CN108810001A - A kind of security service control system and method based on SDN - Google Patents

A kind of security service control system and method based on SDN Download PDF

Info

Publication number
CN108810001A
CN108810001A CN201810638859.3A CN201810638859A CN108810001A CN 108810001 A CN108810001 A CN 108810001A CN 201810638859 A CN201810638859 A CN 201810638859A CN 108810001 A CN108810001 A CN 108810001A
Authority
CN
China
Prior art keywords
module
security service
access request
cloud
service access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810638859.3A
Other languages
Chinese (zh)
Inventor
曹玲玲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Yunhai Information Technology Co Ltd
Original Assignee
Zhengzhou Yunhai Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Yunhai Information Technology Co Ltd filed Critical Zhengzhou Yunhai Information Technology Co Ltd
Priority to CN201810638859.3A priority Critical patent/CN108810001A/en
Publication of CN108810001A publication Critical patent/CN108810001A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Abstract

The present invention provides a kind of security service control system and method based on SDN, system includes Switching Module, Switching Module is connected with cloud line module, cloud service module, SDN controllers and function module, and SDN controllers are connected with interface module, and interface module is also connect with Switching Module;Method:Switching Module receives the security service access request of cloud line module, determines whether the security service access request for the first time of cloud line module;If so, the security service access request of cloud line module is sent to function module by Switching Module;Function module judges whether to close rule, and will determine that result is sent to SDN controllers by interface module;SDN controllers will determine that result is stored in correspondence flow table, and be sent to Switching Module;Switching Module executes corresponding operation according to correspondence flow table, allows to close rule security service access request, forbids not conforming to rule security service access request;If it is not, Switching Module directly executes operation according to correspondence flow table.

Description

A kind of security service control system and method based on SDN
Technical field
The invention belongs to network safety fileds, and in particular to a kind of security service control system and method based on SDN.
Background technology
SDN is the abbreviation of Software Defined Network, software defined network.
OpenFlow, exchange network.
The web-transporting device in occasions such as distributing frame, data center, wide area networks is applied to have high transmission speed now Rate, superior performance can reach Tbit ranks.Unquestionably, cheap high performance network switching equipment will be popularized increasingly.Together When, network gos deep into the every field of society, and it is generally desirable to the channels that network is not only transmission data for we, moreover it is possible to provide Specific function service.Service function such as accesses safety, network-caching (Web Cache), Cyberthreat detection (IDS), address (NAT), load balancing (Traffic Balance) etc. are converted, these are provided by individual function module in network.It is existing Some access security function service offer patterns have 3 kinds of forms:Embedded terminal pattern, network intermediary device pattern, switching equipment Pattern;These three functions are provided pattern and are implemented based on existing network framework, and the environment of cloud computing can not be all adapted to.
This is the deficiencies in the prior art, therefore, in view of the above-mentioned drawbacks in the prior art, provides a kind of peace based on SDN Full operation control system and method, are necessary.
Invention content
It is an object of the present invention to the defect of cloud computing environment can not be adapted to for existing access security function service, A kind of security service control system and method based on SDN are provided, to solve the above technical problems.
To achieve the above object, the present invention provides following technical scheme:
A kind of security service control system based on SDN, including Switching Module, Switching Module are connected with cloud line module, cloud clothes Business module, SDN controllers and function module, SDN controllers are connected with interface module, and interface module is also connect with Switching Module;
The cloud Switching Module receives the security service access request of cloud line module, and determines whether the head of cloud line module Secondary security service access request;
When the security service access request of cloud line module is security service access request for the first time, Switching Module is by cloud user's mould The security service access request of block is sent to function module;
Function module judges whether the security service access request of cloud line module closes rule, and will determine that result passes through interface module It is sent to SDN controllers;
Switching Module executes corresponding operation according to correspondence flow table, allows to close the security service access request advised, forbid not Close the security service access request of rule;
When the security service access request of cloud line module is not security service access request for the first time, Switching Module is according to correspondence Relationship flow table executes corresponding operation, allows to close the security service access request advised, and the security service access for not conforming to rule is forbidden to ask It asks.SDN is a kind of completely new network architecture, and independent control Direct Programming and can be separated with network layer, traditional net Network framework is divided into 3 application, control, data levels, and independent control and the programming of network are realized by standard interface.
Further, function module is arranged with SDN controllers in consolidated network, alternatively, function module is set with SDN controllers It sets in heterogeneous networks.SDN technologies can forward the data to any position of network, this allows for function module in SDN network It can be placed on any position of network, partial function module policy can be stored in SDN controllers, be issued again when needing in advance Onto Switching Module, this can replace the work of partial function module.
Further, Switching Module uses OpenFlow interchangers, interface module to use api interface.OpenFlow will be controlled Function processed is separated from the network equipment, safeguards flow table (flow table) structure on network devices, packet according to Flow table is forwarded, and the generation of flow table, maintenance, configuration be then managed by central controller.The flow table structure of OpenFlow By network processes level flattening so that the processing of network data meets fine processing requirement.Under this separation architecture, network Logic control function and upper layer application can be by central controllers neatly into Mobile state management and configuration, while influencing In the case of traditional network normal discharge, new network is built in existing network.Masters of the OpenFlow as current SDN frameworks OpenFlow agreements are added conventional switch and form OpenFlow interchangers, according to built-in flow table item design data by Flow Technique Forwarding strategy.The SDN controllers of distal end instruct the message in OpenFlow interchangers to forward by issuing flow table.By configuring stream Table, OpenFlow interchangers can realize accepting or rejecting for user's request according to predetermined policy.We can be according to user's need It asks and is pre-designed flow table item on SDN controllers, partial function strategy is stored in control plane.
Api interface shields network infrastructure in type, supported protocol etc. as data Layer and control layer interface Isomerism so that the exchange network of data Layer can receive control layer instruction, the data in fast-forwarding network without barrier Business;Interface of the api interface as standardization control layer and application layer provides unified administration view and programming for upper layer application Interface so that user can easily realize software defined network control and network service.
Further, function module include data integrity detection unit, Union user management unit and network attack with Threat detection unit.Security service access request before each unit corresponds to realizes an access safety guarantee function.
Further, the quantity of cloud line module is several, and the quantity of cloud service module is several.Under actual environment Multiple cloud line modules and cloud service module can be disposed, multiple cloud line modules will access a cloud service module or multiple clouds Line module accesses multiple cloud service modules;Function module can also dispose multiple, function module one cloud service mould of correspondence Block a, alternatively, function module corresponds to multiple cloud service modules.
The present invention gives following technical solution:
A kind of security service control method based on SDN, includes the following steps:
Step S1. Switching Modules receive the security service access request of cloud line module;
Step S2. Switching Modules determine whether the security service access request for the first time of cloud line module;
If so, entering step S3;
If it is not, entering step S6;
The security service access request of cloud line module is sent to function module by step S3. Switching Modules;
Step S4. function modules judge whether the security service access request of cloud line module closes rule, and will determine that result passes through Interface module is sent to SDN controllers;
The security service type and judging result of cloud line module are stored in correspondence flow table by step S5.SDN controllers, and will Correspondence flow table is sent to Switching Module;
Step S6. Switching Modules execute corresponding operation according to correspondence flow table, allow to close the security service access request advised, Forbid the security service access request for not conforming to rule;
Return to step S1.
Further, security service includes data integrity detection, Union user management and network attack and threat detection. Security service access request when cloud line module accesses, need to completely be detected cloud line module data, to cloud user's Legitimacy is detected, and is detected with threat to whether there is network attack.
Further, the specific steps of step S4:
Step S41. function modules are detected data integrity, judge whether data are complete;
Step S42. function modules are managed cloud line module, judge cloud line module legally or illegally;
Step S43. function modules are detected the safety of security service access request, judge whether network attack with It threatens.Function module is relative to cloud line module security service access request, and there are corresponding units to user for function module Module data is completely detected, and is detected to the legitimacy of cloud user, is examined with threat to whether there is network attack It surveys.
Further, the specific steps of step S6:
Step S61. Switching Modules allow complete data forwarding to cloud service module, and incomplete data is forbidden to be forwarded;
Step S62. Switching Modules allow legal cloud line module to access cloud service module, and illegal cloud line module is prevented to visit It asks;
Step S63. Switching Modules allow the access request of safety to access cloud service module, and there are network attacks and network prestige for prevention The access request of the side of body.Switching Module connects different types of security service relative to cloud line module security service access request Enter request, takes different operations, the data to not meeting data integrity do not forward, and do not allow to visit to illegal line module It asks, there are network attacks or the access request of threat to forbid.
Further, the specific steps of step S2:
Whether the security service access request of step S21. Switching Modules detection cloud line module has pair in correspondence flow table Ying Xiang;
Step S22. is if so, then judge that the security service access request of this cloud line module is not for the first time;
Step S23. if, then judge this cloud line module security service access request be for the first time.
There are correspondence flow tables for Switching Module, have the content of partial function module, function module is processed identical The security service access request of type, has record in correspondence flow table, can judge the safety clothes of cloud line module accordingly Whether access request of being engaged in is for the first time.
The beneficial effects of the present invention are:
The present invention is combined using SDN controllers with function module, realizes that Switching Module asks line module security service access The flexible forwarding asked provides the speed of processing security service access request, meanwhile, it ensure that network security;Function module with Cloud service module is separated, so that cloud service module provider is more succinct, more focused on the offer of infrastructure resources.
In addition, design principle of the present invention is reliable, and it is simple in structure, there is very extensive application prospect.
It can be seen that compared with prior art, the present invention with substantive distinguishing features outstanding and significant progress, implement Advantageous effect be also obvious.
Description of the drawings
Fig. 1 is the system schematic of the present invention;
Fig. 2 is flow chart of the method for the present invention;
Wherein, 1- Switching Modules;2- cloud line modules;3- cloud service modules;4-SDN controllers;5- function modules;5.1- data Integrity detection unit;5.2- Union user management units;5.3- network attacks and threat detection unit;6- interface modules.
Specific implementation mode:
To enable the purpose of the present invention, feature, advantage more apparent and understandable, it is embodied below in conjunction with the present invention Attached drawing in example, is clearly and completely described the technical solution in the present invention.
Embodiment 1:
As shown in Figure 1, the present invention provides a kind of security service control system based on SDN, including Switching Module 1, Switching Module 1 It is connected with cloud line module 2, cloud service module 3, SDN controllers 4 and function module 5, SDN controllers 4 are connected with interface module 6, interface module 6 is also connect with Switching Module 1;
Function module 5 may be provided at consolidated network with SDN controllers 4, may also be arranged on heterogeneous networks;Switching Module 1 uses OpenFlow interchangers, interface module 6 use api interface;
Function module 5 includes that data integrity detection unit 5.1, Union user management unit 5.2 and network attack are examined with threat Survey unit 5.3;
The quantity of cloud line module 2 is several, and the quantity of cloud service module 3 is several;
The cloud Switching Module 1 receives the security service access request of cloud line module 2, and determines whether cloud line module 2 Security service access request for the first time;
When the security service access request of cloud line module 2 is security service access request for the first time, Switching Module 1 is by cloud user The security service access request of module 2 is sent to function module 5;
Function module 5 judges whether the security service access request of cloud line module 2 closes rule, and will determine that result passes through interface mould Block 6 is sent to SDN controllers 4;
Switching Module 1 executes corresponding operation according to correspondence flow table, allows to close the security service access request advised, forbid not Close the security service access request of rule;
When the security service access request of cloud line module 2 is not security service access request for the first time, Switching Module 1 is according to right It should be related to that flow table executes corresponding operation, allow to close the security service access request advised, forbid the security service access for not conforming to rule Request.
Security service cloud can be used in function module 5 in above-described embodiment 1, and access safety is provided exclusively for cloud line module 2 The service of aspect, provides safety guarantee to the user in the form of services.A large amount of Network Security Device clusters together, are formed special Cope with the security service cloud of the access safety problem of cloud.The analysis of access security framework based on cloud, security service cloud can provide Data integrity detection, Union user management, the security service for blocking network attack, have good autgmentability.Compared to tradition Safe practice, defence capability that security service cloud can greatly improve, the lifting system speed of response increase system scale, full The access demand for security that sufficient cloud line module becomes increasingly complex.It is supported by the powerful calculating and storage that cloud computing provides, peace The association analysis etc. between the picking rate and event for coping with the phylactic power defensive power, anomalous event that threaten can be substantially improved in full service cloud Ability promotes the safety assurance ability of whole network.
Using above-described embodiment 1, as the cloud service module of ICP, by the institute as cloud line module There is the security service access request that the HTTP of user is accessed to import the HTTP virus scans of the security provider as function module The detection that security service access request is carried out in device, to which ICP and security provider be separated;As The cloud service module of enterprise, the IPS equipment of the outside used as function module ensure intranet security;Cloud as enterprise takes Business module, the flow equalizer of the network operator used as function module realize the load balancing of corporate server.
Embodiment 2:
As shown in Fig. 2, the present invention provides a kind of security service control method based on SDN, include the following steps:
Step S1. Switching Modules receive the security service access request of cloud line module;Security service includes data integrity inspection Survey, Union user management and network attack and threat detection;
Step S2. Switching Modules determine whether the security service access request for the first time of cloud line module;It is as follows:
Whether the security service access request of step S21. Switching Modules detection cloud line module has pair in correspondence flow table Ying Xiang;
Step S22. is if so, then judge that the security service access request of this cloud line module is not for the first time;
Step S23. if, then judge this cloud line module security service access request be for the first time;
If so, entering step S3;
If it is not, entering step S6;
The security service access request of cloud line module is sent to function module by step S3. Switching Modules;
Step S4. function modules judge whether the security service access request of cloud line module closes rule, and will determine that result passes through Interface module is sent to SDN controllers;It is as follows:
Step S41. function modules are detected data integrity, judge whether data are complete;
Step S42. function modules are managed cloud line module, judge cloud line module legally or illegally;
Step S43. function modules are detected the safety of security service access request, judge whether network attack with It threatens;
The security service type and judging result of cloud line module are stored in correspondence flow table by step S5.SDN controllers, and will Correspondence flow table is sent to Switching Module;
Step S6. Switching Modules execute corresponding operation according to correspondence flow table, allow to close the security service access request advised, Forbid the security service access request for not conforming to rule;It is as follows:
Step S61. Switching Modules allow complete data forwarding to cloud service module, and incomplete data is forbidden to be forwarded;
Step S62. Switching Modules allow legal cloud line module to access cloud service module, and illegal cloud line module is prevented to visit It asks;
Step S63. Switching Modules allow the access request of safety to access cloud service module, and there are network attacks and network prestige for prevention The access request of the side of body
Return to step S1.
The embodiment of the present invention is illustrative and not restrictive, and above-described embodiment is only to aid in the understanding present invention, because The present invention is not limited to the embodiments described in specific implementation mode for this, every by those skilled in the art's technique according to the invention Other specific implementation modes that scheme obtains, also belong to the scope of protection of the invention.

Claims (10)

1. a kind of security service control system based on SDN, which is characterized in that including Switching Module(1), Switching Module(1)Even It is connected to cloud line module(2), cloud service module(3), SDN controllers(4)And function module(5), SDN controllers(4)It is connected with Interface module(6), interface module(6)Also with Switching Module(1)Connection;
The cloud Switching Module(1)Receive cloud line module(2)Security service access request, and determine whether cloud user's mould Block(2)Security service access request for the first time;
When cloud line module(2)Security service access request be for the first time security service access request when, Switching Module(1)By cloud Line module(2)Security service access request be sent to function module(5);
Function module(5)Judge cloud line module(2)Security service access request whether close rule, and will determine that result by connecing Mouth mold block(6)It is sent to SDN controllers(4);
Switching Module(1)Corresponding operation is executed according to correspondence flow table, allows to close the security service access request advised, forbid The security service access request of rule is not conformed to;
When cloud line module(2)Security service access request be not for the first time security service access request when, Switching Module(1)Root Corresponding operation is executed according to correspondence flow table, allows to close the security service access request advised, forbids the security service for not conforming to rule Access request.
2. a kind of security service control system based on SDN as described in claim 1, which is characterized in that function module(5)With SDN controllers(4)It is arranged in consolidated network, alternatively, function module(5)With SDN controllers(4)It is arranged in heterogeneous networks.
3. a kind of security service control system based on SDN as described in claim 1, which is characterized in that Switching Module(1)It adopts With OpenFlow interchangers, interface module(6)Using api interface.
4. a kind of security service control system based on SDN as described in claim 1, which is characterized in that function module(5)Packet Include data integrity detection unit(5.1), Union user management unit(5.2)With network attack and threat detection unit(5.3).
5. a kind of security service control system based on SDN as described in claim 1, which is characterized in that cloud line module(2) Quantity be several, cloud service module(3)Quantity be several.
6. a kind of security service control method based on SDN, which is characterized in that include the following steps:
Step S1. Switching Modules receive the security service access request of cloud line module;
Step S2. Switching Modules determine whether the security service access request for the first time of cloud line module;
If so, entering step S3;
If it is not, entering step S6;
The security service access request of cloud line module is sent to function module by step S3. Switching Modules;
Step S4. function modules judge whether the security service access request of cloud line module closes rule, and will determine that result passes through Interface module is sent to SDN controllers;
The security service type and judging result of cloud line module are stored in correspondence flow table by step S5.SDN controllers, and will Correspondence flow table is sent to Switching Module;
Step S6. Switching Modules execute corresponding operation according to correspondence flow table, allow to close the security service access request advised, Forbid the security service access request for not conforming to rule;
Return to step S1.
7. a kind of security service control method based on SDN as claimed in claim 6, which is characterized in that security service includes Data integrity detection, Union user management and network attack and threat detection.
8. a kind of security service control method based on SDN as claimed in claim 7, which is characterized in that
The specific steps of step S4:
Step S41. function modules are detected data integrity, judge whether data are complete;
Step S42. function modules are managed cloud line module, judge cloud line module legally or illegally;
Step S43. function modules are detected the safety of security service access request, judge whether network attack with It threatens.
9. a kind of security service control method based on SDN as claimed in claim 8, which is characterized in that
The specific steps of step S6:
Step S61. Switching Modules allow complete data forwarding to cloud service module, and incomplete data is forbidden to be forwarded;
Step S62. Switching Modules allow legal cloud line module to access cloud service module, and illegal cloud line module is prevented to visit It asks;
Step S63. Switching Modules allow the access request of safety to access cloud service module, and there are network attacks and network prestige for prevention The access request of the side of body.
10. a kind of security service control method based on SDN as claimed in claim 6, which is characterized in that step S2's is specific Step:
Whether the security service access request of step S21. Switching Modules detection cloud line module has pair in correspondence flow table Ying Xiang;
Step S22. is if so, then judge that the security service access request of this cloud line module is not for the first time;
Step S23. if, then judge this cloud line module security service access request be for the first time.
CN201810638859.3A 2018-06-20 2018-06-20 A kind of security service control system and method based on SDN Pending CN108810001A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810638859.3A CN108810001A (en) 2018-06-20 2018-06-20 A kind of security service control system and method based on SDN

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810638859.3A CN108810001A (en) 2018-06-20 2018-06-20 A kind of security service control system and method based on SDN

Publications (1)

Publication Number Publication Date
CN108810001A true CN108810001A (en) 2018-11-13

Family

ID=64083872

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810638859.3A Pending CN108810001A (en) 2018-06-20 2018-06-20 A kind of security service control system and method based on SDN

Country Status (1)

Country Link
CN (1) CN108810001A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112448929A (en) * 2019-09-02 2021-03-05 中国电力科学研究院有限公司 Dynamic side protection method and platform for communication network

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104363203A (en) * 2014-10-16 2015-02-18 贵州中科博智科技有限公司 SDN-based secure cloud access method
CN105282046A (en) * 2015-09-11 2016-01-27 浪潮集团有限公司 Secure cloud access realization method by means of software defined networking
CN105337958A (en) * 2015-09-24 2016-02-17 陈鸣 Network security audit and access system based on Openflow, network security audit method based on Openflow, and network security access method based on Openflow
CN107181720A (en) * 2016-03-11 2017-09-19 中兴通讯股份有限公司 A kind of method and device of software definition networking SDN secure communications
US9769069B2 (en) * 2015-04-10 2017-09-19 At&T Intellectual Property I, L.P. Methods and apparatus to provide a consumer services cloud in a communications network
CN107948129A (en) * 2017-10-16 2018-04-20 北京邮电大学 Internet of Things mist calculating network system and its control method based on SDN

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104363203A (en) * 2014-10-16 2015-02-18 贵州中科博智科技有限公司 SDN-based secure cloud access method
US9769069B2 (en) * 2015-04-10 2017-09-19 At&T Intellectual Property I, L.P. Methods and apparatus to provide a consumer services cloud in a communications network
CN105282046A (en) * 2015-09-11 2016-01-27 浪潮集团有限公司 Secure cloud access realization method by means of software defined networking
CN105337958A (en) * 2015-09-24 2016-02-17 陈鸣 Network security audit and access system based on Openflow, network security audit method based on Openflow, and network security access method based on Openflow
CN107181720A (en) * 2016-03-11 2017-09-19 中兴通讯股份有限公司 A kind of method and device of software definition networking SDN secure communications
CN107948129A (en) * 2017-10-16 2018-04-20 北京邮电大学 Internet of Things mist calculating network system and its control method based on SDN

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112448929A (en) * 2019-09-02 2021-03-05 中国电力科学研究院有限公司 Dynamic side protection method and platform for communication network

Similar Documents

Publication Publication Date Title
CN108712329A (en) A kind of gateway and log recording retrieval device based on Elasticsearch
CN109617865B (en) Network security monitoring and defense method based on mobile edge computing
US8089871B2 (en) Method and apparatus for traffic control of dynamic denial of service attacks within a communications network
CN104954367B (en) A kind of cross-domain ddos attack means of defence of internet omnidirectional
US7120934B2 (en) System, method and apparatus for detecting, identifying and responding to fraudulent requests on a network
CN105306622B (en) A kind of cloud net fusion domain name analysis system and its DNS service method
CN106899601A (en) Network attack defence installation and method based on cloud and local platform
CN104853002B (en) A kind of dns resolution system and analytic method based on SDN network
CN106027466B (en) A kind of identity card cloud Verification System and card-reading system
CN110012038A (en) A kind of network attack defence method and system
CN109347847A (en) A kind of smart city security assurance information system
CN105847423A (en) Cloud platform capable of unified safety monitoring and management
CN108234677A (en) A kind of block chain network node serve device towards multi-tiling platform chain
CN110224977A (en) A kind of composite defense policy conflict digestion procedure and system
CN107566359A (en) A kind of intelligent fire-proofing wall system and means of defence
CN109165508A (en) A kind of external device access safety control system and its control method
CN102752722B (en) Offer method, system and the equipment of a kind of always online ability
CN109617875A (en) A kind of the secure accessing platform and its implementation of terminal communication network
CN100382511C (en) Gridding authorization realizing method
CN107360115A (en) A kind of SDN means of defence and device
CN108810001A (en) A kind of security service control system and method based on SDN
US20050204160A1 (en) Method for establishing directed circuits between parties with limited mutual trust
CN101340339A (en) Wideband access server cluster system and apparatus
CN112422348B (en) Power information data acquisition communication system and method
CN114268457A (en) Multi-protocol multi-service public network security access method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20181113