IP address of module, directly sets up physical connection, is issued to respectively by the network worm vaccine being packaged into bag
The network worm immunity module in territory;Network worm prevention and control center is also responsible for carrying out the network condition in each territory
Monitor and the data of real-time update anthelmintic property data base.
Described network worm immunity module: for receiving the network worm that network worm prevention and control center issues
Vaccine also parses the characteristic of network worm, will meet network worm by SDN in network
The flow of propagation port information is redirected to Network worm detection module and again differentiates, has washed network
The data traffic of anthelmintic feature string field, and re-injection normal data flow is to network;Simultaneously by network worm
Process information includes that the type of network worm, the network worm number of process, the basic feature of infection main frame exist
In information carry out record, and be uploaded to behavioural information data base and store;
Further, described network worm prevention and control center includes: vaccination module and monitoring module,
Described vaccination module includes that anthelmintic property data base and vaccine issue module, wherein said anthelmintic characteristic number
According to storehouse for storing the characteristic of network worm, described vaccine issues module to be responsible for being packaged into the network of bag
Anthelmintic vaccine is issued to the network worm immunity module of each LAN;Monitoring module is responsible for real-time update
The characteristic of network worm in anthelmintic property data base, uploads each territory network worm immunity module simultaneously
The process information of network worm stores;
Further, the described packet updating anthelmintic property data base includes the port numbers that Network Worm Propagation is common
With the feature string field in application layer protocol;
Further, described network worm immunity module includes SDN control module and Network worm detection module;
Described SDN control module includes: flow list item generation module, described vaccine in vaccine receiver module and territory
The network worm vaccine that receiver module is sent from network worm prevention and control center for being responsible for reception is also
Resolve, the network worm characteristic parsed is stored;List item generation module is flowed in described territory
It is responsible for flowing list item in the propagation port information according to the network topology in the current field, network worm generates territory, and
It is issued to the border SDN switch of this LAN data flow turnover by flowing list item in territory, network will be met compacted
The data traffic of worm propagation port information is redirected to Network worm detection module and processes;
Network worm detection module, for the data traffic redirected carries out deep analysis, obtains data traffic
Feature string field, and mate with network worm characteristic, the data traffic meeting coupling is carried out
Clean, normal data traffic is recycled into normal network simultaneously;
Further, described vaccine receiver module includes two modules, is respectively as follows: Context resolution module and anthelmintic
Information storage module, Context resolution module is responsible for receiving the network sent from network worm prevention and control center
Anthelmintic vaccine also resolves, and the network worm characteristic parsed is put in anthelmintic information storage mould
Block;
Further, described Network worm detection module includes characteristic matching module, policy enforcement module and day
Will logging modle, described policy enforcement module carries out deep analysis, for counterweight to the data traffic redirected
The data traffic of orientation carries out deep analysis, obtains the feature string field of data traffic, and characteristic matching module is used
Mating with network worm characteristic in feature string field, logger module is for by disposition bag
Include: the type of network worm, the network worm number of process, the basic feature information of infection main frame are remembered
Record and be uploaded to the behavioural information data base of user interface.
A kind of based on described device based on SDN realize network worm concentrate preventing control method, it includes following three
Individual step: 1) in network worm prevention and control in the minds of vaccination module according to the SDN of current each LAN
The address characteristic information of control module, is issued to each LAN by the network worm vaccine being packaged into bag
Network worm immunity module;2) the network worm immunity module of each LAN receives network in SDN control module
Anthelmintic vaccine, and carry out resolving acquisition network worm characteristic;3) SDN in LAN controls mould
Tuber generates according to the propagation port information of the network topology in the current field, network worm and flows list item in territory, and under
Send to, at the border SDN switch of each territory network traffics turnover, flow to meet Network Worm Propagation port
The flow of information is redirected to Network worm detection module and again differentiates, cleans and has network worm feature string
The data traffic of field, is recycled into proper network flow in network simultaneously, and process information is carried out record
And it is uploaded to behavioural information data base.
Advantages of the present invention and having the beneficial effect that:
The present invention realizes, based on SDN, the method and apparatus that network worm concentrates prevention and control, it is provided that a kind of at not shadow
Ring in the case of proper communication, stop in LAN network helminthic infection and block network worm between each LAN
The device of route of transmission.According to the propagation characteristic of network worm, issue envelope at network worm prevention and control center
Dress up the network worm vaccine network worm immunity module to each LAN of bag, pass through in each LAN
Utilize SDN technology, flow, in issuing territory, the border SDN switch that list item passes in and out to network traffics in territory, will enter
The data traffic meeting Network Worm Propagation port information in the network traffics gone out is redirected to Network worm detection
Module, carries out discriminating and the cleaning of more detailed network worm, normal data flow is recycled into network simultaneously
In.
The present invention based on SDN realize network worm concentrate prevention and control method and apparatus can be effectively to each local
The network worm infection conditions of net plays good immune surveillance, defence and regulating and controlling effect.Utilize SDN technology,
Issue at the node that route table items is the most crucial, before network traffics turnover LAN, just to network worm stream
Amount carries out filtering cleans, and own net can not only be avoided to be disturbed by network worm, and at each LAN
Between the spreading and propagation of network worm is served good blocking effect.In addition the present invention use centralized right
The prevention and control of network worm, are once sent out network worm characteristic extremely by network worm prevention and control centre punch
The network worm immunity module of each LAN, it is possible to efficiently reduce each LAN input in network security
Cost, this system provides a visual interface terminal simultaneously, facilitates operator to carry out more quick
Operation.Designed method and apparatus can be applicable to polytype network domains or LAN, similar human body note
Penetrate vaccine the same, it is possible to take precautions against in advance and effectively stop anthelmintic transmission of infection in network of relation.
Accompanying drawing explanation
Fig. 1 is that the present invention provides preferred embodiment network worm prevention and control device module frame chart;
Fig. 2 is that the network worm prevention and control device of the present invention disposes schematic diagram;
Fig. 3 is application scenarios one schematic diagram of the present invention;
Fig. 4 is application scenarios two schematic diagram of the present invention.
Detailed description of the invention
Below in conjunction with accompanying drawing, the invention will be further described:
As it is shown in figure 1, embodiment 1
A kind of method and apparatus realizing network worm concentration prevention and control based on SDN, its construction module includes: use
Family interface module (1), network worm prevention and control center (2), network worm immunity module (8), its reality
Position is disposed as shown in Figure 2:
Described subscriber interface module (1), operator can access user interface above with http protocol
The WEB page that module (1) provides, carries out key parameter configuration, and checks the network fortune of current each LAN
Row state.
Network worm prevention and control center (2) is set up with network worm immunity module (8) of each LAN and is connected,
The network worm vaccine being packaged into bag is issued to network worm immunity module by vaccination module (3)
(8), network worm immunity module (8) of the most each LAN uploads the process information of network worm to monitoring mould
Block (4).
Network worm immunity module (8) is deployed in the Security Mechanism of Intra-Network of each LAN.SDN thought is utilized
Dispose the network of whole LAN, during wherein SDN control module (12) is deployed in network worm immunity module (8),
For receiving the network worm vaccine being packaged into bag that network worm prevention center (2) issues, and resolve it
Content obtaining network worm characteristic.SDN control module (12) is compacted according to the topology information in network and network
Worm is propagated in port information generates territory and flows list item, controls network traffics by flowing in territory in list item is issued to LAN
The SDN switch (19) of turnover, is redirected to the data traffic wherein meeting Network Worm Propagation port information
Network worm detection module (15).In Network worm detection module (15), data are carried out deep analysis and obtain number
According to feature string field, and mate in characteristic matching module (17), data traffic coupling met is entered
Row cleans, and normal data traffic is recycled in proper network by SDN switch (21).To the information of process
Carry out recording and be uploaded to monitoring module (4).
Embodiment 2
As it is shown on figure 3, a kind of based on SDN realize network worm concentrate prevention and control method and apparatus reality should
With the deployment in scene one.Apparatus structure includes: subscriber interface module (1), network worm prevention and control center
(2), network worm immunity module (8).
PC in LAN infects network worm because of external equipment (USB flash disk, portable hard drive etc.),
It is ready to pass through in SDN switch (51) entrance network carrying out propagating infecting.With reference to Fig. 2, now network worm is exempted from
SDN control module (12) in epidemic disease module (8) is according to the topology in network, the propagation end message of network worm
Breath flows list item in generating territory and is issued to SDN switch (51), by data traffic weight qualified in network
It is directed to Network worm detection module (15), carries out deep packet and resolve its feature string field of acquisition, and in network
The characteristic of anthelmintic is mated, and data traffic coupling met is carried out, simultaneously by normal net
Network flow is recycled in network.Finally upload process information (type of network worm, the process of network worm
Network worm number, infect main frame basic feature information) to network worm prevention and control center (2).
Embodiment 3
As shown in Figure 4, a kind of based on SDN realize network worm concentrate prevention and control method and apparatus reality should
With the deployment in scene two.Apparatus structure includes: subscriber interface module (1), network worm prevention and control center
(2), network worm immunity module (8).
In scene two, LAN N is network worm carrier, and network worm is externally carried out by switch (41)
Propagate and infect.As shown in Figure 4, LAN N wants indirectly to be gone by LAN 2 to infect LAN 1.Reference
Fig. 2, when the data carrying network worm flow through switch (31) entrance LAN 2, SDN switch (31)
According to flowing list item in the territory that SDN control module (12) issues, network will meet Network Worm Propagation port letter
The data traffic of breath is redirected to Network worm detection module (15), and the packet parsing then carrying out the degree of depth obtains
The feature string field fetched data, and mate in network worm characteristic, the data stream that coupling is met
It is carried out, normal flow is recycled in network simultaneously.Here the network worm in LAN N exists
Go to infect before LAN 1 by LAN 2, be just cleaned out in LAN 2, it is to avoid network is compacted
Worm further goes to propagate to infect other networks.
Further illustrate, in the case of not affecting proper communication, when the data traffic carrying network worm is entered
When entering in any network disposing this device, even if the IP of its purpose network is not this network, but as long as
Its propagation port information meeting network worm will be redirected to Network worm detection module (15) to be carried out more
Adding detailed discriminating, the packet through the degree of depth resolves and obtains its feature string field, and in network worm feature
Data are mated, and wash the data traffic that coupling meets, normal data traffic are recycled into net simultaneously
In network.
The above embodiment is interpreted as being merely to illustrate the present invention rather than limiting the protection of the present invention
Scope.After having read the content of record of the present invention, the present invention can be made various change by technical staff
Or amendment, these equivalence changes and modification fall into the scope of the claims in the present invention equally.
Claims (7)
1. one kind realizes network worm concentration prevention and control device based on SDN, it is characterised in that including: subscriber interface module (1), network worm prevention and control center (2) and network worm immunity module (8);
Described subscriber interface module (1): for providing a visualization WEB interface, it is responsible for issuing relevant configuration, including the LAN scope of: expanding monitoring, for transferring the script file of the network worm disposition of designated local area network, the information transferred by subordinate act information database is to check the network operation situation of each LAN;
Described network worm prevention and control center (2): for according to the IP address of SDN control module in each territory network worm immunity module (8), directly set up physical connection, the network worm vaccine being packaged into bag is issued to network worm immunity module (8) in each territory;Network worm prevention and control center (2) is also responsible for monitoring the network condition in each territory and the data of real-time update anthelmintic property data base (5);
Described network worm immunity module (8): be used for receiving the network worm vaccine that network worm prevention and control center (2) issues the characteristic parsing network worm, by SDN, the flow meeting Network Worm Propagation port information in network is redirected to Network worm detection module (15) again differentiate, wash the data traffic of network worm feature string field, and re-injection normal data flow is to network, process information by network worm includes the type of network worm simultaneously, the network worm number processed, the basic feature infecting main frame carries out record in interior information, and be uploaded to behavioural information data base (7) and store.
The most according to claim 1 based on SDN realize network worm concentrate prevention and control device, it is characterised in that described network worm prevention and control center (2) including: vaccination module (3) and monitoring module (4);
Described vaccination module (3) includes that anthelmintic property data base (5) and vaccine issue module (6), wherein said anthelmintic property data base (5) is for storing the characteristic of network worm, and described vaccine issues module (6) and is responsible for being issued to the network worm vaccine being packaged into bag network worm immunity module (8) of each LAN;
Described monitoring module (4) is responsible for the characteristic of network worm in real-time update anthelmintic property data base (5), stores the process information of the network worm that each territory network worm immunity module (8) is uploaded simultaneously.
The most according to claim 1 and 2 based on SDN realize network worm concentrate prevention and control device, it is characterized in that, the packet that described anthelmintic property data base (5) updates includes the feature string field in the common port numbers of Network Worm Propagation and application layer protocol.
The most according to claim 3 based on SDN realize network worm concentrate prevention and control device, it is characterised in that described network worm immunity module (8) includes SDN control module (12) and Network worm detection module (15);Described SDN control module (12) including: flows list item generation module (13) in vaccine receiver module (9) and territory, described vaccine receiver module (9) receives the network worm vaccine sent from network worm prevention and control center (2) for responsible and resolve, and the network worm characteristic parsed is stored;Flow list item generation module (13) in described territory to be responsible for flowing list item in the propagation port information according to the network topology in the current field, network worm generates territory, and it is issued to the border SDN switch of this LAN data flow turnover by flowing list item in territory, the data traffic meeting Network Worm Propagation port information is redirected to Network worm detection module (15) and processes;Network worm detection module (15) is for carrying out deep analysis to the data traffic redirected, obtain the feature string field of data traffic, and mate with network worm characteristic, the data traffic meeting coupling is carried out, and normal data traffic is recycled into normal network simultaneously.
The most according to claim 4 based on SDN realize network worm concentrate prevention and control device, it is characterized in that, described vaccine receiver module (9) includes two modules, it is respectively as follows: Context resolution module (10) and anthelmintic information storage module (11), Context resolution module (10) is responsible for receiving the network worm vaccine sent from network worm prevention and control center (2) and resolving, and the network worm characteristic parsed is deposited in anthelmintic information storage module (11).
The most according to claim 4 based on SDN realize network worm concentrate prevention and control device, it is characterized in that, described Network worm detection module (15) includes characteristic matching module (17), policy enforcement module (18) and logger module (16), described policy enforcement module (18) carries out deep analysis to the data traffic redirected, for the data traffic redirected is carried out deep analysis, obtain the feature string field of data traffic, characteristic matching module (17) is for mating feature string field with the network worm characteristic parsed, logger module (16) is for including disposition: the type of network worm, the network worm number processed, the basic feature information infecting main frame carries out recording and being uploaded to the behavioural information data base of user interface.
7. one kind based on device described in claim 6 based on SDN realize network worm concentrate preventing control method, it is characterized in that, including three below step: 1) vaccination module (3) in network worm prevention and control center (2) according to the address characteristic information of the SDN control module (12) of current each LAN, the network worm vaccine being packaged into bag is issued to network worm immunity module (8) of each LAN;2) network worm immunity module (8) of each LAN receives network worm vaccine in SDN control module (12), and carries out resolving acquisition network worm characteristic;3) the SDN control module (12) in LAN flows list item in generating territory according to the propagation port information of the network topology in the current field, network worm, and it is issued at the border SDN switch of each territory network traffics turnover, the flow meeting Network Worm Propagation port information in flow is redirected to Network worm detection module (15) again differentiate, wash coupling and meet the data traffic of network worm feature string field, proper network flow is recycled in network simultaneously, carries out process information recording and be uploaded to behavioural information data base (7).
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610230001.4A CN105933301A (en) | 2016-04-13 | 2016-04-13 | SDN based concentrated network worm prevention-control method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610230001.4A CN105933301A (en) | 2016-04-13 | 2016-04-13 | SDN based concentrated network worm prevention-control method and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105933301A true CN105933301A (en) | 2016-09-07 |
Family
ID=56839063
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610230001.4A Pending CN105933301A (en) | 2016-04-13 | 2016-04-13 | SDN based concentrated network worm prevention-control method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105933301A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107347067A (en) * | 2017-07-07 | 2017-11-14 | 深信服科技股份有限公司 | A kind of network risks monitoring method, system and safety network system |
CN108123939A (en) * | 2017-12-14 | 2018-06-05 | 华中师范大学 | Malicious act real-time detection method and device |
CN108400958A (en) * | 2017-02-08 | 2018-08-14 | 蓝盾信息安全技术有限公司 | A kind of automatic counter-scanning method realized based on SDN technologies |
CN112688918A (en) * | 2020-12-08 | 2021-04-20 | 中国联合网络通信集团有限公司 | Network vulnerability scanning method and communication device |
CN113222048A (en) * | 2021-05-26 | 2021-08-06 | 郑州轻工业大学 | Artificial immunity-based vaccination and vaccine data fusion method |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102105884A (en) * | 2008-06-20 | 2011-06-22 | 赛门铁克公司 | Streaming malware definition updates |
CN104601482A (en) * | 2013-10-30 | 2015-05-06 | 中兴通讯股份有限公司 | Traffic cleaning method and device |
US20150372929A1 (en) * | 2014-06-18 | 2015-12-24 | Radware, Ltd. | Multi-layer traffic steering for service chaining over software defined networks |
CN105376246A (en) * | 2015-11-30 | 2016-03-02 | 中国电子科技网络信息安全有限公司 | Adaptive generation management system and method of security strategy based on SDN |
-
2016
- 2016-04-13 CN CN201610230001.4A patent/CN105933301A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102105884A (en) * | 2008-06-20 | 2011-06-22 | 赛门铁克公司 | Streaming malware definition updates |
CN104601482A (en) * | 2013-10-30 | 2015-05-06 | 中兴通讯股份有限公司 | Traffic cleaning method and device |
US20150372929A1 (en) * | 2014-06-18 | 2015-12-24 | Radware, Ltd. | Multi-layer traffic steering for service chaining over software defined networks |
CN105376246A (en) * | 2015-11-30 | 2016-03-02 | 中国电子科技网络信息安全有限公司 | Adaptive generation management system and method of security strategy based on SDN |
Non-Patent Citations (1)
Title |
---|
马铮 等: "基于SDN技术的DDoS防御系统简析", 《邮电设计技术》 * |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108400958A (en) * | 2017-02-08 | 2018-08-14 | 蓝盾信息安全技术有限公司 | A kind of automatic counter-scanning method realized based on SDN technologies |
CN107347067A (en) * | 2017-07-07 | 2017-11-14 | 深信服科技股份有限公司 | A kind of network risks monitoring method, system and safety network system |
CN108123939A (en) * | 2017-12-14 | 2018-06-05 | 华中师范大学 | Malicious act real-time detection method and device |
CN112688918A (en) * | 2020-12-08 | 2021-04-20 | 中国联合网络通信集团有限公司 | Network vulnerability scanning method and communication device |
CN112688918B (en) * | 2020-12-08 | 2023-02-17 | 中国联合网络通信集团有限公司 | Network vulnerability scanning method and communication device |
CN113222048A (en) * | 2021-05-26 | 2021-08-06 | 郑州轻工业大学 | Artificial immunity-based vaccination and vaccine data fusion method |
CN113222048B (en) * | 2021-05-26 | 2023-02-17 | 郑州轻工业大学 | Artificial immunity-based vaccination and vaccine data fusion method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Karatas et al. | Deep learning in intrusion detection systems | |
US7941853B2 (en) | Distributed system and method for the detection of eThreats | |
KR101703446B1 (en) | Network capable of detection DoS attacks and Method for controlling thereof, Gateway and Managing server comprising the network | |
KR101070614B1 (en) | Malicious traffic isolation system using botnet infomation and malicious traffic isolation method using botnet infomation | |
CN105933301A (en) | SDN based concentrated network worm prevention-control method and device | |
Igbe et al. | Distributed network intrusion detection systems: An artificial immune system approach | |
CN107070929A (en) | A kind of industry control network honey pot system | |
CN106657025A (en) | Network attack behavior detection method and device | |
CN103607399A (en) | Special IP network safety monitor system and method based on hidden network | |
CN103916288B (en) | A kind of Botnet detection methods and system based on gateway with local | |
US10264005B2 (en) | Identifying malicious network traffic based on collaborative sampling | |
Roy et al. | Applicability of rough set technique for data investigation and optimization of intrusion detection system | |
EP2974355A2 (en) | A device, a system and a related method for dynamic traffic mirroring and policy, and the determination of applications running on a network | |
Van et al. | An anomaly-based intrusion detection architecture integrated on openflow switch | |
Mishra et al. | Efficient approaches for intrusion detection in cloud environment | |
KR101182793B1 (en) | Method and system for detecting botnets using domain name service queries | |
KR101648033B1 (en) | Method for Detecting Intrusion Based on Attack Signature without Attack Pattern and Apparatus Therefor | |
Roshna et al. | Botnet detection using adaptive neuro fuzzy inference system | |
Sneha et al. | A survey on malware propagation analysis and prevention model | |
Roponena et al. | Towards a Human-in-the-Loop Intelligent Intrusion Detection System. | |
Crooks et al. | Operational security, threat intelligence & distributed computing: the WLCG Security Operations Center Working Group | |
Kornyo et al. | Botnet attacks classification in AMI networks with recursive feature elimination (RFE) and machine learning algorithms | |
Ramprasath et al. | Virtual Guard Against DDoS Attack for IoT Network Using Supervised Learning Method | |
Wattanapongsakorn et al. | A network-based internet worm intrusion detection and prevention system | |
Wagh et al. | Effective framework of j48 algorithm using semi-supervised approach for intrusion detection |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160907 |
|
RJ01 | Rejection of invention patent application after publication |