CN108810001A - A kind of security service control system and method based on SDN - Google Patents
A kind of security service control system and method based on SDN Download PDFInfo
- Publication number
- CN108810001A CN108810001A CN201810638859.3A CN201810638859A CN108810001A CN 108810001 A CN108810001 A CN 108810001A CN 201810638859 A CN201810638859 A CN 201810638859A CN 108810001 A CN108810001 A CN 108810001A
- Authority
- CN
- China
- Prior art keywords
- module
- security service
- access request
- cloud
- service access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Abstract
The present invention provides a kind of security service control system and method based on SDN, system includes Switching Module, Switching Module is connected with cloud line module, cloud service module, SDN controllers and function module, and SDN controllers are connected with interface module, and interface module is also connect with Switching Module;Method:Switching Module receives the security service access request of cloud line module, determines whether the security service access request for the first time of cloud line module;If so, the security service access request of cloud line module is sent to function module by Switching Module;Function module judges whether to close rule, and will determine that result is sent to SDN controllers by interface module;SDN controllers will determine that result is stored in correspondence flow table, and be sent to Switching Module;Switching Module executes corresponding operation according to correspondence flow table, allows to close rule security service access request, forbids not conforming to rule security service access request;If it is not, Switching Module directly executes operation according to correspondence flow table.
Description
Technical field
The invention belongs to network safety fileds, and in particular to a kind of security service control system and method based on SDN.
Background technology
SDN is the abbreviation of Software Defined Network, software defined network.
OpenFlow, exchange network.
The web-transporting device in occasions such as distributing frame, data center, wide area networks is applied to have high transmission speed now
Rate, superior performance can reach Tbit ranks.Unquestionably, cheap high performance network switching equipment will be popularized increasingly.Together
When, network gos deep into the every field of society, and it is generally desirable to the channels that network is not only transmission data for we, moreover it is possible to provide
Specific function service.Service function such as accesses safety, network-caching (Web Cache), Cyberthreat detection (IDS), address
(NAT), load balancing (Traffic Balance) etc. are converted, these are provided by individual function module in network.It is existing
Some access security function service offer patterns have 3 kinds of forms:Embedded terminal pattern, network intermediary device pattern, switching equipment
Pattern;These three functions are provided pattern and are implemented based on existing network framework, and the environment of cloud computing can not be all adapted to.
This is the deficiencies in the prior art, therefore, in view of the above-mentioned drawbacks in the prior art, provides a kind of peace based on SDN
Full operation control system and method, are necessary.
Invention content
It is an object of the present invention to the defect of cloud computing environment can not be adapted to for existing access security function service,
A kind of security service control system and method based on SDN are provided, to solve the above technical problems.
To achieve the above object, the present invention provides following technical scheme:
A kind of security service control system based on SDN, including Switching Module, Switching Module are connected with cloud line module, cloud clothes
Business module, SDN controllers and function module, SDN controllers are connected with interface module, and interface module is also connect with Switching Module;
The cloud Switching Module receives the security service access request of cloud line module, and determines whether the head of cloud line module
Secondary security service access request;
When the security service access request of cloud line module is security service access request for the first time, Switching Module is by cloud user's mould
The security service access request of block is sent to function module;
Function module judges whether the security service access request of cloud line module closes rule, and will determine that result passes through interface module
It is sent to SDN controllers;
Switching Module executes corresponding operation according to correspondence flow table, allows to close the security service access request advised, forbid not
Close the security service access request of rule;
When the security service access request of cloud line module is not security service access request for the first time, Switching Module is according to correspondence
Relationship flow table executes corresponding operation, allows to close the security service access request advised, and the security service access for not conforming to rule is forbidden to ask
It asks.SDN is a kind of completely new network architecture, and independent control Direct Programming and can be separated with network layer, traditional net
Network framework is divided into 3 application, control, data levels, and independent control and the programming of network are realized by standard interface.
Further, function module is arranged with SDN controllers in consolidated network, alternatively, function module is set with SDN controllers
It sets in heterogeneous networks.SDN technologies can forward the data to any position of network, this allows for function module in SDN network
It can be placed on any position of network, partial function module policy can be stored in SDN controllers, be issued again when needing in advance
Onto Switching Module, this can replace the work of partial function module.
Further, Switching Module uses OpenFlow interchangers, interface module to use api interface.OpenFlow will be controlled
Function processed is separated from the network equipment, safeguards flow table (flow table) structure on network devices, packet according to
Flow table is forwarded, and the generation of flow table, maintenance, configuration be then managed by central controller.The flow table structure of OpenFlow
By network processes level flattening so that the processing of network data meets fine processing requirement.Under this separation architecture, network
Logic control function and upper layer application can be by central controllers neatly into Mobile state management and configuration, while influencing
In the case of traditional network normal discharge, new network is built in existing network.Masters of the OpenFlow as current SDN frameworks
OpenFlow agreements are added conventional switch and form OpenFlow interchangers, according to built-in flow table item design data by Flow Technique
Forwarding strategy.The SDN controllers of distal end instruct the message in OpenFlow interchangers to forward by issuing flow table.By configuring stream
Table, OpenFlow interchangers can realize accepting or rejecting for user's request according to predetermined policy.We can be according to user's need
It asks and is pre-designed flow table item on SDN controllers, partial function strategy is stored in control plane.
Api interface shields network infrastructure in type, supported protocol etc. as data Layer and control layer interface
Isomerism so that the exchange network of data Layer can receive control layer instruction, the data in fast-forwarding network without barrier
Business;Interface of the api interface as standardization control layer and application layer provides unified administration view and programming for upper layer application
Interface so that user can easily realize software defined network control and network service.
Further, function module include data integrity detection unit, Union user management unit and network attack with
Threat detection unit.Security service access request before each unit corresponds to realizes an access safety guarantee function.
Further, the quantity of cloud line module is several, and the quantity of cloud service module is several.Under actual environment
Multiple cloud line modules and cloud service module can be disposed, multiple cloud line modules will access a cloud service module or multiple clouds
Line module accesses multiple cloud service modules;Function module can also dispose multiple, function module one cloud service mould of correspondence
Block a, alternatively, function module corresponds to multiple cloud service modules.
The present invention gives following technical solution:
A kind of security service control method based on SDN, includes the following steps:
Step S1. Switching Modules receive the security service access request of cloud line module;
Step S2. Switching Modules determine whether the security service access request for the first time of cloud line module;
If so, entering step S3;
If it is not, entering step S6;
The security service access request of cloud line module is sent to function module by step S3. Switching Modules;
Step S4. function modules judge whether the security service access request of cloud line module closes rule, and will determine that result passes through
Interface module is sent to SDN controllers;
The security service type and judging result of cloud line module are stored in correspondence flow table by step S5.SDN controllers, and will
Correspondence flow table is sent to Switching Module;
Step S6. Switching Modules execute corresponding operation according to correspondence flow table, allow to close the security service access request advised,
Forbid the security service access request for not conforming to rule;
Return to step S1.
Further, security service includes data integrity detection, Union user management and network attack and threat detection.
Security service access request when cloud line module accesses, need to completely be detected cloud line module data, to cloud user's
Legitimacy is detected, and is detected with threat to whether there is network attack.
Further, the specific steps of step S4:
Step S41. function modules are detected data integrity, judge whether data are complete;
Step S42. function modules are managed cloud line module, judge cloud line module legally or illegally;
Step S43. function modules are detected the safety of security service access request, judge whether network attack with
It threatens.Function module is relative to cloud line module security service access request, and there are corresponding units to user for function module
Module data is completely detected, and is detected to the legitimacy of cloud user, is examined with threat to whether there is network attack
It surveys.
Further, the specific steps of step S6:
Step S61. Switching Modules allow complete data forwarding to cloud service module, and incomplete data is forbidden to be forwarded;
Step S62. Switching Modules allow legal cloud line module to access cloud service module, and illegal cloud line module is prevented to visit
It asks;
Step S63. Switching Modules allow the access request of safety to access cloud service module, and there are network attacks and network prestige for prevention
The access request of the side of body.Switching Module connects different types of security service relative to cloud line module security service access request
Enter request, takes different operations, the data to not meeting data integrity do not forward, and do not allow to visit to illegal line module
It asks, there are network attacks or the access request of threat to forbid.
Further, the specific steps of step S2:
Whether the security service access request of step S21. Switching Modules detection cloud line module has pair in correspondence flow table
Ying Xiang;
Step S22. is if so, then judge that the security service access request of this cloud line module is not for the first time;
Step S23. if, then judge this cloud line module security service access request be for the first time.
There are correspondence flow tables for Switching Module, have the content of partial function module, function module is processed identical
The security service access request of type, has record in correspondence flow table, can judge the safety clothes of cloud line module accordingly
Whether access request of being engaged in is for the first time.
The beneficial effects of the present invention are:
The present invention is combined using SDN controllers with function module, realizes that Switching Module asks line module security service access
The flexible forwarding asked provides the speed of processing security service access request, meanwhile, it ensure that network security;Function module with
Cloud service module is separated, so that cloud service module provider is more succinct, more focused on the offer of infrastructure resources.
In addition, design principle of the present invention is reliable, and it is simple in structure, there is very extensive application prospect.
It can be seen that compared with prior art, the present invention with substantive distinguishing features outstanding and significant progress, implement
Advantageous effect be also obvious.
Description of the drawings
Fig. 1 is the system schematic of the present invention;
Fig. 2 is flow chart of the method for the present invention;
Wherein, 1- Switching Modules;2- cloud line modules;3- cloud service modules;4-SDN controllers;5- function modules;5.1- data
Integrity detection unit;5.2- Union user management units;5.3- network attacks and threat detection unit;6- interface modules.
Specific implementation mode:
To enable the purpose of the present invention, feature, advantage more apparent and understandable, it is embodied below in conjunction with the present invention
Attached drawing in example, is clearly and completely described the technical solution in the present invention.
Embodiment 1:
As shown in Figure 1, the present invention provides a kind of security service control system based on SDN, including Switching Module 1, Switching Module 1
It is connected with cloud line module 2, cloud service module 3, SDN controllers 4 and function module 5, SDN controllers 4 are connected with interface module
6, interface module 6 is also connect with Switching Module 1;
Function module 5 may be provided at consolidated network with SDN controllers 4, may also be arranged on heterogeneous networks;Switching Module 1 uses
OpenFlow interchangers, interface module 6 use api interface;
Function module 5 includes that data integrity detection unit 5.1, Union user management unit 5.2 and network attack are examined with threat
Survey unit 5.3;
The quantity of cloud line module 2 is several, and the quantity of cloud service module 3 is several;
The cloud Switching Module 1 receives the security service access request of cloud line module 2, and determines whether cloud line module 2
Security service access request for the first time;
When the security service access request of cloud line module 2 is security service access request for the first time, Switching Module 1 is by cloud user
The security service access request of module 2 is sent to function module 5;
Function module 5 judges whether the security service access request of cloud line module 2 closes rule, and will determine that result passes through interface mould
Block 6 is sent to SDN controllers 4;
Switching Module 1 executes corresponding operation according to correspondence flow table, allows to close the security service access request advised, forbid not
Close the security service access request of rule;
When the security service access request of cloud line module 2 is not security service access request for the first time, Switching Module 1 is according to right
It should be related to that flow table executes corresponding operation, allow to close the security service access request advised, forbid the security service access for not conforming to rule
Request.
Security service cloud can be used in function module 5 in above-described embodiment 1, and access safety is provided exclusively for cloud line module 2
The service of aspect, provides safety guarantee to the user in the form of services.A large amount of Network Security Device clusters together, are formed special
Cope with the security service cloud of the access safety problem of cloud.The analysis of access security framework based on cloud, security service cloud can provide
Data integrity detection, Union user management, the security service for blocking network attack, have good autgmentability.Compared to tradition
Safe practice, defence capability that security service cloud can greatly improve, the lifting system speed of response increase system scale, full
The access demand for security that sufficient cloud line module becomes increasingly complex.It is supported by the powerful calculating and storage that cloud computing provides, peace
The association analysis etc. between the picking rate and event for coping with the phylactic power defensive power, anomalous event that threaten can be substantially improved in full service cloud
Ability promotes the safety assurance ability of whole network.
Using above-described embodiment 1, as the cloud service module of ICP, by the institute as cloud line module
There is the security service access request that the HTTP of user is accessed to import the HTTP virus scans of the security provider as function module
The detection that security service access request is carried out in device, to which ICP and security provider be separated;As
The cloud service module of enterprise, the IPS equipment of the outside used as function module ensure intranet security;Cloud as enterprise takes
Business module, the flow equalizer of the network operator used as function module realize the load balancing of corporate server.
Embodiment 2:
As shown in Fig. 2, the present invention provides a kind of security service control method based on SDN, include the following steps:
Step S1. Switching Modules receive the security service access request of cloud line module;Security service includes data integrity inspection
Survey, Union user management and network attack and threat detection;
Step S2. Switching Modules determine whether the security service access request for the first time of cloud line module;It is as follows:
Whether the security service access request of step S21. Switching Modules detection cloud line module has pair in correspondence flow table
Ying Xiang;
Step S22. is if so, then judge that the security service access request of this cloud line module is not for the first time;
Step S23. if, then judge this cloud line module security service access request be for the first time;
If so, entering step S3;
If it is not, entering step S6;
The security service access request of cloud line module is sent to function module by step S3. Switching Modules;
Step S4. function modules judge whether the security service access request of cloud line module closes rule, and will determine that result passes through
Interface module is sent to SDN controllers;It is as follows:
Step S41. function modules are detected data integrity, judge whether data are complete;
Step S42. function modules are managed cloud line module, judge cloud line module legally or illegally;
Step S43. function modules are detected the safety of security service access request, judge whether network attack with
It threatens;
The security service type and judging result of cloud line module are stored in correspondence flow table by step S5.SDN controllers, and will
Correspondence flow table is sent to Switching Module;
Step S6. Switching Modules execute corresponding operation according to correspondence flow table, allow to close the security service access request advised,
Forbid the security service access request for not conforming to rule;It is as follows:
Step S61. Switching Modules allow complete data forwarding to cloud service module, and incomplete data is forbidden to be forwarded;
Step S62. Switching Modules allow legal cloud line module to access cloud service module, and illegal cloud line module is prevented to visit
It asks;
Step S63. Switching Modules allow the access request of safety to access cloud service module, and there are network attacks and network prestige for prevention
The access request of the side of body
Return to step S1.
The embodiment of the present invention is illustrative and not restrictive, and above-described embodiment is only to aid in the understanding present invention, because
The present invention is not limited to the embodiments described in specific implementation mode for this, every by those skilled in the art's technique according to the invention
Other specific implementation modes that scheme obtains, also belong to the scope of protection of the invention.
Claims (10)
1. a kind of security service control system based on SDN, which is characterized in that including Switching Module(1), Switching Module(1)Even
It is connected to cloud line module(2), cloud service module(3), SDN controllers(4)And function module(5), SDN controllers(4)It is connected with
Interface module(6), interface module(6)Also with Switching Module(1)Connection;
The cloud Switching Module(1)Receive cloud line module(2)Security service access request, and determine whether cloud user's mould
Block(2)Security service access request for the first time;
When cloud line module(2)Security service access request be for the first time security service access request when, Switching Module(1)By cloud
Line module(2)Security service access request be sent to function module(5);
Function module(5)Judge cloud line module(2)Security service access request whether close rule, and will determine that result by connecing
Mouth mold block(6)It is sent to SDN controllers(4);
Switching Module(1)Corresponding operation is executed according to correspondence flow table, allows to close the security service access request advised, forbid
The security service access request of rule is not conformed to;
When cloud line module(2)Security service access request be not for the first time security service access request when, Switching Module(1)Root
Corresponding operation is executed according to correspondence flow table, allows to close the security service access request advised, forbids the security service for not conforming to rule
Access request.
2. a kind of security service control system based on SDN as described in claim 1, which is characterized in that function module(5)With
SDN controllers(4)It is arranged in consolidated network, alternatively, function module(5)With SDN controllers(4)It is arranged in heterogeneous networks.
3. a kind of security service control system based on SDN as described in claim 1, which is characterized in that Switching Module(1)It adopts
With OpenFlow interchangers, interface module(6)Using api interface.
4. a kind of security service control system based on SDN as described in claim 1, which is characterized in that function module(5)Packet
Include data integrity detection unit(5.1), Union user management unit(5.2)With network attack and threat detection unit(5.3).
5. a kind of security service control system based on SDN as described in claim 1, which is characterized in that cloud line module(2)
Quantity be several, cloud service module(3)Quantity be several.
6. a kind of security service control method based on SDN, which is characterized in that include the following steps:
Step S1. Switching Modules receive the security service access request of cloud line module;
Step S2. Switching Modules determine whether the security service access request for the first time of cloud line module;
If so, entering step S3;
If it is not, entering step S6;
The security service access request of cloud line module is sent to function module by step S3. Switching Modules;
Step S4. function modules judge whether the security service access request of cloud line module closes rule, and will determine that result passes through
Interface module is sent to SDN controllers;
The security service type and judging result of cloud line module are stored in correspondence flow table by step S5.SDN controllers, and will
Correspondence flow table is sent to Switching Module;
Step S6. Switching Modules execute corresponding operation according to correspondence flow table, allow to close the security service access request advised,
Forbid the security service access request for not conforming to rule;
Return to step S1.
7. a kind of security service control method based on SDN as claimed in claim 6, which is characterized in that security service includes
Data integrity detection, Union user management and network attack and threat detection.
8. a kind of security service control method based on SDN as claimed in claim 7, which is characterized in that
The specific steps of step S4:
Step S41. function modules are detected data integrity, judge whether data are complete;
Step S42. function modules are managed cloud line module, judge cloud line module legally or illegally;
Step S43. function modules are detected the safety of security service access request, judge whether network attack with
It threatens.
9. a kind of security service control method based on SDN as claimed in claim 8, which is characterized in that
The specific steps of step S6:
Step S61. Switching Modules allow complete data forwarding to cloud service module, and incomplete data is forbidden to be forwarded;
Step S62. Switching Modules allow legal cloud line module to access cloud service module, and illegal cloud line module is prevented to visit
It asks;
Step S63. Switching Modules allow the access request of safety to access cloud service module, and there are network attacks and network prestige for prevention
The access request of the side of body.
10. a kind of security service control method based on SDN as claimed in claim 6, which is characterized in that step S2's is specific
Step:
Whether the security service access request of step S21. Switching Modules detection cloud line module has pair in correspondence flow table
Ying Xiang;
Step S22. is if so, then judge that the security service access request of this cloud line module is not for the first time;
Step S23. if, then judge this cloud line module security service access request be for the first time.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810638859.3A CN108810001A (en) | 2018-06-20 | 2018-06-20 | A kind of security service control system and method based on SDN |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810638859.3A CN108810001A (en) | 2018-06-20 | 2018-06-20 | A kind of security service control system and method based on SDN |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108810001A true CN108810001A (en) | 2018-11-13 |
Family
ID=64083872
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810638859.3A Pending CN108810001A (en) | 2018-06-20 | 2018-06-20 | A kind of security service control system and method based on SDN |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108810001A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112448929A (en) * | 2019-09-02 | 2021-03-05 | 中国电力科学研究院有限公司 | Dynamic side protection method and platform for communication network |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104363203A (en) * | 2014-10-16 | 2015-02-18 | 贵州中科博智科技有限公司 | SDN-based secure cloud access method |
CN105282046A (en) * | 2015-09-11 | 2016-01-27 | 浪潮集团有限公司 | Secure cloud access realization method by means of software defined networking |
CN105337958A (en) * | 2015-09-24 | 2016-02-17 | 陈鸣 | Network security audit and access system based on Openflow, network security audit method based on Openflow, and network security access method based on Openflow |
CN107181720A (en) * | 2016-03-11 | 2017-09-19 | 中兴通讯股份有限公司 | A kind of method and device of software definition networking SDN secure communications |
US9769069B2 (en) * | 2015-04-10 | 2017-09-19 | At&T Intellectual Property I, L.P. | Methods and apparatus to provide a consumer services cloud in a communications network |
CN107948129A (en) * | 2017-10-16 | 2018-04-20 | 北京邮电大学 | Internet of Things mist calculating network system and its control method based on SDN |
-
2018
- 2018-06-20 CN CN201810638859.3A patent/CN108810001A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104363203A (en) * | 2014-10-16 | 2015-02-18 | 贵州中科博智科技有限公司 | SDN-based secure cloud access method |
US9769069B2 (en) * | 2015-04-10 | 2017-09-19 | At&T Intellectual Property I, L.P. | Methods and apparatus to provide a consumer services cloud in a communications network |
CN105282046A (en) * | 2015-09-11 | 2016-01-27 | 浪潮集团有限公司 | Secure cloud access realization method by means of software defined networking |
CN105337958A (en) * | 2015-09-24 | 2016-02-17 | 陈鸣 | Network security audit and access system based on Openflow, network security audit method based on Openflow, and network security access method based on Openflow |
CN107181720A (en) * | 2016-03-11 | 2017-09-19 | 中兴通讯股份有限公司 | A kind of method and device of software definition networking SDN secure communications |
CN107948129A (en) * | 2017-10-16 | 2018-04-20 | 北京邮电大学 | Internet of Things mist calculating network system and its control method based on SDN |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112448929A (en) * | 2019-09-02 | 2021-03-05 | 中国电力科学研究院有限公司 | Dynamic side protection method and platform for communication network |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108712329A (en) | A kind of gateway and log recording retrieval device based on Elasticsearch | |
CN109617865B (en) | Network security monitoring and defense method based on mobile edge computing | |
US8089871B2 (en) | Method and apparatus for traffic control of dynamic denial of service attacks within a communications network | |
CN104954367B (en) | A kind of cross-domain ddos attack means of defence of internet omnidirectional | |
US7120934B2 (en) | System, method and apparatus for detecting, identifying and responding to fraudulent requests on a network | |
CN105306622B (en) | A kind of cloud net fusion domain name analysis system and its DNS service method | |
CN106899601A (en) | Network attack defence installation and method based on cloud and local platform | |
CN104853002B (en) | A kind of dns resolution system and analytic method based on SDN network | |
CN106027466B (en) | A kind of identity card cloud Verification System and card-reading system | |
CN110012038A (en) | A kind of network attack defence method and system | |
CN109347847A (en) | A kind of smart city security assurance information system | |
CN105847423A (en) | Cloud platform capable of unified safety monitoring and management | |
CN108234677A (en) | A kind of block chain network node serve device towards multi-tiling platform chain | |
CN110224977A (en) | A kind of composite defense policy conflict digestion procedure and system | |
CN107566359A (en) | A kind of intelligent fire-proofing wall system and means of defence | |
CN109165508A (en) | A kind of external device access safety control system and its control method | |
CN102752722B (en) | Offer method, system and the equipment of a kind of always online ability | |
CN109617875A (en) | A kind of the secure accessing platform and its implementation of terminal communication network | |
CN100382511C (en) | Gridding authorization realizing method | |
CN107360115A (en) | A kind of SDN means of defence and device | |
CN108810001A (en) | A kind of security service control system and method based on SDN | |
US20050204160A1 (en) | Method for establishing directed circuits between parties with limited mutual trust | |
CN101340339A (en) | Wideband access server cluster system and apparatus | |
CN112422348B (en) | Power information data acquisition communication system and method | |
CN114268457A (en) | Multi-protocol multi-service public network security access method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181113 |