CN110381082A - The attack detection method and device of powerline network based on Mininet - Google Patents

The attack detection method and device of powerline network based on Mininet Download PDF

Info

Publication number
CN110381082A
CN110381082A CN201910725314.0A CN201910725314A CN110381082A CN 110381082 A CN110381082 A CN 110381082A CN 201910725314 A CN201910725314 A CN 201910725314A CN 110381082 A CN110381082 A CN 110381082A
Authority
CN
China
Prior art keywords
host
module
network
node
under fire
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910725314.0A
Other languages
Chinese (zh)
Other versions
CN110381082B (en
Inventor
林荣恒
汤佳微
方齐昱
吴步丹
邹华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Posts and Telecommunications
Original Assignee
Beijing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Posts and Telecommunications filed Critical Beijing University of Posts and Telecommunications
Priority to CN201910725314.0A priority Critical patent/CN110381082B/en
Publication of CN110381082A publication Critical patent/CN110381082A/en
Application granted granted Critical
Publication of CN110381082B publication Critical patent/CN110381082B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses the attack detection methods and device of a kind of powerline network based on Mininet, this method comprises: obtaining the data packet number and data volume that each host is currently received and dispatched within a preset time, for each host, it executes following operation: judging whether the host meets first condition, it be more than the current data amount of the first preset value and the host is more than the second preset value that first condition, which is the current data packet quantity of the host, if so, obtaining the current network linking number of the host;Judge whether the host meets second condition, second condition is that the current network linking number of the host is more than third preset value, if it is, the host is under fire host.Based on method of the invention, it can quickly and accurately determine under fire host, guarantee network security.

Description

The attack detection method and device of powerline network based on Mininet
Technical field
The present invention relates to computer field, in particular to the attack detecting of a kind of powerline network based on Mininet Method and apparatus.
Background technique
With the continuous propulsion and development of powerline network, it is complete that traditional powerline network is unable to satisfy communication network The requirement of covering, and flexibility, the safety of existing powerline network be all difficult to meet powerline network it is further Develop required " structure simplification, ubiquitous safety, centralized control ".Instantly the fast development of smart grid, electric system is to letter The degree of dependence of breath system also shows increasingly increased trend.Electric system will even evolve into the object of a power information Reason system.The transmission of massive information data will have an impact the performance of powerline network.Under this situation, protection of electrical is logical Communication network just seems very important and necessity.
On the other hand, continuous universal with internet with the continuous development of computer technology, network attack form layer goes out Not poor, network security problem becomes increasingly conspicuous, caused by social influence and economic loss it is increasing, Cyberthreat is detected and anti- It is imperial to propose new demand and challenge.Network attack is one of current main network security threats and network security extremely The key object of monitoring.It quickly and accurately finds network attack, attack source is promptly and accurately captured, is analyzed, is tracked and monitors, Knowledge support can be provided for network safety situation index evaluation and immune decision, to improve the whole of network security emergency organization Body responding ability.
Traditional attack detection method is usually only detected whether there may be network attack, without going identification successful Network attack, thus the warning information of a large amount of inaccuracy can be generated, and can not Effective selection go out effective information, O&M processing at This is very high.
Summary of the invention
In view of this, the present invention provides the attack detection method and device of a kind of powerline network based on Mininet, To solve the problems, such as how quickly and accurately to detect network attack.
The present invention provides a kind of attack detection method of powerline network based on Mininet, this method comprises:
The data packet number and data volume that each host is currently received and dispatched within a preset time are obtained, for each host, is executed It operates below:
Judge whether the host meets first condition, first condition is that the current data packet quantity of the host is more than first pre- If being worth and the current data amount of the host being more than the second preset value, if so, obtaining the current network linking number of the host;
Judge whether the host meets second condition, second condition is that the current network linking number of the host is more than third Preset value, if it is, the host is under fire host.
The present invention also provides a kind of non-transitory computer-readable storage medium, non-transitory computer-readable storage medium storages Instruction, the attack that instruction makes processor execute the above-mentioned powerline network based on Mininet when executed by the processor are examined Step in survey method.
The present invention also provides a kind of attack detecting device of powerline network based on Mininet, including processor and Above-mentioned non-transitory computer-readable storage medium.
The information of web database technology is not only utilized in the attack detection method that the present invention uses, and also uses each master in network The network connection information of machine can quickly detect unusual host using data volume, it is possible to which host under attack utilizes network Link information can further ensure that the accuracy of detection, ensure that the accuracy of detection while improving and detecting speed.
Detailed description of the invention
Fig. 1 is that the present invention is based on the flow charts of the attack detection method of the powerline network of Mininet;
Fig. 2 is Mininet network structure of the invention;
Fig. 3 is that the present invention is based on the structure charts of the attack detecting device of the powerline network of Mininet.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer, right in the following with reference to the drawings and specific embodiments The present invention is described in detail.
Mininet is a software tool, can emulate entire OpenFlow network on one computer by it. Mininet uses the virtualization technology (Linux network namespace and linux container framework) based on process of lightweight, can Multiple main frames and interchanger (such as 4096) are run on single operating system nucleus, it can create kernel level and user The OpenFlow interchanger in space, controller and host to control interchanger, between host can by artificial network into Row communication.Mininet connects interchanger and host using pairs of virtual ethernet card (virtual Ethernet, veth), Greatly simplifie exploitation, misarrangement, test and the deployment process of initial stage.New network application can be first in quasi- on-premise network Emulation platform on carry out exploitation test, in the network facilities for then moving to actual motion again.
The present invention is based on the powerline network of Mininet building " structure is simplified, ubiquitous safety, centralized control ", and base In network implementations attack detection method of the invention.
The present invention is based on the attack detection methods of the powerline network of Mininet, as shown in Figure 1, comprising:
S101: obtaining the data packet number and data volume that each host is currently received and dispatched within a preset time, for each host, Execute following operation:
When each host information of acquisition are as follows: when the data volume of data packet number and each data packet, obtained by accumulative operation The data volume currently received and dispatched within a preset time to each host.
S102: judging whether the host meets first condition, and first condition is that the current data packet quantity of the host is more than The current data amount of first preset value and the host is more than the second preset value, if so, obtaining the current network connection of the host Number;
S103: judging whether the host meets second condition, and second condition is that the current network linking number of the host is super Third preset value is crossed, if it is, the host is under fire host.
First preset value, the second preset value, third preset value rule of thumb set, or are set according to historical data, this hair It is bright not limit this.
The information of web database technology is not only utilized in the attack detection method that the present invention uses, and also uses each master in network The network connection information of machine can quickly detect unusual host using data volume, it is possible to which host under attack utilizes network Link information can further ensure that the accuracy of detection, ensure that the accuracy of detection while improving and detecting speed.
On the other hand, it supports to run the attack detection method in network the present invention is based on the powerline network of Mininet System can obtain portablely first condition and second condition needed for data, ensured attack detection method of the invention Operation is implemented, and greatly improves the execution efficiency of attack detection method.
Further, after S103 detects " under fire host ", automatic trigger step S104 is as follows:
S104: for each under fire host, following operation is executed:
S105: the conversion link information with the under fire direct-connected all nodes of host is obtained;
" with the under fire direct-connected node of host " it is interchanger in S105, is responsible for the forwarding of data.
S106: according to each conversion link information, generating the protection flow table of corresponding node and be issued to the node, protection stream The data of table makes the to be forwarded to the node and destination address under fire host are no longer sent to the under fire host.
S104 to S106 is that the prevention policies of " under fire host " just make " under fire to lead after discovery " under fire host " The upper interchanger of machine " blocks the data for being sent to " under fire host ", realizes the offline isolation of " under fire host ".
Wherein, protection flow table includes at least following 2 kinds and other can be by the method for data blackout:
1st kind: protection flow table is all abandoned the data that the node and destination address are the under fire host are forwarded to;
2nd kind: protection flow table will be forwarded to the data that the node and destination address are the under fire host be transferred to it is any There is no nodes.
Will " under fire host " offline isolation when, although blocking " under fire host " and " attack source ", also shadow simultaneously The regular traffic of " under fire host " is rung.
In order to not influence the regular traffic of " under fire host ", it is as follows S106 can be replaced with into S107:
S107: according to this, under fire the current data packet quantity of host and the data volume of each data packet determine this under fire The attack source of host;According to each conversion link information, generates the protection flow table of corresponding node and be issued to the node, protection stream That table makes to be forwarded to the node and source address attack source and destination address are that the data of the under fire host are no longer sent to this Under fire host.
The method of the present invention is applied to support the Mininet network of OpenFlow agreement, realizes for the ease of the method for the present invention, It is proposed network system architecture or structure as shown in Figure 2, until it is lower and on be respectively as follows: accumulation layer, process layer and presentation layer.
As shown in Fig. 2, the system client interface of presentation layer correspondence system framework, main to realize user to system operatio Interface;The process layer of the server of the process layer correspondence system framework of middle layer, by network management module, network topology management, Remote control management module and system log management module composition, what the task that main realization system needs user was carried out Concrete operations;The accumulation layer of the accumulation layer corresponding server of bottom, is made of data processing module and data source, main to realize system System to data can persistence.It is specifically described as follows:
Accumulation layer includes data processing module, and data processing module mainly realizes the sequence of operations to perdurable data, The inquiry of network topological information, user information and operation log, and the modification for these information.
Process layer includes the big module of network management, the big module of the remote control management and the big module of network topology management.
The big module of network management, by node administration module, dynamic protection module, traffic monitoring module, attack detection module It constitutes.
When user is after presentation layer triggers protection module, the attack detection module of automatic trigger process layer is executed, attack inspection The method for surveying module calling figure 1.
After attack detection module exports " under fire host ", but automatic trigger dynamic protection module, dynamic protection module The method for calling S104 to S106 (or S107).
Traffic monitoring module: calling statistics to obtain module, the flow information of the current all links of network is obtained, according to current The flow information of all links obtains the data packet number and data volume that each host is currently received and dispatched within a preset time, or according to working as The flow information of preceding all links obtains the data packet number and data volume that each node is currently received and dispatched within a preset time.Attack inspection Module is surveyed by calling traffic monitoring module to obtain the " data packet number and data that each host is currently received and dispatched within a preset time Amount ".
Node administration module: providing the network connection information of each host, and network connection information includes the current of each host It is connected to the network number.Attack detection module obtains " the current network linking number of each machine " by node administration module.
The big module of the remote control management obtains module by statistics and flow table management module is constituted.
Statistics obtains module: providing the flow information of the current all links of network;Traffic monitoring module is by calling statistics Obtain the flow information that module obtains current all links.
Flow table management module, the method for calling S106 or S107.
The big module of network topology management obtains module composition by topological creation module, topology.
Topological creation module, the main creation for realizing network topology in network system.
Topology obtains module, the main acquisition realized to network topological information.
Presentation layer checks that module, node check that module, statistics check module and protection module comprising topology.
Topology checks module, and by calling topology to obtain module, realization user checks the network topological information of network system, All kinds of node numbers in network, the connection relationship between node pass through figure and show.
Node checks module, calls node administration module, generates the network information of each node, shows one or more sections The network information of point, the network information include at least: host type, IP address and conversion link information;
Statistics checks module, calls traffic monitoring module, obtains the real-time traffic of each node, shows one or more sections The current real-time flows amount and/or historical traffic of point.
Protection module, for opening or closing attack detection module, and real-time exhibition protection process, user can choose The protecting effect that attack detecting and dynamic protection are turned on or off to understand dynamic protection for network system, can complete pair In network topology the identification of network attack i.e. system intrusion detection and be directed to invasion select suitable prevention policies with Dynamic protection is completed, and information flow or network partition variation in real-time exhibition protection process.
The present invention also provides a kind of non-transitory computer-readable storage medium, non-transitory computer-readable storage medium storages Instruction, the attack that instruction makes processor execute the above-mentioned powerline network based on Mininet when executed by the processor are examined Step in survey method.
The present invention also provides a kind of attack detecting device of powerline network based on Mininet, including processor and Above-mentioned non-transitory computer-readable storage medium.
As shown in figure 3, the present invention is based on the attack detecting devices of the powerline network of Mininet, comprising:
First acquisition module: obtaining the data packet number and data volume that each host is currently received and dispatched within a preset time, for Each host executes following operation:
First judgment module: judging whether the host meets first condition, and first condition is the current data packet of the host Quantity is more than that the current data amount of the first preset value and the host is more than the second preset value, if so, obtaining the current of the host It is connected to the network number;
Second judgment module: judging whether the host meets second condition, and second condition is that the current network of the host connects Number is connect more than third preset value, if it is, the host is under fire host.
Further returning apparatus further include:
Dynamic protection module: for each under fire host, following operation is executed:
Second obtains module: obtaining the conversion link information with the under fire direct-connected all nodes of host;
Flow table management module: it according to each conversion link information, generates the protection flow table of corresponding node and is issued to the section Point, protection flow table makes to be forwarded to the node and destination address this under fire the data of host are no longer sent to this and under fire lead Machine.
Wherein, protection flow table make to be forwarded to the node and the data of the destination address under fire host be no longer sent to Under fire host includes: that flow table is protected all to lose the data that the node and destination address are the under fire host are forwarded to for this It abandons, or protection flow table will be forwarded to the data that the node and destination address are the under fire host and be transferred to that any there is no sections Point.
Flow table management module or are as follows: according to the data of under fire the current data packet quantity and each data packet of host Amount determines the attack source of the under fire host;According to each conversion link information, generates the protection flow table of corresponding node and issue To the node, protecting that flow table makes to be forwarded to the node and source address attack source and destination address are the under fire host Data are no longer sent to the under fire host.
The device be applied to support OpenFlow agreement Mininet network, network system include: attack detection module, Traffic monitoring module, statistics obtain module and node administration module;
Attack detection module: network attack detection device is called;
Statistics obtains module: providing the flow information of the current all links of network;
Traffic monitoring module: calling statistics to obtain module, the flow information of the current all links of network is obtained, according to current The flow information of all links obtains the data packet number and data volume that each host is currently received and dispatched within a preset time;
Node administration module: providing the network connection information of each host, and network connection information includes the current of each host It is connected to the network number.
Further, network system further include: dynamic protection module, node administration module and flow table management module;
Node administration module: the conversion link information of each node in network is provided;
When the structure of network system to it is lower and on include: accumulation layer, process layer and presentation layer when, it is attack detection module, dynamic State protection module, traffic monitoring module, flow table management module, statistics obtain module and node administration module is located at process layer.
Presentation layer includes: that topology checks that module, node check that module, statistics check module and protection module;
Topology checks module: calling node administration module, generates and show the network topology structure and information of network system;
Node checks module: calling node administration module, generates the network information of each node, shows one or more sections The network information of point, the network information include at least: host type, IP address and conversion link information;
Statistics checks module: calling traffic monitoring module, obtains the real-time traffic of each node, shows one or more sections The current real-time flows amount and/or historical traffic of point;
Protection module: for opening or closing attack detection module.
It should be noted that the present invention is based on the embodiment of the attack detecting device of the powerline network of Mininet, with The embodiment principle of the attack detection method of powerline network based on Mininet is identical, and related place can mutual reference.
The foregoing is merely illustrative of the preferred embodiments of the present invention, not to limit scope of the invention, it is all Within the spirit and principle of technical solution of the present invention, any modification, equivalent substitution, improvement and etc. done should be included in this hair Within bright protection scope.

Claims (10)

1. a kind of attack detection method of the powerline network based on Mininet, which is characterized in that the described method includes:
The data packet number and data volume that each host is currently received and dispatched within a preset time are obtained, for each host, is executed following Operation:
Judge whether the host meets first condition, the first condition is that the current data packet quantity of the host is more than first pre- If being worth and the current data amount of the host being more than the second preset value, if so, obtaining the current network linking number of the host;
Judge whether the host meets second condition, the second condition is that the current network linking number of the host is more than third Preset value, if it is, the host is under fire host.
2. the method according to claim 1, wherein the method further includes:
For each under fire host, following operation is executed:
Obtain the conversion link information with the under fire direct-connected all nodes of host;
According to each conversion link information, generates the protection flow table of corresponding node and be issued to the node, the protection stream The data of table makes the to be forwarded to the node and destination address under fire host are no longer sent to the under fire host.
3. according to the method described in claim 2, it is characterized in that, the protection flow table makes to be forwarded to the node and destination Location be the data of the under fire host be no longer sent to this under fire host include: the protection flow table will be forwarded to the node and For this, under fire the data whole discarding of host or the protection flow table will be forwarded to the node and destination address to destination address It is transferred to that any there is no nodes for the data of the under fire host.
4. according to the method described in claim 2, it is characterized in that,
It is described according to each conversion link information before further include: according to this under fire the current data packet quantity of host and The data volume of each data packet determines the attack source of the under fire host;
That the protection flow table makes to be forwarded to the node and the source address attack source and destination address are the under fire host Data be no longer sent to the under fire host.
5. the method according to claim 1, wherein the method is applied to support OpenFlow agreement Mininet network, the network system include: attack detection module, traffic monitoring module, statistics acquisition module and node administration Module;
Attack detection module: for executing the network attack detecting method;
Statistics obtains module: providing the flow information of the current all links of the network;
Traffic monitoring module: calling statistics acquisition module, obtains the flow information of the current all links of the network, according to The flow information of current all links obtains the data packet number sum number that each host is currently received and dispatched within a preset time According to amount;
Node administration module: providing the network connection information of each host, and the network connection information includes the current of each host It is connected to the network number.
6. according to the method described in claim 2, it is characterized in that, the method is applied to support OpenFlow agreement Mininet network, the network system include: dynamic protection module, node administration module and flow table management module;
Dynamic protection module: it is described for each under fire host for executing, execute following operation;
Node administration module: the conversion link information of each node in the network is provided;
Flow table management module: for generating the protection flow table of corresponding node and being issued to according to each conversion link information The node.
7. method according to claim 5 or 6, which is characterized in that when the network system structure to it is lower and on include: When accumulation layer, process layer and presentation layer, the attack detection module, dynamic protection module, traffic monitoring module, flow table manage mould Block, statistics obtain module and node administration module is located at the process layer.
8. the method according to the description of claim 7 is characterized in that the presentation layer includes: that topology checks that module, node are checked Module, statistics check module and protection module;
Topology checks module: call the node administration module, generate and show the network system network topology structure and Information;
Node checks module: calling the node administration module, generates the network information of each node, shows one or more sections The network information of point, the network information include at least: host type, IP address and conversion link information;
Statistics checks module: calling the traffic monitoring module, obtains the real-time traffic of each node, shows one or more sections The current real-time flows amount and/or historical traffic of point;
Protection module: for opening or closing attack detection module.
9. a kind of non-transitory computer-readable storage medium, the non-transitory computer-readable storage medium store instruction is special Sign is that described instruction makes the processor execute the base as described in any in claim 1 to 8 when executed by the processor Step in the attack detection method of the powerline network of Mininet.
10. a kind of attack detecting device of the powerline network based on Mininet, which is characterized in that including processor and such as Non-transitory computer-readable storage medium as claimed in claim 9.
CN201910725314.0A 2019-08-07 2019-08-07 Mininet-based attack detection method and device for power communication network Active CN110381082B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910725314.0A CN110381082B (en) 2019-08-07 2019-08-07 Mininet-based attack detection method and device for power communication network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910725314.0A CN110381082B (en) 2019-08-07 2019-08-07 Mininet-based attack detection method and device for power communication network

Publications (2)

Publication Number Publication Date
CN110381082A true CN110381082A (en) 2019-10-25
CN110381082B CN110381082B (en) 2021-01-26

Family

ID=68258411

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910725314.0A Active CN110381082B (en) 2019-08-07 2019-08-07 Mininet-based attack detection method and device for power communication network

Country Status (1)

Country Link
CN (1) CN110381082B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112380532A (en) * 2020-11-13 2021-02-19 深信服科技股份有限公司 Host risk state determination method and device, electronic equipment and storage medium
CN112600825A (en) * 2020-12-07 2021-04-02 北京微步在线科技有限公司 Attack event detection method and device based on isolation network

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101442413A (en) * 2008-12-22 2009-05-27 西安交通大学 Method for detecting ad hoc network helminth based on neighbor synergic monitoring
CN101572701A (en) * 2009-02-10 2009-11-04 中科正阳信息安全技术有限公司 Security gateway system for resisting DDoS attack for DNS service
CN101729389A (en) * 2008-10-21 2010-06-09 北京启明星辰信息技术股份有限公司 Flow control device and method based on flow prediction and trusted network address learning
US20110055921A1 (en) * 2009-09-03 2011-03-03 Juniper Networks, Inc. Protecting against distributed network flood attacks
CN103561011A (en) * 2013-10-28 2014-02-05 中国科学院信息工程研究所 Method and system for preventing blind DDoS attacks on SDN controllers

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101729389A (en) * 2008-10-21 2010-06-09 北京启明星辰信息技术股份有限公司 Flow control device and method based on flow prediction and trusted network address learning
CN101442413A (en) * 2008-12-22 2009-05-27 西安交通大学 Method for detecting ad hoc network helminth based on neighbor synergic monitoring
CN101572701A (en) * 2009-02-10 2009-11-04 中科正阳信息安全技术有限公司 Security gateway system for resisting DDoS attack for DNS service
US20110055921A1 (en) * 2009-09-03 2011-03-03 Juniper Networks, Inc. Protecting against distributed network flood attacks
CN102014116B (en) * 2009-09-03 2015-01-21 丛林网络公司 Protecting against distributed network flood attacks
CN103561011A (en) * 2013-10-28 2014-02-05 中国科学院信息工程研究所 Method and system for preventing blind DDoS attacks on SDN controllers

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112380532A (en) * 2020-11-13 2021-02-19 深信服科技股份有限公司 Host risk state determination method and device, electronic equipment and storage medium
CN112600825A (en) * 2020-12-07 2021-04-02 北京微步在线科技有限公司 Attack event detection method and device based on isolation network
CN112600825B (en) * 2020-12-07 2021-12-21 北京微步在线科技有限公司 Attack event detection method and device based on isolation network

Also Published As

Publication number Publication date
CN110381082B (en) 2021-01-26

Similar Documents

Publication Publication Date Title
CN106100999B (en) Image network flow control methods in a kind of virtualized network environment
CN105765906B (en) Method, system and computer-readable medium for network function virtualization information concentrator
CN104170323B (en) Fault handling method and device, system based on network function virtualization
CN107544839B (en) Virtual machine migration system, method and device
CN105165054B (en) Network service failure processing method, service management system and system management module
EP2774048B1 (en) Affinity modeling in a data center network
KR102001898B1 (en) Method of processing alarm information, related devices and systems
CN103368768A (en) Automatically scaled network overlay with heuristic monitoring in hybrid cloud environment
CN107690776A (en) For the method and apparatus that feature is grouped into the case for having selectable case border in abnormality detection
CN104618693A (en) Cloud computing based online processing task management method and system for monitoring video
CN106612225A (en) Openstack based agent deployment system and method
CN103812699A (en) Monitoring management system based on cloud computing
CN102770852A (en) Information and communication processing system, method, and network node
CN106254176A (en) A kind of traffic mirroring method based on openvswitch
CN105516292A (en) Hot standby method of cloud platform of intelligent substation
CN104243196A (en) Virtual network mapping protection method and system under SDN architecture
CN104580120A (en) On-demand-service virtualization network intrusion detection method and device
CN113703908A (en) Mimicry virtual network management system
CN105306622A (en) Cloud network convergence domain name analysis system and DNS service method thereof
CN110381082A (en) The attack detection method and device of powerline network based on Mininet
CN108028828A (en) A kind of distributed denial of service ddos attack detection method and relevant device
CN104468504A (en) Monitoring method and system for virtualized network dynamic information security
CN106982244A (en) The method and apparatus that the message mirror of dynamic flow is realized under cloud network environment
CN107645472A (en) A kind of virtual machine traffic detecting system based on OpenFlow
CN105429974B (en) A kind of intrusion prevention system and method towards SDN

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant