CN103684922A - Outlet information privacy checking detection platform system based on SDN (self-defending network) and detection method - Google Patents
Outlet information privacy checking detection platform system based on SDN (self-defending network) and detection method Download PDFInfo
- Publication number
- CN103684922A CN103684922A CN201310716971.1A CN201310716971A CN103684922A CN 103684922 A CN103684922 A CN 103684922A CN 201310716971 A CN201310716971 A CN 201310716971A CN 103684922 A CN103684922 A CN 103684922A
- Authority
- CN
- China
- Prior art keywords
- module
- controller
- detection
- sdn
- packet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses an outlet information privacy checking detection platform system based on an SDN (self-defending network). The system comprises a privacy checking detection module and a controller cluster control module, wherein the controller cluster control module comprises a state distribution/synchronization module, a domain management module, a distributed storage management module, an exchanger sharing control module and an exchanger interface communication module. The privacy checking detection module is deployed on a privacy checking detection server and comprises a daily security examination module, an internet surfing behavior control module, a suspicious terminal detection module, a Trojan horse detection module, a platform operation and maintenance management module, a self-security guarantee module, a policy database, a virus characteristic pattern base and a characteristic rule base. In addition, the invention further discloses a detection method of an outlet information privacy checking detection platform based on the SDN. Security of the internet outlet information privacy checking detection platform system can be greatly improved, and the flow burden of a service network is relieved.
Description
Technical field
The present invention relates to network security technology field, the outlet information privacy relating in particular to based on SDN network checks detection platform system and detection method.
Background technology
Along with the fast development of China's economic society, informationization is also in continuous development, and a business/organization inevitably need to contact with the Internet in daily office, mutually transmission of information.First this brought the significant challenge of safe and secret aspect to business/organization, need to prevent leakage security information that employee be not intended to/has a mind to, prevent that outside member from illegally obtaining the security information of business/organization; Interior employee needs controlled normally the carrying out of business/organization routine work that be beneficial to the consumption of site resource and internet behavior etc. in addition.
Outlet information privacy checks that detection platform exports and carries out unified censorship detection all mobile Internets of business/organization.Primary study is unified supervision to all mobile Internet abnormal behaviours, wooden horse behavior and the transmission information of business/organization the Internet, makes user find and dispose all kinds of events in the very first time.Examination is analyzed by the data of internet transmission, and examination is analyzed to the information of issuing on the Internet, can the abnormal network behavior of identification terminal, and can find behavior viral and that wooden horse is stolen data; Can carry out strict monitoring to the behavior of divulging a secret, obtain necessary information to trace responsible person concerned; Guarantee the safety of platform and data, prevent that secondary from divulging a secret.
For example, the patent of invention that application number is 201210435961.6 provides a kind of network computer information security detection method, comprises the following steps: network server end is associated with computer client; Setting network server end detects strategy; Determine that computer client detects strategy; File dynamic real-time monitor is reported to the police.The pattern that the present invention combines by active detecting and passive detection, carries out Macro or mass analysis by check result unification, and prompting computer client is processed accordingly.By the self-defined function of white name list containing sensitive words information of computer client, improve accuracy rate and the recall precision of censorship.The unified of censorship strategy by network server end set and issues, and realizes the warning of file dynamic real-time monitor, automatic inspection and the early warning mechanism of computer client, from technological means, improves the secret prevention awareness of employee, evades enterprise's risk of divulging a secret.
Application number is that 200310114937.3 patent of invention relates to leakage of information crime prevention system and its implementation under the cooperative working environment in network security technology field.Comprise: client and service end two parts, client is arranged on every computer that need to operate protected file, for carrying out protection operation; Service end is arranged on the independent computer in network, for execution monitoring with control the computer of client, management certificate and key, to user in client to protected file, client is connected by network with service end.Method comprises: the identity of authentication of users and authority; Carry out decryption oprerations; The file being opened is monitored constantly; To preserving content, do encryption, the content being kept at like this on disk is all the information of encrypting forever, has guaranteed that like this file is copied by any way to other places and all encrypts.Fundamentally solved the leakage of information problem under cooperative working environment, and various applied environments have all been done to consideration, availability is high.
Above-mentioned technology is in former network, network server end is associated with computer client, and then on this server, setting network server end detects strategy, determines that computer client detects strategy, to carry out the detection of information privacy; In addition file is dynamically monitored in real time.This technology is carried out censorship work in legacy network, with former operation system and be stored in consolidated network, has great potential safety hazard: easily cause secondary to divulge a secret, also the flow load in former network is caused to extra burden in addition.
In addition, the patent No. is that 200820192655.3 utility model relates to a kind of Intelligent multifunctional safety gateway, by linux kernel and at least two network interface cards, formed, its linux kernel interconnects with each network interface card respectively, be characterized in: linux kernel is also by interface and ip packet filter module, flow-control module, L7 and P2P module interconnect, internal task scheduler module respectively with linux kernel, ip packet filter module, flow-control module, L7 and P2P module interconnect, internal task scheduler module is also connected with user by an interactive interface module.The utility model integrates router, flow control, VPN and firewall functionality, IP-based flow control function, intelligent router feature, VPN dialup access server function and network firewall and NAT address translation feature can be provided, substitute costliness and the relatively single multiple private network device of function, not only stable and reliable for performance, and with low cost.This technology by all working piezometric to Intelligent multifunctional safety gateway, by all work, such as ip packet filter module, flow-control module, L7 and P2P module etc. all concentrates on an equipment and completes, and flow system flow and original operation system are also and exist in consolidated network in addition.
Summary of the invention
The present invention for the flow effect that solves the information privacy of prior art middle outlet and check that the fail safe of detection platform system is not high enough and produce shortcoming or the deficiency of legacy network efficiency, adopted a kind of outlet information privacy based on SDN network to check the scheme of detection platform system, thereby realized, strengthen outlet information privacy inspection detection platform security of system, alleviate business network flow burden.
Outlet information privacy based on SDN network checks detection platform system, and it consists of censorship detection module and controller cluster control module.
Its middle controller cluster control module is coordinated and controls the controller cluster in platform, and communicate with supporting the switch of SDN, it comprises state distribution/synchronization module, divide territory administration module, distributed storage management module, switch is shared control module, exchange interface communication module.
Controller cluster control module is used southbound interface agreement to communicate with supporting the switch of SDN by exchange interface communication module, uses other modules to realize the synchronous of stream table between multi-controller.
Censorship detection module is deployed in censorship and detects on server, daily concerning security matters examination module, internet behavior control module, suspicious terminal detection module, wooden horse detection module, platform operation management module, inherently safe assurance module and policy database, virus characteristic pattern base, feature rule base, consists of.
Wherein daily concerning security matters examination module is responsible for Email, file transfer, microblogging, blog, the examination of network forum; Internet behavior control module is responsible for the monitor audit to P2P delivery means such as HTTP, FTP, SMTP, POP3, Web Mail, QQ, MSN, community/forum/video/game, the electric donkey/sudden peal of thunder of BT/ etc.
Suspicious terminal detection module comprises domain name detection module, IP address detected module, SSL channel detecting module, uplink and downlink flow proportional detection module.
Wooden horse detection module detects extraordinary wooden horse domain name feature, extraordinary wooden horse IP address feature, extraordinary wooden horse data content feature.
Platform operation management module comprises Centralized management of policy module, retrieval analysis module, operation management module.
Inherently safe assurance module comprises sign and identification module, platform operations log pattern, security service module, clock synchronization module, safety certificate module.
Outlet information privacy based on SDN network checks the detection method of detection platform, the step of the method is as follows: after platform initialization completes, support the switch of SDN to forward entering the packet of switch according to the stream list item issuing, if any packet, meet outlet information privacy and check the condition that detection platform secret and safe threatens, the stream list item that mates safe and secret threat, IP data packet head and a tcp data packet header data with alert bag of composition that the switch of support SDN extracts this packet send to controller, simultaneously by this data packet discarding, after controller receiving alarm information, notify censorship detection module to carry out associative operation, censorship detection module record security threatens daily record, and send notice to third party's fail-safe software control system, if any packet, meet outlet information privacy and check the condition that detection platform secret and safe threatens, support the switch of SDN to copy this Packet Generation to controller, this packet is pressed into waiting list to wait for that issue stream table indicates and how to process simultaneously, controller is then further forwarded to censorship detection module, by censorship detection module, this packet is detected, as detected, find that this security data packet, without the controller of notice transmission information to be checked of divulging a secret, requires switch to send packet according to former target, as detected, find that these data are surrounded by security threat or the situation of divulging a secret, censorship detection module generates the stream list item of this type of packet and is distributed to relevant controller, the stream list item that controller is assigned to oneself is issued to the switch of this controller management, and the switch that notice sends information to be checked is pressed into the packet of waiting list by the stream list processing newly issuing, if packet does not all meet above situation, send as before packet.
The beneficial effect that technical solution of the present invention is brought:
Outlet information privacy inspection detection platform system based on SDN network is utilized SDN network technology, the flow separation relevant to censorship that outlet information privacy can be checked to detection platform generation is to another network, security threat and the flow load problem of possible systems such as " secondary are divulged a secret " have been solved, can promote greatly Internet exportation information privacy and check detection platform security of system, also alleviate business network flow burden simultaneously.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, to the accompanying drawing of required use in embodiment or description of the Prior Art be briefly described below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skills, do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.
Fig. 1 is the functional structure chart that the outlet information privacy based on SDN network checks detection platform system;
Fig. 2 is the segmentation flow diagram that the outlet information privacy based on SDN network checks detection platform system;
Fig. 3 is the network topological diagram that the outlet information privacy based on SDN network checks detection platform system;
Fig. 4 is that the outlet information privacy based on SDN network checks detection platform system initialization flow chart;
Fig. 5 is the detection method flow chart that the outlet information privacy based on SDN network checks detection platform.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Embodiment based in the present invention, those of ordinary skills, not making the every other embodiment obtaining under creative work prerequisite, belong to the scope of protection of the invention.
Outlet information privacy based on SDN network checks that detection platform system can export and carry out unified censorship detection for all the Internets of business/organization, mobile Internet.Censorship detection module is collected relevant data flow and analyzes from the switch of support SDN by SDN controller, all abnormal behaviour, wooden horse behavior and transmission information in business/organization Intranet are unified to supervision, make user find and dispose all kinds of events in the very first time.Examination is analyzed by the data of internet transmission, examination is analyzed to the information of issuing on the Internet, can identify abnormal network behavior, and can find the behavior that virus and wooden horse are stolen data, can carry out strict monitoring to the behavior of divulging a secret, obtain necessary information to trace responsible person concerned, guarantee the safety of platform and data, prevent that secondary from divulging a secret.
The functional structure chart that is illustrated in figure 1 the outlet information privacy inspection detection platform system based on SDN network, it consists of censorship detection module and controller cluster control module.
Its middle controller cluster control module is coordinated and controls the controller cluster in platform, and communicate with supporting the switch of SDN, it comprises state distribution/synchronization module, divide territory administration module, distributed storage management module, switch is shared control module, exchange interface communication module.Controller cluster control module is used southbound interface agreement to communicate with supporting the switch of SDN by exchange interface communication module, uses other modules to realize the synchronous of stream table between multi-controller.Censorship detection module is deployed in censorship and detects on server, daily concerning security matters examination module, internet behavior control module, suspicious terminal detection module, wooden horse detection module, platform operation management module, this six large module of inherently safe assurance module and policy database, virus characteristic pattern base, these three databases of feature rule base, consists of.Wherein daily concerning security matters examination module is responsible for Email, file transfer, microblogging, blog, the examination of network forum; Internet behavior control module is responsible for the monitor audit to P2P delivery means such as HTTP, FTP, SMTP, POP3, Web Mail, QQ, MSN, community/forum/video/game, the electric donkey/sudden peal of thunder of BT/ etc.; Suspicious terminal detection module comprises domain name detection module, IP address detected module, SSL channel detecting module, uplink and downlink flow proportional detection module; Wooden horse detection module detects extraordinary wooden horse domain name feature, extraordinary wooden horse IP address feature, extraordinary wooden horse data content feature; Platform operation management module comprises Centralized management of policy module, retrieval analysis module, operation management module; Inherently safe assurance module comprises sign and identification module, platform operations log pattern, security service module, clock synchronization module, safety certificate module.
Outlet information privacy based on SDN network checks that detection platform system is based on SDN technology, and former network, outlet information privacy are checked to the two network detach of detection platform opens.The switch of censorship detection module and SDN controller cluster, support SDN is connected to form an independently network, in this network, carry out high level security control, outlet information privacy checks that the correlative flow of detection platform system and SDN control the network that flow shares same high level of security like this, guaranteed the fail safe of system, and platform has been dropped to minimum to the performance impact of former network.Business/organization related system platform continues to use original network, and legacy network flow is exported the impact that information privacy checks detection platform system hardly.Specifically as shown in Figure 2, solid line is partly former network traffics, and platform is not changed this; Flow shown in chain-dotted line is that SDN controls flow, and this is the flow of SDN controller and switch communication; Flow shown in thick dashed line is that censorship detects flow, and this partial discharge is the flow to be checked that the switch of support SDN is selected from former network traffics according to stream table, by stream table rule, from certain port of switch, sends to the network that SDN controls stream place.
Be illustrated in figure 3 the network topological diagram of the outlet information privacy inspection detection platform system based on SDN network.The network topology structure that in figure, solid line network is original undertaking/organization internal; Dotted line network is the network of SDN controller and the switch communication of supporting SDN " network and outlet information privacy check detection system " work.
The outlet information privacy inspection detection platform system initialization flow chart based on SDN network as shown in Figure 4.After outlet information privacy based on SDN network checks that detection platform system starts, censorship detection module tuning controller cluster, from switch, obtain network topology situation, divide the switch scope that each controller is controlled, then according to policy database, virus characteristic pattern base, these three databases of feature rule base, lay down a regulation and list stream list item, stream list item is dealt into respectively to relevant controller, the stream list item that controller is assigned to oneself is issued on the switch of this controller management, and so far plateform system initial work finishes.
Be illustrated in figure 5 the overhaul flow chart of the outlet information privacy inspection detection platform based on SDN network.After platform initialization completes, support the switch of SDN to forward entering the packet of switch according to the stream list item issuing, if any packet, meet outlet information privacy and check the condition that detection platform secret and safe threatens, the stream list item that mates safe and secret threat, IP data packet head and a tcp data packet header data with alert bag of composition that the switch of support SDN extracts this packet send to controller, simultaneously by this data packet discarding, after controller receiving alarm information, notify censorship detection module to carry out associative operation, censorship detection module record security threatens daily record, and send notice etc. to third party's fail-safe software control system, if any packet, meet outlet information privacy and check the condition that detection platform secret and safe threatens, support the switch of SDN to copy this Packet Generation to controller, this packet is pressed into waiting list to wait for that issue stream table indicates and how to process simultaneously, controller is then further forwarded to censorship detection module, by censorship detection module, this packet is detected, as detected, find that this security data packet is without the controller of notice transmission information to be checked of divulging a secret, require switch to send packet according to former target, as detected, find these data be surrounded by security threat or divulge a secret situation censorship detection module generate the stream list item of this type of packet and be distributed to relevant controller, the stream list item that controller is assigned to oneself is issued to the switch of this controller management, the switch that notice sends information to be checked is pressed into the packet of waiting list by the stream list processing newly issuing, if packet does not all meet above situation, send as before packet.
The outlet information privacy based on SDN the network above embodiment of the present invention being provided checks that detection platform system and detection method are described in detail, applied specific case herein principle of the present invention and execution mode are set forth, the explanation of above embodiment is just for helping to understand method of the present invention and core concept thereof; , for one of ordinary skill in the art, according to thought of the present invention, all will change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention meanwhile.
Claims (4)
1. the outlet information privacy based on SDN network checks detection platform system, it is characterized in that, this system consists of censorship detection module and controller cluster control module;
Its middle controller cluster control module is coordinated and controls the controller cluster in platform, and communicate with supporting the switch of SDN, it comprises state distribution/synchronization module, divide territory administration module, distributed storage management module, switch is shared control module, exchange interface communication module;
Controller cluster control module is used southbound interface agreement to communicate with supporting the switch of SDN by exchange interface communication module, uses other modules to realize the synchronous of stream table between multi-controller;
Censorship detection module is deployed in censorship and detects on server, daily concerning security matters examination module, internet behavior control module, suspicious terminal detection module, wooden horse detection module, platform operation management module, inherently safe assurance module and policy database, virus characteristic pattern base, feature rule base, consists of;
Wherein daily concerning security matters examination module is responsible for Email, file transfer, microblogging, blog, the examination of network forum; Internet behavior control module is responsible for the monitor audit to P2P delivery means such as HTTP, FTP, SMTP, POP3, Web Mail, QQ, MSN, community/forum/video/game, the electric donkey/sudden peal of thunder of BT/ etc.;
Suspicious terminal detection module comprises domain name detection module, IP address detected module, SSL channel detecting module, uplink and downlink flow proportional detection module;
Wooden horse detection module detects extraordinary wooden horse domain name feature, extraordinary wooden horse IP address feature, extraordinary wooden horse data content feature;
Platform operation management module comprises Centralized management of policy module, retrieval analysis module, operation management module;
Inherently safe assurance module comprises sign and identification module, platform operations log pattern, security service module, clock synchronization module, safety certificate module.
2. system according to claim 1, it is characterized in that, after this system starts, censorship detection module tuning controller cluster, from switch, obtain network topology situation, divide the switch scope that each controller is controlled, then according to policy database, virus characteristic pattern base, these three databases of feature rule base, lay down a regulation and list stream list item, stream list item is dealt into respectively to relevant controller, the stream list item that controller is assigned to oneself is issued on the switch of this controller management, so far system initialization end-of-job.
3. system according to claim 1, it is characterized in that, in this system, the switch of censorship detection module and SDN controller cluster, support SDN is connected to form an independently network, in this network, carry out high level security control, outlet information privacy checks that the correlative flow of detection platform system and SDN control the network that flow shares same high level of security like this, guaranteed the fail safe of system, and platform has been dropped to minimum to the performance impact of former network.
4. the outlet information privacy based on SDN network checks the detection method of detection platform, it is characterized in that, the step of the method is as follows: after platform initialization completes, support the switch of SDN to forward entering the packet of switch according to the stream list item issuing, if any packet, meet outlet information privacy and check the condition that detection platform secret and safe threatens, the stream list item that mates safe and secret threat, IP data packet head and a tcp data packet header data with alert bag of composition that the switch of support SDN extracts this packet send to controller, simultaneously by this data packet discarding, after controller receiving alarm information, notify censorship detection module to carry out associative operation, censorship detection module record security threatens daily record, and send notice to third party's fail-safe software control system, if any packet, meet outlet information privacy and check the condition that detection platform secret and safe threatens, support the switch of SDN to copy this Packet Generation to controller, this packet is pressed into waiting list to wait for that issue stream table indicates and how to process simultaneously, controller is then further forwarded to censorship detection module, by censorship detection module, this packet is detected, as detected, find that this security data packet is without the controller of notice transmission information to be checked of divulging a secret, require switch to send packet according to former target, as detected, find that these data are surrounded by security threat or the situation of divulging a secret, censorship detection module generates the stream list item of this type of packet and is distributed to relevant controller, the stream list item that controller is assigned to oneself is issued to the switch of this controller management, the switch that notice sends information to be checked is pressed into the packet of waiting list by the stream list processing newly issuing, if packet does not all meet above situation, send as before packet.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310716971.1A CN103684922B (en) | 2013-12-23 | 2013-12-23 | Outlet information privacy checking detection platform system based on SDN (self-defending network) and detection method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310716971.1A CN103684922B (en) | 2013-12-23 | 2013-12-23 | Outlet information privacy checking detection platform system based on SDN (self-defending network) and detection method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103684922A true CN103684922A (en) | 2014-03-26 |
| CN103684922B CN103684922B (en) | 2017-02-15 |
Family
ID=50321301
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310716971.1A Active CN103684922B (en) | 2013-12-23 | 2013-12-23 | Outlet information privacy checking detection platform system based on SDN (self-defending network) and detection method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103684922B (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104023034A (en) * | 2014-06-25 | 2014-09-03 | 武汉大学 | Security defensive system and defensive method based on software-defined network |
| CN104601557A (en) * | 2014-12-29 | 2015-05-06 | 广东顺德中山大学卡内基梅隆大学国际联合研究院 | Method and system for defending malicious websites based on software-defined network |
| CN105450502A (en) * | 2014-09-19 | 2016-03-30 | 陈耿 | Software-defined network oriented email denial suppression system and suppression method thereof |
| CN106254338A (en) * | 2016-07-29 | 2016-12-21 | 杭州华三通信技术有限公司 | Message detecting method and device |
| CN106982149A (en) * | 2016-12-29 | 2017-07-25 | 中国银联股份有限公司 | Message mirror-image method and network flow monitoring management system based on SDN |
| CN107124301A (en) * | 2017-04-12 | 2017-09-01 | 东华大学 | A kind of campus network network structure based on SDN |
| CN108011825A (en) * | 2017-11-10 | 2018-05-08 | 深圳市泰信通信息技术有限公司 | A kind of multiple network equipment interconnection practical method and system based on software defined network |
| CN108449230A (en) * | 2018-03-15 | 2018-08-24 | 达闼科技(北京)有限公司 | Network performance detecting system, method and relevant apparatus |
| CN108712364A (en) * | 2018-03-22 | 2018-10-26 | 西安电子科技大学 | A kind of safety defense system and method for SDN network |
| CN109857332A (en) * | 2017-11-30 | 2019-06-07 | 北京京穗蓝盾信息安全技术有限公司 | A kind of method and device of magnetic disk of virtual machine file security inspection |
| WO2019109970A1 (en) * | 2017-12-07 | 2019-06-13 | 北京金山云网络技术有限公司 | Network management method and apparatus, electronic device and storage medium |
| CN110602119A (en) * | 2019-09-19 | 2019-12-20 | 迈普通信技术股份有限公司 | Virus protection method, device and system |
| CN113206719A (en) * | 2021-03-16 | 2021-08-03 | 网络通信与安全紫金山实验室 | Clock synchronization method, system and storage medium based on SDN master clock |
| CN113271292A (en) * | 2021-04-07 | 2021-08-17 | 中国科学院信息工程研究所 | Malicious domain name cluster detection method and device based on word vectors |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101319491B1 (en) * | 2006-09-21 | 2013-10-17 | 삼성전자주식회사 | Apparatus and method for setting up domain information |
| CN101951384B (en) * | 2010-09-29 | 2013-08-07 | 南京信息工程大学 | Distributed security domain logic boundary protection method |
-
2013
- 2013-12-23 CN CN201310716971.1A patent/CN103684922B/en active Active
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104023034A (en) * | 2014-06-25 | 2014-09-03 | 武汉大学 | Security defensive system and defensive method based on software-defined network |
| CN104023034B (en) * | 2014-06-25 | 2017-05-10 | 武汉大学 | Security defensive system and defensive method based on software-defined network |
| CN105450502B (en) * | 2014-09-19 | 2018-10-09 | 南京审计大学 | The Email that software-oriented defines network denies suppression system and its suppressing method |
| CN105450502A (en) * | 2014-09-19 | 2016-03-30 | 陈耿 | Software-defined network oriented email denial suppression system and suppression method thereof |
| CN104601557A (en) * | 2014-12-29 | 2015-05-06 | 广东顺德中山大学卡内基梅隆大学国际联合研究院 | Method and system for defending malicious websites based on software-defined network |
| CN106254338A (en) * | 2016-07-29 | 2016-12-21 | 杭州华三通信技术有限公司 | Message detecting method and device |
| CN106254338B (en) * | 2016-07-29 | 2019-09-06 | 新华三技术有限公司 | Message detecting method and device |
| US11088965B2 (en) | 2016-12-29 | 2021-08-10 | China Unionpay Co., Ltd. | SDN-based packet mirroring method, and network traffic monitoring and management system |
| CN106982149A (en) * | 2016-12-29 | 2017-07-25 | 中国银联股份有限公司 | Message mirror-image method and network flow monitoring management system based on SDN |
| CN106982149B (en) * | 2016-12-29 | 2019-10-01 | 中国银联股份有限公司 | Message mirror-image method and network flow monitoring management system based on SDN |
| CN107124301A (en) * | 2017-04-12 | 2017-09-01 | 东华大学 | A kind of campus network network structure based on SDN |
| CN108011825A (en) * | 2017-11-10 | 2018-05-08 | 深圳市泰信通信息技术有限公司 | A kind of multiple network equipment interconnection practical method and system based on software defined network |
| CN109857332A (en) * | 2017-11-30 | 2019-06-07 | 北京京穗蓝盾信息安全技术有限公司 | A kind of method and device of magnetic disk of virtual machine file security inspection |
| WO2019109970A1 (en) * | 2017-12-07 | 2019-06-13 | 北京金山云网络技术有限公司 | Network management method and apparatus, electronic device and storage medium |
| CN108449230B (en) * | 2018-03-15 | 2020-07-03 | 达闼科技(北京)有限公司 | Network performance detection system, method and related device |
| CN108449230A (en) * | 2018-03-15 | 2018-08-24 | 达闼科技(北京)有限公司 | Network performance detecting system, method and relevant apparatus |
| CN108712364A (en) * | 2018-03-22 | 2018-10-26 | 西安电子科技大学 | A kind of safety defense system and method for SDN network |
| CN108712364B (en) * | 2018-03-22 | 2021-01-26 | 西安电子科技大学 | Security defense system and method for SDN (software defined network) |
| CN110602119A (en) * | 2019-09-19 | 2019-12-20 | 迈普通信技术股份有限公司 | Virus protection method, device and system |
| CN113206719A (en) * | 2021-03-16 | 2021-08-03 | 网络通信与安全紫金山实验室 | Clock synchronization method, system and storage medium based on SDN master clock |
| CN113271292A (en) * | 2021-04-07 | 2021-08-17 | 中国科学院信息工程研究所 | Malicious domain name cluster detection method and device based on word vectors |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103684922B (en) | 2017-02-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103684922A (en) | Outlet information privacy checking detection platform system based on SDN (self-defending network) and detection method | |
| Liu et al. | A survey: Typical security issues of software-defined networking | |
| CN104506507B (en) | A kind of sweet net safety protective system and method for SDN | |
| CN101438255B (en) | Network and application attack protection based on application layer message inspection | |
| Tedeschi et al. | Secure IoT devices for the maintenance of machine tools | |
| Zhang et al. | The current research of IoT security | |
| CN106779485B (en) | SOA architecture-based comprehensive management system and data processing method | |
| Holtz et al. | Building scalable distributed intrusion detection systems based on the mapreduce framework | |
| Irfan et al. | A framework for cloud forensics evidence collection and analysis using security information and event management | |
| Wang et al. | A centralized HIDS framework for private cloud | |
| CN100539499C (en) | A kind of safe star-shape local network computer system | |
| Kumar et al. | Study of intrusion detection system for DDoS attacks in cloud computing | |
| CN113645213A (en) | Multi-terminal network management monitoring system based on VPN technology | |
| CN112688932A (en) | Honeypot generation method, honeypot generation device, honeypot generation equipment and computer readable storage medium | |
| Abouelmehdi et al. | Big data emerging issues: Hadoop security and privacy | |
| CN114978697A (en) | Network information system endogenous security defense method, device, equipment and medium | |
| Wu et al. | Edge computing security protection from the perspective of classified protection of cybersecurity | |
| Nair et al. | Security attacks in internet of things | |
| CN116232770A (en) | Enterprise network safety protection system and method based on SDN controller | |
| CN112437070B (en) | Operation-based spanning tree state machine integrity verification calculation method and system | |
| CN116458120A (en) | Protecting network resources from known threats | |
| CN110572353A (en) | Cloud computing network security service | |
| Chiu et al. | Detecting DoS and DDoS attacks by using CuSum algorithm in 5G networks | |
| CN202841172U (en) | Data security management system based on intelligent terminal | |
| Jarmakiewicz et al. | Evaluation of the cyber security provision system for critical infrastructure |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210324 Address after: No.16, Tianhui Road, Tianhe District, Guangzhou, Guangdong 510000 Patentee after: BLUEDON INFORMATION SECURITY TECHNOLOGIES Co.,Ltd. Address before: 510665 20-21 / F, building a, information port, No.16 Keyun Road, Tianhe District, Guangzhou City, Guangdong Province Patentee before: Bluedon Information Security Technology Corp.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| PP01 | Preservation of patent right |
Effective date of registration: 20220422 Granted publication date: 20170215 |
|
| PP01 | Preservation of patent right |