CN110381082B - Mininet-based attack detection method and device for power communication network - Google Patents
Mininet-based attack detection method and device for power communication network Download PDFInfo
- Publication number
- CN110381082B CN110381082B CN201910725314.0A CN201910725314A CN110381082B CN 110381082 B CN110381082 B CN 110381082B CN 201910725314 A CN201910725314 A CN 201910725314A CN 110381082 B CN110381082 B CN 110381082B
- Authority
- CN
- China
- Prior art keywords
- host
- module
- network
- node
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method and a device for detecting attacks of a Mininet-based power communication network, wherein the method comprises the following steps: acquiring the quantity of data packets and the quantity of data which are currently transmitted and received by each host within preset time, and executing the following operations for each host: judging whether the host meets a first condition, wherein the first condition is that the current data packet quantity of the host exceeds a first preset value and the current data quantity of the host exceeds a second preset value, and if so, acquiring the current network connection quantity of the host; and judging whether the host meets a second condition, wherein the second condition is that the current network connection number of the host exceeds a third preset value, and if so, the host is an attacked host. Based on the method of the invention, the attacked host can be determined quickly and accurately, and the network security is ensured.
Description
Technical Field
The invention relates to the field of computers, in particular to a method and a device for detecting attacks of a Mininet-based power communication network.
Background
With the continuous promotion and development of the power communication network, the traditional power communication network cannot meet the requirement of full coverage of the communication network, and the flexibility and the safety of the existing power communication network cannot meet the requirement of 'simplified structure, ubiquitous safety and centralized control' required by the further development of the power communication network. With the rapid development of smart power grids, the dependence degree of a power system on an information system also shows a trend of increasing. The power system is even about to evolve into a physical system of power information. The transmission of massive information data will have an impact on the performance of the power communication network. In this situation, it is critical and necessary to protect the power communication network.
On the other hand, with the continuous development of computer technology and the continuous popularization of the internet, the form of network attack is endless, the network security problem is increasingly prominent, the social impact and the economic loss caused by the network attack are larger and larger, and new requirements and challenges are provided for network threat detection and defense. The network attack abnormity is one of the main network security threats at present and is also a key object for network security monitoring. The network attack can be quickly and accurately found, the attack source can be timely and accurately captured, analyzed, tracked and monitored, and knowledge support can be provided for network security situation index evaluation and immune decision-making, so that the overall response capability of the network security emergency organization is improved.
The traditional attack detection method usually only detects whether the network attack is possible to exist, but does not identify the successful network attack, so that a large amount of inaccurate alarm information can be generated, effective information cannot be effectively screened, and the operation and maintenance processing cost is very high.
Disclosure of Invention
In view of this, the present invention provides a method and an apparatus for detecting attacks on a Mininet-based power communication network, so as to solve the problem of how to quickly and accurately detect network attacks.
The invention provides an attack detection method of a Mininet-based power communication network, which comprises the following steps:
acquiring the quantity of data packets and the quantity of data which are currently transmitted and received by each host within preset time, and executing the following operations for each host:
judging whether the host meets a first condition, wherein the first condition is that the current data packet quantity of the host exceeds a first preset value and the current data quantity of the host exceeds a second preset value, and if so, acquiring the current network connection quantity of the host;
and judging whether the host meets a second condition, wherein the second condition is that the current network connection number of the host exceeds a third preset value, and if so, the host is an attacked host.
The present invention also provides a non-transitory computer readable storage medium storing instructions that, when executed by a processor, cause the processor to perform the steps in the method of detecting an attack on a Mininet based power communication network described above.
The invention also provides an attack detection device of the Mininet-based power communication network, which comprises a processor and the non-transitory computer-readable storage medium.
The attack detection method not only utilizes the information of the network data volume, but also utilizes the network connection information of each host in the network, and can quickly detect the abnormal host by utilizing the data volume, namely the host which can be attacked, and further ensure the detection accuracy by utilizing the network connection information, thereby improving the detection speed and ensuring the detection accuracy.
Drawings
Fig. 1 is a flowchart of an attack detection method of a Mininet-based power communication network according to the present invention;
FIG. 2 is a diagram of a MINinet network architecture of the present invention;
fig. 3 is a configuration diagram of an attack detection device of a Mininet-based power communication network according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in detail with reference to the accompanying drawings and specific embodiments.
Mininet is a software tool by which the entire OpenFlow network can be emulated on one computer. Mininet uses lightweight process-based virtualization technologies (Linux web namespace and Linux container architecture) that can run multiple hosts and switches (e.g., 4096) on a single operating system kernel, which can create kernel-level and user-space OpenFlow switches, controllers to control the switches, and hosts that can communicate over an emulated network between hosts. Mininet uses paired virtual Ethernet cards (veth) to connect the switch and the host, greatly simplifying the development, debugging, testing and deployment processes in the initial stage. The new network application can be developed and tested on a simulation platform of which the network is to be deployed, and then be migrated to an actually-operated network facility.
The invention constructs a power communication network with simplified structure, ubiquitous safety and centralized control based on Mininet and realizes the attack detection method based on the network.
The attack detection method of the power communication network based on Mininet of the invention, as shown in figure 1, includes:
s101: acquiring the quantity of data packets and the quantity of data which are currently transmitted and received by each host within preset time, and executing the following operations for each host:
when the obtained information of each host is as follows: and when the number of the data packets and the data volume of each data packet are calculated, the data volume transmitted and received by each host within the preset time is obtained through accumulative calculation.
S102: judging whether the host meets a first condition, wherein the first condition is that the current data packet quantity of the host exceeds a first preset value and the current data quantity of the host exceeds a second preset value, and if so, acquiring the current network connection quantity of the host;
s103: and judging whether the host meets a second condition, wherein the second condition is that the current network connection number of the host exceeds a third preset value, and if so, the host is an attacked host.
The first preset value, the second preset value and the third preset value are set according to experience or historical data, which is not limited in the present invention.
The attack detection method not only utilizes the information of the network data volume, but also utilizes the network connection information of each host in the network, and can quickly detect the abnormal host by utilizing the data volume, namely the host which can be attacked, and further ensure the detection accuracy by utilizing the network connection information, thereby improving the detection speed and ensuring the detection accuracy.
On the other hand, the Mininet-based power communication network supports the system for operating the attack detection method in the network to be capable of acquiring the data required by the first condition and the second condition in a portable manner, so that the operation implementation of the attack detection method is guaranteed, and the execution efficiency of the attack detection method is greatly improved.
Further, when S103 detects an "attacked host", step S104 is automatically triggered as follows:
s104: for each attacked host, performing the following operations:
s105: acquiring forwarding link information of all nodes directly connected with the attacked host;
in S105, the "node directly connected to the attacked host" is a switch and is responsible for forwarding data.
S106: and generating a protection flow table of the corresponding node according to each forwarding link information and issuing the protection flow table to the node, wherein the protection flow table ensures that the data which is forwarded to the node and has the destination address of the attacked host is not sent to the attacked host any more.
S104 to S106 are protection strategies of the attacked host, and when the attacked host is found, the data sent to the attacked host is blocked by an upstream switch of the attacked host, so that offline isolation of the attacked host is realized.
The protection flow table at least comprises the following 2 methods and other methods capable of blocking data:
the 1 st: the protection flow table forwards the data to the node, and the data with the destination address of the attacked host is completely discarded;
the 2 nd: the protection flow table transfers the data forwarded to the node and addressed to the attacked host to any non-existing node.
When the 'attacked host' is offline and isolated, the 'attacked host' is blocked from the 'attack source', but the normal service of the 'attacked host' is also influenced.
In order not to affect the normal traffic of the "attacked host", S106 may be replaced with S107 as follows:
s107: determining an attack source of the attacked host according to the current data packet quantity of the attacked host and the data quantity of each data packet; and generating a protection flow table of the corresponding node according to each forwarding link information and issuing the protection flow table to the node, wherein the protection flow table ensures that the data which is forwarded to the node and has a source address as an attack source and a destination address as the attacked host is not sent to the attacked host any more.
The method of the present invention is applied to a Mininet network supporting an OpenFlow protocol, and in order to facilitate the implementation of the method of the present invention, a network system architecture or structure as shown in fig. 2 is proposed, which includes: a storage layer, a handle layer and a presentation layer.
As shown in fig. 2, the display layer corresponds to a system client interface of the system architecture, and mainly implements an interface for a user to operate the system; the processing layer of the middle layer corresponds to the processing layer of the server of the system architecture and consists of a network management module, a network topology management module, a remote control management module and a system log management module, and the specific operation of the system on tasks required by a user is mainly realized; the storage layer of the bottom layer corresponding to the storage layer of the server consists of a data processing module and a data source, and mainly realizes the persistence of the system to the data. The specific introduction is as follows:
and the storage layer comprises a data processing module, and the data processing module is mainly used for realizing a series of operations on the persistent data, the query of network topology information, user information and operation logs and the modification of the information.
And the processing layer comprises a network management big module, a remote control management big module and a network topology management big module.
The network management big module consists of a node management module, a dynamic protection module, a flow monitoring module and an attack detection module.
After a user triggers the protection module at the display layer, the attack detection module of the processing layer is automatically triggered to execute, and the attack detection module calls the method of FIG. 1.
When the attack detection module outputs the 'attacked host', the dynamic protection module is automatically triggered, and the dynamic protection module calls the methods from S104 to S106 (or S107).
A flow monitoring module: and calling a statistic acquisition module to acquire the flow information of all current links of the network, and obtaining the data packet quantity and the data quantity of each host which is currently received and transmitted within the preset time according to the flow information of all the current links, or obtaining the data packet quantity and the data quantity of each node which is currently received and transmitted within the preset time according to the flow information of all the current links. The attack detection module acquires 'the number of data packets and the data volume of each host which are currently received and transmitted within the preset time' by calling the flow monitoring module.
A node management module: network connection information is provided for each host, the network connection information including a current number of network connections for each host. The attack detection module acquires 'the current network connection number of each machine' through the node management module.
The remote control management big module consists of a statistics acquisition module and a flow table management module.
A statistic acquisition module: providing flow information of all current links of the network; the flow monitoring module acquires the flow information of all current links by calling the statistic acquisition module.
And a flow table management module calling the method of S106 or S107.
The network topology management big module consists of a topology creating module and a topology obtaining module.
And the topology creating module is mainly used for creating the network topology in the network system.
And the topology acquisition module is mainly used for acquiring network topology information.
And the display layer comprises a topology checking module, a node checking module, a statistic checking module and a protection module.
And the topology checking module is used for realizing that a user checks the network topology information of the network system, the number of various nodes in the network and the connection relation between the nodes are displayed through a graph by calling the topology obtaining module.
The node checking module calls the node management module, generates network information of each node, and displays the network information of one or more nodes, wherein the network information at least comprises: host type, IP address and forwarding link information;
and the statistics viewing module calls the flow monitoring module to acquire the real-time flow of each node and display the current real-time flow and/or historical flow of one or more nodes.
The protection module is used for opening or closing the attack detection module and displaying the protection process in real time, a user can select to open or close attack detection and dynamic protection to know the protection effect of the dynamic protection on a network system, can finish the identification of network attacks in network topology, namely system intrusion detection and the selection of a proper protection strategy aiming at the intrusion to finish the dynamic protection, and can display information flow or network partition change in the protection process in real time.
The present invention also provides a non-transitory computer readable storage medium storing instructions that, when executed by a processor, cause the processor to perform the steps in the method of detecting an attack on a Mininet based power communication network described above.
The invention also provides an attack detection device of the Mininet-based power communication network, which comprises a processor and the non-transitory computer-readable storage medium.
As shown in fig. 3, the Mininet-based attack detection device for a power communication network according to the present invention includes:
a first obtaining module: acquiring the quantity of data packets and the quantity of data which are currently transmitted and received by each host within preset time, and executing the following operations for each host:
a first judgment module: judging whether the host meets a first condition, wherein the first condition is that the current data packet quantity of the host exceeds a first preset value and the current data quantity of the host exceeds a second preset value, and if so, acquiring the current network connection quantity of the host;
a second judging module: and judging whether the host meets a second condition, wherein the second condition is that the current network connection number of the host exceeds a third preset value, and if so, the host is an attacked host.
The further still device still includes:
the dynamic protection module: for each attacked host, performing the following operations:
a second obtaining module: acquiring forwarding link information of all nodes directly connected with the attacked host;
a flow table management module: and generating a protection flow table of the corresponding node according to each forwarding link information and issuing the protection flow table to the node, wherein the protection flow table ensures that the data which is forwarded to the node and has the destination address of the attacked host is not sent to the attacked host any more.
Wherein the protecting flow table makes the data forwarded to the node and having the destination address of the attacked host not be sent to the attacked host any more includes: the protection flow table discards all the data forwarded to the node and addressed to the attacked host, or the protection flow table transfers the data forwarded to the node and addressed to the attacked host to any non-existing node.
The flow table management module is either: determining an attack source of the attacked host according to the current data packet quantity of the attacked host and the data quantity of each data packet; and generating a protection flow table of the corresponding node according to each forwarding link information and issuing the protection flow table to the node, wherein the protection flow table ensures that the data which is forwarded to the node and has a source address as an attack source and a destination address as the attacked host is not sent to the attacked host any more.
The device is applied to a Mininet network supporting an OpenFlow protocol, and the network system comprises: the system comprises an attack detection module, a flow monitoring module, a statistic acquisition module and a node management module;
an attack detection module: calling a network attack detection device;
a statistic acquisition module: providing flow information of all current links of the network;
a flow monitoring module: calling a statistic acquisition module to acquire the flow information of all current links of the network, and acquiring the number of data packets and the data volume of each host which is currently received and transmitted within a preset time according to the flow information of all the current links;
a node management module: network connection information is provided for each host, the network connection information including a current number of network connections for each host.
Further, the network system further includes: the system comprises a dynamic protection module, a node management module and a flow table management module;
a node management module: providing forwarding link information of each node in the network;
when the network system is structured as follows: and when the storage layer, the processing layer and the display layer are arranged, the attack detection module, the dynamic protection module, the flow monitoring module, the flow table management module, the statistic acquisition module and the node management module are positioned in the processing layer.
The display layer includes: the system comprises a topology viewing module, a node viewing module, a statistic viewing module and a protection module;
a topology viewing module: calling a node management module to generate and display a network topology structure and information of the network system;
a node viewing module: calling a node management module, generating network information of each node, and displaying the network information of one or more nodes, wherein the network information at least comprises: host type, IP address and forwarding link information;
a statistics viewing module: calling a flow monitoring module, acquiring the real-time flow of each node, and displaying the current real-time flow and/or historical flow of one or more nodes;
a protection module: for turning on or off the attack detection module.
The principles of the embodiments of the Mininet-based power communication network attack detection device according to the present invention are the same as those of the Mininet-based power communication network attack detection method, and the relevant points may be referred to each other.
The above description is only exemplary of the present invention and should not be taken as limiting the scope of the present invention, and any modifications, equivalents, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (9)
1. A Mininet-based attack detection method for a power communication network is characterized by comprising the following steps:
acquiring the quantity of data packets and the quantity of data which are currently transmitted and received by each host within preset time, and executing the following operations for each host:
judging whether the host meets a first condition, wherein the first condition is that the current data packet quantity of the host exceeds a first preset value and the current data quantity of the host exceeds a second preset value, and if so, acquiring the current network connection quantity of the host;
judging whether the host meets a second condition, wherein the second condition is that the current network connection number of the host exceeds a third preset value, and if so, the host is an attacked host;
for each attacked host, performing the following operations:
acquiring forwarding link information of all nodes directly connected with the attacked host;
and generating a protection flow table of the corresponding node according to each forwarding link information, and issuing the protection flow table to the node, wherein the protection flow table ensures that the data which is forwarded to the node and has the destination address of the attacked host is not sent to the attacked host any more.
2. The method of claim 1, wherein the preventing the flow table from causing data forwarded to the node and addressed to the attacked host to be no longer sent to the attacked host comprises: and the protection flow table discards all the data forwarded to the node and with the destination address of the attacked host, or the protection flow table transfers the data forwarded to the node and with the destination address of the attacked host to any non-existing node.
3. The method of claim 1,
the method further comprises the following steps before the step of forwarding the link information according to each piece of forwarding link information: determining an attack source of the attacked host according to the current data packet quantity of the attacked host and the data quantity of each data packet;
and the protection flow table enables the data which is forwarded to the node and has the source address as the attack source and the destination address as the attacked host not to be sent to the attacked host any more.
4. The method according to claim 1, wherein the method is applied to a Mininet network supporting the OpenFlow protocol, and the network system comprises: the system comprises an attack detection module, a flow monitoring module, a statistic acquisition module and a node management module;
an attack detection module: for executing the network attack detection method;
a statistic acquisition module: providing the flow information of all current links of the network;
a flow monitoring module: calling the statistic acquisition module to acquire the flow information of all current links of the network, and acquiring the number of data packets and the data volume of each host which are transmitted and received currently within a preset time according to the flow information of all current links;
a node management module: providing network connection information for each host, the network connection information including a current number of network connections for each host.
5. The method according to claim 1, wherein the method is applied to a Mininet network supporting the OpenFlow protocol, and the network system comprises: the system comprises a dynamic protection module, a node management module and a flow table management module;
the dynamic protection module: for executing the operation aiming at each attacked host, the following operations are executed;
a node management module: providing forwarding link information of each node in the network;
a flow table management module: and the protection flow table is used for generating the protection flow table of the corresponding node according to each forwarding link information and issuing the protection flow table to the node.
6. The method according to claim 4 or 5, wherein the network system comprises, when the structure is from bottom to top: and when the storage layer, the processing layer and the display layer are arranged, the attack detection module, the dynamic protection module, the flow monitoring module, the flow table management module, the statistic acquisition module and the node management module are arranged in the processing layer.
7. The method of claim 6, wherein the presentation layer comprises: the system comprises a topology viewing module, a node viewing module, a statistic viewing module and a protection module;
a topology viewing module: calling the node management module to generate and display a network topology structure and information of the network system;
a node viewing module: calling the node management module, generating network information of each node, and displaying the network information of one or more nodes, wherein the network information at least comprises: host type, IP address and forwarding link information;
a statistics viewing module: calling the flow monitoring module, acquiring the real-time flow of each node, and displaying the current real-time flow and/or historical flow of one or more nodes;
a protection module: for turning on or off the attack detection module.
8. A non-transitory computer readable storage medium storing instructions which, when executed by a processor, cause the processor to perform the steps in the method of attack detection for a Mininet based power communication network of any one of claims 1 to 7.
9. A Mininet-based attack detection device for a power communication network, comprising a processor and the non-transitory computer-readable storage medium of claim 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910725314.0A CN110381082B (en) | 2019-08-07 | 2019-08-07 | Mininet-based attack detection method and device for power communication network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910725314.0A CN110381082B (en) | 2019-08-07 | 2019-08-07 | Mininet-based attack detection method and device for power communication network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110381082A CN110381082A (en) | 2019-10-25 |
| CN110381082B true CN110381082B (en) | 2021-01-26 |
Family
ID=68258411
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910725314.0A Active CN110381082B (en) | 2019-08-07 | 2019-08-07 | Mininet-based attack detection method and device for power communication network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110381082B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112380532A (en) * | 2020-11-13 | 2021-02-19 | 深信服科技股份有限公司 | Host risk state determination method and device, electronic equipment and storage medium |
| CN112600825B (en) * | 2020-12-07 | 2021-12-21 | 北京微步在线科技有限公司 | Attack event detection method and device based on isolation network |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101729389A (en) * | 2008-10-21 | 2010-06-09 | 北京启明星辰信息技术股份有限公司 | Flow control device and method based on flow prediction and trusted network address learning |
| CN102014116B (en) * | 2009-09-03 | 2015-01-21 | 丛林网络公司 | Protecting against distributed network flood attacks |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101442413B (en) * | 2008-12-22 | 2011-04-06 | 西安交通大学 | Method for detecting ad hoc network helminth based on neighbor collaborative monitoring |
| CN101572701B (en) * | 2009-02-10 | 2013-11-20 | 中科信息安全共性技术国家工程研究中心有限公司 | Security gateway system for resisting DDoS attack for DNS service |
| CN103561011B (en) * | 2013-10-28 | 2016-09-07 | 中国科学院信息工程研究所 | A kind of SDN controller method and system for preventing blind DDoS attacks on |
-
2019
- 2019-08-07 CN CN201910725314.0A patent/CN110381082B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101729389A (en) * | 2008-10-21 | 2010-06-09 | 北京启明星辰信息技术股份有限公司 | Flow control device and method based on flow prediction and trusted network address learning |
| CN102014116B (en) * | 2009-09-03 | 2015-01-21 | 丛林网络公司 | Protecting against distributed network flood attacks |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110381082A (en) | 2019-10-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10432650B2 (en) | System and method to protect a webserver against application exploits and attacks | |
| US10355949B2 (en) | Behavioral network intelligence system and method thereof | |
| KR100942456B1 (en) | Method for detecting and protecting ddos attack by using cloud computing and server thereof | |
| JP5960978B2 (en) | Intelligent system and method for mitigating cyber attacks in critical systems by controlling message latency in communication networks | |
| CN114679338A (en) | Network risk assessment method based on network security situation awareness | |
| US10862921B2 (en) | Application-aware intrusion detection system | |
| CN108306747B (en) | Cloud security detection method and device and electronic equipment | |
| CN110381082B (en) | Mininet-based attack detection method and device for power communication network | |
| CN111181850B (en) | Data packet flooding suppression method, device and equipment and computer storage medium | |
| Neu et al. | Lightweight IPS for port scan in OpenFlow SDN networks | |
| CN111800419B (en) | DDoS attack detection system and method in SDN environment | |
| CN111786986B (en) | Numerical control system network intrusion prevention system and method | |
| CN108028828A (en) | A kind of distributed denial of service ddos attack detection method and relevant device | |
| CN110247899A (en) | The system and method for ARP attack is detected and alleviated based on SDN cloud environment | |
| KR102088308B1 (en) | Cloud security analysing apparatus, apparatus and method for management of security policy based on nsfv | |
| CN112235300B (en) | Cloud virtual network vulnerability detection method, system, device and electronic equipment | |
| KR20110028106A (en) | Apparatus for controlling distribute denial of service attack traffic based on source ip history and method thereof | |
| JP6649296B2 (en) | Security countermeasure design apparatus and security countermeasure design method | |
| Peng | Research of network intrusion detection system based on snort and NTOP | |
| JP3822588B2 (en) | Unauthorized access detection device, unauthorized access detection method, and management terminal | |
| CN111107035B (en) | Security situation sensing and protecting method and device based on behavior identification | |
| JP6063340B2 (en) | Command source specifying device, command source specifying method, and command source specifying program | |
| CN108848093B (en) | Route calculation unit and network node device | |
| Mansour et al. | Design of an SDN security mechanism to detect malicious activities | |
| CN116232776B (en) | Springboard attack detection method and device, terminal equipment and computer storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |