CN110381082A - The attack detection method and device of powerline network based on Mininet - Google Patents
The attack detection method and device of powerline network based on Mininet Download PDFInfo
- Publication number
- CN110381082A CN110381082A CN201910725314.0A CN201910725314A CN110381082A CN 110381082 A CN110381082 A CN 110381082A CN 201910725314 A CN201910725314 A CN 201910725314A CN 110381082 A CN110381082 A CN 110381082A
- Authority
- CN
- China
- Prior art keywords
- host
- module
- network
- node
- under fire
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses the attack detection methods and device of a kind of powerline network based on Mininet, this method comprises: obtaining the data packet number and data volume that each host is currently received and dispatched within a preset time, for each host, it executes following operation: judging whether the host meets first condition, it be more than the current data amount of the first preset value and the host is more than the second preset value that first condition, which is the current data packet quantity of the host, if so, obtaining the current network linking number of the host;Judge whether the host meets second condition, second condition is that the current network linking number of the host is more than third preset value, if it is, the host is under fire host.Based on method of the invention, it can quickly and accurately determine under fire host, guarantee network security.
Description
Technical field
The present invention relates to computer field, in particular to the attack detecting of a kind of powerline network based on Mininet
Method and apparatus.
Background technique
With the continuous propulsion and development of powerline network, it is complete that traditional powerline network is unable to satisfy communication network
The requirement of covering, and flexibility, the safety of existing powerline network be all difficult to meet powerline network it is further
Develop required " structure simplification, ubiquitous safety, centralized control ".Instantly the fast development of smart grid, electric system is to letter
The degree of dependence of breath system also shows increasingly increased trend.Electric system will even evolve into the object of a power information
Reason system.The transmission of massive information data will have an impact the performance of powerline network.Under this situation, protection of electrical is logical
Communication network just seems very important and necessity.
On the other hand, continuous universal with internet with the continuous development of computer technology, network attack form layer goes out
Not poor, network security problem becomes increasingly conspicuous, caused by social influence and economic loss it is increasing, Cyberthreat is detected and anti-
It is imperial to propose new demand and challenge.Network attack is one of current main network security threats and network security extremely
The key object of monitoring.It quickly and accurately finds network attack, attack source is promptly and accurately captured, is analyzed, is tracked and monitors,
Knowledge support can be provided for network safety situation index evaluation and immune decision, to improve the whole of network security emergency organization
Body responding ability.
Traditional attack detection method is usually only detected whether there may be network attack, without going identification successful
Network attack, thus the warning information of a large amount of inaccuracy can be generated, and can not Effective selection go out effective information, O&M processing at
This is very high.
Summary of the invention
In view of this, the present invention provides the attack detection method and device of a kind of powerline network based on Mininet,
To solve the problems, such as how quickly and accurately to detect network attack.
The present invention provides a kind of attack detection method of powerline network based on Mininet, this method comprises:
The data packet number and data volume that each host is currently received and dispatched within a preset time are obtained, for each host, is executed
It operates below:
Judge whether the host meets first condition, first condition is that the current data packet quantity of the host is more than first pre-
If being worth and the current data amount of the host being more than the second preset value, if so, obtaining the current network linking number of the host;
Judge whether the host meets second condition, second condition is that the current network linking number of the host is more than third
Preset value, if it is, the host is under fire host.
The present invention also provides a kind of non-transitory computer-readable storage medium, non-transitory computer-readable storage medium storages
Instruction, the attack that instruction makes processor execute the above-mentioned powerline network based on Mininet when executed by the processor are examined
Step in survey method.
The present invention also provides a kind of attack detecting device of powerline network based on Mininet, including processor and
Above-mentioned non-transitory computer-readable storage medium.
The information of web database technology is not only utilized in the attack detection method that the present invention uses, and also uses each master in network
The network connection information of machine can quickly detect unusual host using data volume, it is possible to which host under attack utilizes network
Link information can further ensure that the accuracy of detection, ensure that the accuracy of detection while improving and detecting speed.
Detailed description of the invention
Fig. 1 is that the present invention is based on the flow charts of the attack detection method of the powerline network of Mininet;
Fig. 2 is Mininet network structure of the invention;
Fig. 3 is that the present invention is based on the structure charts of the attack detecting device of the powerline network of Mininet.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer, right in the following with reference to the drawings and specific embodiments
The present invention is described in detail.
Mininet is a software tool, can emulate entire OpenFlow network on one computer by it.
Mininet uses the virtualization technology (Linux network namespace and linux container framework) based on process of lightweight, can
Multiple main frames and interchanger (such as 4096) are run on single operating system nucleus, it can create kernel level and user
The OpenFlow interchanger in space, controller and host to control interchanger, between host can by artificial network into
Row communication.Mininet connects interchanger and host using pairs of virtual ethernet card (virtual Ethernet, veth),
Greatly simplifie exploitation, misarrangement, test and the deployment process of initial stage.New network application can be first in quasi- on-premise network
Emulation platform on carry out exploitation test, in the network facilities for then moving to actual motion again.
The present invention is based on the powerline network of Mininet building " structure is simplified, ubiquitous safety, centralized control ", and base
In network implementations attack detection method of the invention.
The present invention is based on the attack detection methods of the powerline network of Mininet, as shown in Figure 1, comprising:
S101: obtaining the data packet number and data volume that each host is currently received and dispatched within a preset time, for each host,
Execute following operation:
When each host information of acquisition are as follows: when the data volume of data packet number and each data packet, obtained by accumulative operation
The data volume currently received and dispatched within a preset time to each host.
S102: judging whether the host meets first condition, and first condition is that the current data packet quantity of the host is more than
The current data amount of first preset value and the host is more than the second preset value, if so, obtaining the current network connection of the host
Number;
S103: judging whether the host meets second condition, and second condition is that the current network linking number of the host is super
Third preset value is crossed, if it is, the host is under fire host.
First preset value, the second preset value, third preset value rule of thumb set, or are set according to historical data, this hair
It is bright not limit this.
The information of web database technology is not only utilized in the attack detection method that the present invention uses, and also uses each master in network
The network connection information of machine can quickly detect unusual host using data volume, it is possible to which host under attack utilizes network
Link information can further ensure that the accuracy of detection, ensure that the accuracy of detection while improving and detecting speed.
On the other hand, it supports to run the attack detection method in network the present invention is based on the powerline network of Mininet
System can obtain portablely first condition and second condition needed for data, ensured attack detection method of the invention
Operation is implemented, and greatly improves the execution efficiency of attack detection method.
Further, after S103 detects " under fire host ", automatic trigger step S104 is as follows:
S104: for each under fire host, following operation is executed:
S105: the conversion link information with the under fire direct-connected all nodes of host is obtained;
" with the under fire direct-connected node of host " it is interchanger in S105, is responsible for the forwarding of data.
S106: according to each conversion link information, generating the protection flow table of corresponding node and be issued to the node, protection stream
The data of table makes the to be forwarded to the node and destination address under fire host are no longer sent to the under fire host.
S104 to S106 is that the prevention policies of " under fire host " just make " under fire to lead after discovery " under fire host "
The upper interchanger of machine " blocks the data for being sent to " under fire host ", realizes the offline isolation of " under fire host ".
Wherein, protection flow table includes at least following 2 kinds and other can be by the method for data blackout:
1st kind: protection flow table is all abandoned the data that the node and destination address are the under fire host are forwarded to;
2nd kind: protection flow table will be forwarded to the data that the node and destination address are the under fire host be transferred to it is any
There is no nodes.
Will " under fire host " offline isolation when, although blocking " under fire host " and " attack source ", also shadow simultaneously
The regular traffic of " under fire host " is rung.
In order to not influence the regular traffic of " under fire host ", it is as follows S106 can be replaced with into S107:
S107: according to this, under fire the current data packet quantity of host and the data volume of each data packet determine this under fire
The attack source of host;According to each conversion link information, generates the protection flow table of corresponding node and be issued to the node, protection stream
That table makes to be forwarded to the node and source address attack source and destination address are that the data of the under fire host are no longer sent to this
Under fire host.
The method of the present invention is applied to support the Mininet network of OpenFlow agreement, realizes for the ease of the method for the present invention,
It is proposed network system architecture or structure as shown in Figure 2, until it is lower and on be respectively as follows: accumulation layer, process layer and presentation layer.
As shown in Fig. 2, the system client interface of presentation layer correspondence system framework, main to realize user to system operatio
Interface;The process layer of the server of the process layer correspondence system framework of middle layer, by network management module, network topology management,
Remote control management module and system log management module composition, what the task that main realization system needs user was carried out
Concrete operations;The accumulation layer of the accumulation layer corresponding server of bottom, is made of data processing module and data source, main to realize system
System to data can persistence.It is specifically described as follows:
Accumulation layer includes data processing module, and data processing module mainly realizes the sequence of operations to perdurable data,
The inquiry of network topological information, user information and operation log, and the modification for these information.
Process layer includes the big module of network management, the big module of the remote control management and the big module of network topology management.
The big module of network management, by node administration module, dynamic protection module, traffic monitoring module, attack detection module
It constitutes.
When user is after presentation layer triggers protection module, the attack detection module of automatic trigger process layer is executed, attack inspection
The method for surveying module calling figure 1.
After attack detection module exports " under fire host ", but automatic trigger dynamic protection module, dynamic protection module
The method for calling S104 to S106 (or S107).
Traffic monitoring module: calling statistics to obtain module, the flow information of the current all links of network is obtained, according to current
The flow information of all links obtains the data packet number and data volume that each host is currently received and dispatched within a preset time, or according to working as
The flow information of preceding all links obtains the data packet number and data volume that each node is currently received and dispatched within a preset time.Attack inspection
Module is surveyed by calling traffic monitoring module to obtain the " data packet number and data that each host is currently received and dispatched within a preset time
Amount ".
Node administration module: providing the network connection information of each host, and network connection information includes the current of each host
It is connected to the network number.Attack detection module obtains " the current network linking number of each machine " by node administration module.
The big module of the remote control management obtains module by statistics and flow table management module is constituted.
Statistics obtains module: providing the flow information of the current all links of network;Traffic monitoring module is by calling statistics
Obtain the flow information that module obtains current all links.
Flow table management module, the method for calling S106 or S107.
The big module of network topology management obtains module composition by topological creation module, topology.
Topological creation module, the main creation for realizing network topology in network system.
Topology obtains module, the main acquisition realized to network topological information.
Presentation layer checks that module, node check that module, statistics check module and protection module comprising topology.
Topology checks module, and by calling topology to obtain module, realization user checks the network topological information of network system,
All kinds of node numbers in network, the connection relationship between node pass through figure and show.
Node checks module, calls node administration module, generates the network information of each node, shows one or more sections
The network information of point, the network information include at least: host type, IP address and conversion link information;
Statistics checks module, calls traffic monitoring module, obtains the real-time traffic of each node, shows one or more sections
The current real-time flows amount and/or historical traffic of point.
Protection module, for opening or closing attack detection module, and real-time exhibition protection process, user can choose
The protecting effect that attack detecting and dynamic protection are turned on or off to understand dynamic protection for network system, can complete pair
In network topology the identification of network attack i.e. system intrusion detection and be directed to invasion select suitable prevention policies with
Dynamic protection is completed, and information flow or network partition variation in real-time exhibition protection process.
The present invention also provides a kind of non-transitory computer-readable storage medium, non-transitory computer-readable storage medium storages
Instruction, the attack that instruction makes processor execute the above-mentioned powerline network based on Mininet when executed by the processor are examined
Step in survey method.
The present invention also provides a kind of attack detecting device of powerline network based on Mininet, including processor and
Above-mentioned non-transitory computer-readable storage medium.
As shown in figure 3, the present invention is based on the attack detecting devices of the powerline network of Mininet, comprising:
First acquisition module: obtaining the data packet number and data volume that each host is currently received and dispatched within a preset time, for
Each host executes following operation:
First judgment module: judging whether the host meets first condition, and first condition is the current data packet of the host
Quantity is more than that the current data amount of the first preset value and the host is more than the second preset value, if so, obtaining the current of the host
It is connected to the network number;
Second judgment module: judging whether the host meets second condition, and second condition is that the current network of the host connects
Number is connect more than third preset value, if it is, the host is under fire host.
Further returning apparatus further include:
Dynamic protection module: for each under fire host, following operation is executed:
Second obtains module: obtaining the conversion link information with the under fire direct-connected all nodes of host;
Flow table management module: it according to each conversion link information, generates the protection flow table of corresponding node and is issued to the section
Point, protection flow table makes to be forwarded to the node and destination address this under fire the data of host are no longer sent to this and under fire lead
Machine.
Wherein, protection flow table make to be forwarded to the node and the data of the destination address under fire host be no longer sent to
Under fire host includes: that flow table is protected all to lose the data that the node and destination address are the under fire host are forwarded to for this
It abandons, or protection flow table will be forwarded to the data that the node and destination address are the under fire host and be transferred to that any there is no sections
Point.
Flow table management module or are as follows: according to the data of under fire the current data packet quantity and each data packet of host
Amount determines the attack source of the under fire host;According to each conversion link information, generates the protection flow table of corresponding node and issue
To the node, protecting that flow table makes to be forwarded to the node and source address attack source and destination address are the under fire host
Data are no longer sent to the under fire host.
The device be applied to support OpenFlow agreement Mininet network, network system include: attack detection module,
Traffic monitoring module, statistics obtain module and node administration module;
Attack detection module: network attack detection device is called;
Statistics obtains module: providing the flow information of the current all links of network;
Traffic monitoring module: calling statistics to obtain module, the flow information of the current all links of network is obtained, according to current
The flow information of all links obtains the data packet number and data volume that each host is currently received and dispatched within a preset time;
Node administration module: providing the network connection information of each host, and network connection information includes the current of each host
It is connected to the network number.
Further, network system further include: dynamic protection module, node administration module and flow table management module;
Node administration module: the conversion link information of each node in network is provided;
When the structure of network system to it is lower and on include: accumulation layer, process layer and presentation layer when, it is attack detection module, dynamic
State protection module, traffic monitoring module, flow table management module, statistics obtain module and node administration module is located at process layer.
Presentation layer includes: that topology checks that module, node check that module, statistics check module and protection module;
Topology checks module: calling node administration module, generates and show the network topology structure and information of network system;
Node checks module: calling node administration module, generates the network information of each node, shows one or more sections
The network information of point, the network information include at least: host type, IP address and conversion link information;
Statistics checks module: calling traffic monitoring module, obtains the real-time traffic of each node, shows one or more sections
The current real-time flows amount and/or historical traffic of point;
Protection module: for opening or closing attack detection module.
It should be noted that the present invention is based on the embodiment of the attack detecting device of the powerline network of Mininet, with
The embodiment principle of the attack detection method of powerline network based on Mininet is identical, and related place can mutual reference.
The foregoing is merely illustrative of the preferred embodiments of the present invention, not to limit scope of the invention, it is all
Within the spirit and principle of technical solution of the present invention, any modification, equivalent substitution, improvement and etc. done should be included in this hair
Within bright protection scope.
Claims (10)
1. a kind of attack detection method of the powerline network based on Mininet, which is characterized in that the described method includes:
The data packet number and data volume that each host is currently received and dispatched within a preset time are obtained, for each host, is executed following
Operation:
Judge whether the host meets first condition, the first condition is that the current data packet quantity of the host is more than first pre-
If being worth and the current data amount of the host being more than the second preset value, if so, obtaining the current network linking number of the host;
Judge whether the host meets second condition, the second condition is that the current network linking number of the host is more than third
Preset value, if it is, the host is under fire host.
2. the method according to claim 1, wherein the method further includes:
For each under fire host, following operation is executed:
Obtain the conversion link information with the under fire direct-connected all nodes of host;
According to each conversion link information, generates the protection flow table of corresponding node and be issued to the node, the protection stream
The data of table makes the to be forwarded to the node and destination address under fire host are no longer sent to the under fire host.
3. according to the method described in claim 2, it is characterized in that, the protection flow table makes to be forwarded to the node and destination
Location be the data of the under fire host be no longer sent to this under fire host include: the protection flow table will be forwarded to the node and
For this, under fire the data whole discarding of host or the protection flow table will be forwarded to the node and destination address to destination address
It is transferred to that any there is no nodes for the data of the under fire host.
4. according to the method described in claim 2, it is characterized in that,
It is described according to each conversion link information before further include: according to this under fire the current data packet quantity of host and
The data volume of each data packet determines the attack source of the under fire host;
That the protection flow table makes to be forwarded to the node and the source address attack source and destination address are the under fire host
Data be no longer sent to the under fire host.
5. the method according to claim 1, wherein the method is applied to support OpenFlow agreement
Mininet network, the network system include: attack detection module, traffic monitoring module, statistics acquisition module and node administration
Module;
Attack detection module: for executing the network attack detecting method;
Statistics obtains module: providing the flow information of the current all links of the network;
Traffic monitoring module: calling statistics acquisition module, obtains the flow information of the current all links of the network, according to
The flow information of current all links obtains the data packet number sum number that each host is currently received and dispatched within a preset time
According to amount;
Node administration module: providing the network connection information of each host, and the network connection information includes the current of each host
It is connected to the network number.
6. according to the method described in claim 2, it is characterized in that, the method is applied to support OpenFlow agreement
Mininet network, the network system include: dynamic protection module, node administration module and flow table management module;
Dynamic protection module: it is described for each under fire host for executing, execute following operation;
Node administration module: the conversion link information of each node in the network is provided;
Flow table management module: for generating the protection flow table of corresponding node and being issued to according to each conversion link information
The node.
7. method according to claim 5 or 6, which is characterized in that when the network system structure to it is lower and on include:
When accumulation layer, process layer and presentation layer, the attack detection module, dynamic protection module, traffic monitoring module, flow table manage mould
Block, statistics obtain module and node administration module is located at the process layer.
8. the method according to the description of claim 7 is characterized in that the presentation layer includes: that topology checks that module, node are checked
Module, statistics check module and protection module;
Topology checks module: call the node administration module, generate and show the network system network topology structure and
Information;
Node checks module: calling the node administration module, generates the network information of each node, shows one or more sections
The network information of point, the network information include at least: host type, IP address and conversion link information;
Statistics checks module: calling the traffic monitoring module, obtains the real-time traffic of each node, shows one or more sections
The current real-time flows amount and/or historical traffic of point;
Protection module: for opening or closing attack detection module.
9. a kind of non-transitory computer-readable storage medium, the non-transitory computer-readable storage medium store instruction is special
Sign is that described instruction makes the processor execute the base as described in any in claim 1 to 8 when executed by the processor
Step in the attack detection method of the powerline network of Mininet.
10. a kind of attack detecting device of the powerline network based on Mininet, which is characterized in that including processor and such as
Non-transitory computer-readable storage medium as claimed in claim 9.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910725314.0A CN110381082B (en) | 2019-08-07 | 2019-08-07 | Mininet-based attack detection method and device for power communication network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910725314.0A CN110381082B (en) | 2019-08-07 | 2019-08-07 | Mininet-based attack detection method and device for power communication network |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110381082A true CN110381082A (en) | 2019-10-25 |
CN110381082B CN110381082B (en) | 2021-01-26 |
Family
ID=68258411
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910725314.0A Active CN110381082B (en) | 2019-08-07 | 2019-08-07 | Mininet-based attack detection method and device for power communication network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110381082B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112380532A (en) * | 2020-11-13 | 2021-02-19 | 深信服科技股份有限公司 | Host risk state determination method and device, electronic equipment and storage medium |
CN112600825A (en) * | 2020-12-07 | 2021-04-02 | 北京微步在线科技有限公司 | Attack event detection method and device based on isolation network |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101442413A (en) * | 2008-12-22 | 2009-05-27 | 西安交通大学 | Method for detecting ad hoc network helminth based on neighbor synergic monitoring |
CN101572701A (en) * | 2009-02-10 | 2009-11-04 | 中科正阳信息安全技术有限公司 | Security gateway system for resisting DDoS attack for DNS service |
CN101729389A (en) * | 2008-10-21 | 2010-06-09 | 北京启明星辰信息技术股份有限公司 | Flow control device and method based on flow prediction and trusted network address learning |
US20110055921A1 (en) * | 2009-09-03 | 2011-03-03 | Juniper Networks, Inc. | Protecting against distributed network flood attacks |
CN103561011A (en) * | 2013-10-28 | 2014-02-05 | 中国科学院信息工程研究所 | Method and system for preventing blind DDoS attacks on SDN controllers |
-
2019
- 2019-08-07 CN CN201910725314.0A patent/CN110381082B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101729389A (en) * | 2008-10-21 | 2010-06-09 | 北京启明星辰信息技术股份有限公司 | Flow control device and method based on flow prediction and trusted network address learning |
CN101442413A (en) * | 2008-12-22 | 2009-05-27 | 西安交通大学 | Method for detecting ad hoc network helminth based on neighbor synergic monitoring |
CN101572701A (en) * | 2009-02-10 | 2009-11-04 | 中科正阳信息安全技术有限公司 | Security gateway system for resisting DDoS attack for DNS service |
US20110055921A1 (en) * | 2009-09-03 | 2011-03-03 | Juniper Networks, Inc. | Protecting against distributed network flood attacks |
CN102014116B (en) * | 2009-09-03 | 2015-01-21 | 丛林网络公司 | Protecting against distributed network flood attacks |
CN103561011A (en) * | 2013-10-28 | 2014-02-05 | 中国科学院信息工程研究所 | Method and system for preventing blind DDoS attacks on SDN controllers |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112380532A (en) * | 2020-11-13 | 2021-02-19 | 深信服科技股份有限公司 | Host risk state determination method and device, electronic equipment and storage medium |
CN112600825A (en) * | 2020-12-07 | 2021-04-02 | 北京微步在线科技有限公司 | Attack event detection method and device based on isolation network |
CN112600825B (en) * | 2020-12-07 | 2021-12-21 | 北京微步在线科技有限公司 | Attack event detection method and device based on isolation network |
Also Published As
Publication number | Publication date |
---|---|
CN110381082B (en) | 2021-01-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106100999B (en) | Image network flow control methods in a kind of virtualized network environment | |
CN105765906B (en) | Method, system and computer-readable medium for network function virtualization information concentrator | |
CN104170323B (en) | Fault handling method and device, system based on network function virtualization | |
CN107544839B (en) | Virtual machine migration system, method and device | |
CN105165054B (en) | Network service failure processing method, service management system and system management module | |
EP2774048B1 (en) | Affinity modeling in a data center network | |
KR102001898B1 (en) | Method of processing alarm information, related devices and systems | |
CN103368768A (en) | Automatically scaled network overlay with heuristic monitoring in hybrid cloud environment | |
CN107690776A (en) | For the method and apparatus that feature is grouped into the case for having selectable case border in abnormality detection | |
CN104618693A (en) | Cloud computing based online processing task management method and system for monitoring video | |
CN106612225A (en) | Openstack based agent deployment system and method | |
CN103812699A (en) | Monitoring management system based on cloud computing | |
CN102770852A (en) | Information and communication processing system, method, and network node | |
CN106254176A (en) | A kind of traffic mirroring method based on openvswitch | |
CN105516292A (en) | Hot standby method of cloud platform of intelligent substation | |
CN104243196A (en) | Virtual network mapping protection method and system under SDN architecture | |
CN104580120A (en) | On-demand-service virtualization network intrusion detection method and device | |
CN113703908A (en) | Mimicry virtual network management system | |
CN105306622A (en) | Cloud network convergence domain name analysis system and DNS service method thereof | |
CN110381082A (en) | The attack detection method and device of powerline network based on Mininet | |
CN108028828A (en) | A kind of distributed denial of service ddos attack detection method and relevant device | |
CN104468504A (en) | Monitoring method and system for virtualized network dynamic information security | |
CN106982244A (en) | The method and apparatus that the message mirror of dynamic flow is realized under cloud network environment | |
CN107645472A (en) | A kind of virtual machine traffic detecting system based on OpenFlow | |
CN105429974B (en) | A kind of intrusion prevention system and method towards SDN |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |