CN104468624A - Sdn控制器、路由/交换设备及网络防御方法 - Google Patents
Sdn控制器、路由/交换设备及网络防御方法 Download PDFInfo
- Publication number
- CN104468624A CN104468624A CN201410830604.9A CN201410830604A CN104468624A CN 104468624 A CN104468624 A CN 104468624A CN 201410830604 A CN201410830604 A CN 201410830604A CN 104468624 A CN104468624 A CN 104468624A
- Authority
- CN
- China
- Prior art keywords
- tcp
- connection table
- message
- illegal
- request message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 31
- 238000001914 filtration Methods 0.000 claims abstract description 32
- 230000009471 action Effects 0.000 claims abstract description 16
- 230000032683 aging Effects 0.000 claims description 14
- 230000007123 defense Effects 0.000 claims description 13
- 230000016571 aggressive behavior Effects 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000008447 perception Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000003139 buffering effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 230000029087 digestion Effects 0.000 description 1
- 238000010304 firing Methods 0.000 description 1
- 230000013011 mating Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000035882 stress Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
Claims (11)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410830604.9A CN104468624B (zh) | 2014-12-22 | 2014-12-22 | Sdn控制器、路由/交换设备及网络防御方法 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410830604.9A CN104468624B (zh) | 2014-12-22 | 2014-12-22 | Sdn控制器、路由/交换设备及网络防御方法 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104468624A true CN104468624A (zh) | 2015-03-25 |
CN104468624B CN104468624B (zh) | 2018-01-02 |
Family
ID=52913996
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410830604.9A Active CN104468624B (zh) | 2014-12-22 | 2014-12-22 | Sdn控制器、路由/交换设备及网络防御方法 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104468624B (zh) |
Cited By (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104883362A (zh) * | 2015-05-11 | 2015-09-02 | 北京交通大学 | 异常访问行为控制方法及装置 |
CN106453367A (zh) * | 2016-10-27 | 2017-02-22 | 上海斐讯数据通信技术有限公司 | 一种基于sdn的防地址扫描攻击的方法及系统 |
CN106534048A (zh) * | 2015-09-11 | 2017-03-22 | 中国电信股份有限公司 | 一种防范sdn拒绝服务攻击的方法、交换机和系统 |
CN107483431A (zh) * | 2017-08-10 | 2017-12-15 | 杭州迪普科技股份有限公司 | 一种基于tcp/ip协议的交换机端口安全防护方法和装置 |
CN107707513A (zh) * | 2017-01-10 | 2018-02-16 | 贵州白山云科技有限公司 | 一种防御网络攻击的方法以及装置 |
CN108183917A (zh) * | 2018-01-16 | 2018-06-19 | 中国人民解放军国防科技大学 | 基于软件定义网络的DDoS攻击跨层协同检测方法 |
CN109327426A (zh) * | 2018-01-11 | 2019-02-12 | 白令海 | 一种防火墙攻击防御方法 |
WO2019101054A1 (zh) * | 2017-11-27 | 2019-05-31 | 华为技术有限公司 | 聚合速率控制方法、设备以及系统 |
CN109962879A (zh) * | 2017-12-22 | 2019-07-02 | 中国电信股份有限公司 | 针对分布式反射拒绝服务DRDoS的安全防御方法和控制器 |
CN110366170A (zh) * | 2019-06-15 | 2019-10-22 | 浙江大学 | 一种基于软件定义安全的无线网络安全防御办法 |
CN111200505A (zh) * | 2018-11-19 | 2020-05-26 | 中移(苏州)软件技术有限公司 | 一种报文处理方法及装置 |
CN111756713A (zh) * | 2020-06-15 | 2020-10-09 | Oppo(重庆)智能科技有限公司 | 网络攻击识别方法、装置、计算机设备及介质 |
CN111800419A (zh) * | 2020-07-06 | 2020-10-20 | 东北大学 | 一种SDN环境下DDoS攻击检测系统及方法 |
CN111885092A (zh) * | 2020-09-10 | 2020-11-03 | 中国联合网络通信集团有限公司 | 一种边缘节点的DDoS攻击检测方法、处理方法及SDN |
CN112866031A (zh) * | 2021-02-05 | 2021-05-28 | 杭州迪普科技股份有限公司 | 路由配置方法、装置、设备及计算机可读存储介质 |
CN112887210A (zh) * | 2021-01-06 | 2021-06-01 | 新华三大数据技术有限公司 | 一种流表管理方法及装置 |
CN114244625A (zh) * | 2021-12-30 | 2022-03-25 | 山东安控信息科技有限公司 | 一种物理隔离设备的报文快速转发方法及系统 |
CN114374563A (zh) * | 2022-01-19 | 2022-04-19 | 深圳市天机云信息技术有限公司 | 网络连接方法、装置、存储介质及电子设备 |
CN115334136A (zh) * | 2022-07-05 | 2022-11-11 | 北京天融信网络安全技术有限公司 | 一种连接老化控制方法、系统、设备及存储介质 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103281317A (zh) * | 2013-05-09 | 2013-09-04 | 浙江师范大学 | 一种软件定义网络的攻击测试方法 |
CN103561011A (zh) * | 2013-10-28 | 2014-02-05 | 中国科学院信息工程研究所 | 一种SDN控制器盲DDoS攻击防护方法及系统 |
CN104104651A (zh) * | 2013-04-02 | 2014-10-15 | 杭州市电力局 | 数据处理方法、装置及电动交通工具网络管理系统 |
CN104184749A (zh) * | 2014-09-15 | 2014-12-03 | 上海斐讯数据通信技术有限公司 | 一种sdn网络访问方法及系统 |
-
2014
- 2014-12-22 CN CN201410830604.9A patent/CN104468624B/zh active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104104651A (zh) * | 2013-04-02 | 2014-10-15 | 杭州市电力局 | 数据处理方法、装置及电动交通工具网络管理系统 |
CN103281317A (zh) * | 2013-05-09 | 2013-09-04 | 浙江师范大学 | 一种软件定义网络的攻击测试方法 |
CN103561011A (zh) * | 2013-10-28 | 2014-02-05 | 中国科学院信息工程研究所 | 一种SDN控制器盲DDoS攻击防护方法及系统 |
CN104184749A (zh) * | 2014-09-15 | 2014-12-03 | 上海斐讯数据通信技术有限公司 | 一种sdn网络访问方法及系统 |
Non-Patent Citations (1)
Title |
---|
唐欢容,曾一晶: ""基于半连接列表的SYN泛洪攻击检测"", 《计算机工程》 * |
Cited By (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104883362A (zh) * | 2015-05-11 | 2015-09-02 | 北京交通大学 | 异常访问行为控制方法及装置 |
CN106534048A (zh) * | 2015-09-11 | 2017-03-22 | 中国电信股份有限公司 | 一种防范sdn拒绝服务攻击的方法、交换机和系统 |
CN106453367A (zh) * | 2016-10-27 | 2017-02-22 | 上海斐讯数据通信技术有限公司 | 一种基于sdn的防地址扫描攻击的方法及系统 |
CN107707513A (zh) * | 2017-01-10 | 2018-02-16 | 贵州白山云科技有限公司 | 一种防御网络攻击的方法以及装置 |
CN107707513B (zh) * | 2017-01-10 | 2019-05-17 | 北京数安鑫云信息技术有限公司 | 一种防御网络攻击的方法以及装置 |
CN107483431A (zh) * | 2017-08-10 | 2017-12-15 | 杭州迪普科技股份有限公司 | 一种基于tcp/ip协议的交换机端口安全防护方法和装置 |
WO2019101054A1 (zh) * | 2017-11-27 | 2019-05-31 | 华为技术有限公司 | 聚合速率控制方法、设备以及系统 |
US11088956B2 (en) | 2017-11-27 | 2021-08-10 | Huawei Technologies Co., Ltd. | Aggregate rate control method, device, and system |
CN109962879A (zh) * | 2017-12-22 | 2019-07-02 | 中国电信股份有限公司 | 针对分布式反射拒绝服务DRDoS的安全防御方法和控制器 |
CN109327426A (zh) * | 2018-01-11 | 2019-02-12 | 白令海 | 一种防火墙攻击防御方法 |
CN108183917A (zh) * | 2018-01-16 | 2018-06-19 | 中国人民解放军国防科技大学 | 基于软件定义网络的DDoS攻击跨层协同检测方法 |
CN108183917B (zh) * | 2018-01-16 | 2018-12-14 | 中国人民解放军国防科技大学 | 基于软件定义网络的DDoS攻击跨层协同检测方法 |
CN111200505A (zh) * | 2018-11-19 | 2020-05-26 | 中移(苏州)软件技术有限公司 | 一种报文处理方法及装置 |
CN110366170A (zh) * | 2019-06-15 | 2019-10-22 | 浙江大学 | 一种基于软件定义安全的无线网络安全防御办法 |
CN111756713A (zh) * | 2020-06-15 | 2020-10-09 | Oppo(重庆)智能科技有限公司 | 网络攻击识别方法、装置、计算机设备及介质 |
CN111800419A (zh) * | 2020-07-06 | 2020-10-20 | 东北大学 | 一种SDN环境下DDoS攻击检测系统及方法 |
CN111800419B (zh) * | 2020-07-06 | 2021-06-15 | 东北大学 | 一种SDN环境下DDoS攻击检测系统及方法 |
CN111885092A (zh) * | 2020-09-10 | 2020-11-03 | 中国联合网络通信集团有限公司 | 一种边缘节点的DDoS攻击检测方法、处理方法及SDN |
CN112887210B (zh) * | 2021-01-06 | 2022-04-01 | 新华三大数据技术有限公司 | 一种流表管理方法及装置 |
CN112887210A (zh) * | 2021-01-06 | 2021-06-01 | 新华三大数据技术有限公司 | 一种流表管理方法及装置 |
CN112866031A (zh) * | 2021-02-05 | 2021-05-28 | 杭州迪普科技股份有限公司 | 路由配置方法、装置、设备及计算机可读存储介质 |
CN112866031B (zh) * | 2021-02-05 | 2022-07-01 | 杭州迪普科技股份有限公司 | 路由配置方法、装置、设备及计算机可读存储介质 |
CN114244625A (zh) * | 2021-12-30 | 2022-03-25 | 山东安控信息科技有限公司 | 一种物理隔离设备的报文快速转发方法及系统 |
CN114374563A (zh) * | 2022-01-19 | 2022-04-19 | 深圳市天机云信息技术有限公司 | 网络连接方法、装置、存储介质及电子设备 |
CN115334136A (zh) * | 2022-07-05 | 2022-11-11 | 北京天融信网络安全技术有限公司 | 一种连接老化控制方法、系统、设备及存储介质 |
CN115334136B (zh) * | 2022-07-05 | 2024-02-02 | 北京天融信网络安全技术有限公司 | 一种连接老化控制方法、系统、设备及存储介质 |
Also Published As
Publication number | Publication date |
---|---|
CN104468624B (zh) | 2018-01-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104468624A (zh) | Sdn控制器、路由/交换设备及网络防御方法 | |
EP2854361B1 (en) | Apparatus and method for protecting communication pattern of network traffic | |
Prasad et al. | An efficient detection of flooding attacks to Internet Threat Monitors (ITM) using entropy variations under low traffic | |
US9807092B1 (en) | Systems and methods for classification of internet devices as hostile or benign | |
CN109005175B (zh) | 网络防护方法、装置、服务器及存储介质 | |
Jamil et al. | Security issues in cloud computing and countermeasures | |
US20100071054A1 (en) | Network security appliance | |
CN103347016A (zh) | 一种攻击的防御方法 | |
US20140090060A1 (en) | Trusted network interface | |
Sanmorino et al. | DDoS attack detection method and mitigation using pattern of the flow | |
CN109587167B (zh) | 一种报文处理的方法和装置 | |
Gilad et al. | Off-Path Attacking the Web. | |
US9800593B2 (en) | Controller for software defined networking and method of detecting attacker | |
Arukonda et al. | The innocent perpetrators: reflectors and reflection attacks | |
US20130139214A1 (en) | Multi dimensional attack decision system and method thereof | |
CN110266650B (zh) | Conpot工控蜜罐的识别方法 | |
CN106797378B (zh) | 用于控制通信网络的装置和方法 | |
Huang et al. | An authentication scheme to defend against UDP DrDoS attacks in 5G networks | |
CN106487790B (zh) | 一种ack flood攻击的清洗方法及系统 | |
Subbulakshmi et al. | A unified approach for detection and prevention of DDoS attacks using enhanced support vector machines and filtering mechanisms | |
Liu et al. | Real-time detection of covert channels in highly virtualized environments | |
Prasad et al. | IP traceback for flooding attacks on Internet threat monitors (ITM) using Honeypots | |
KR101380096B1 (ko) | 분산 서비스 거부 공격 대응 시스템 및 그 방법 | |
CN106230815A (zh) | 一种告警日志的控制方法和装置 | |
WO2019242053A1 (zh) | 一种针对HTTP Flood攻击的防护方法及系统 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
EXSB | Decision made by sipo to initiate substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right |
Effective date of registration: 20201103 Address after: 318015 no.2-3167, zone a, Nonggang City, no.2388, Donghuan Avenue, Hongjia street, Jiaojiang District, Taizhou City, Zhejiang Province Patentee after: Taizhou Jiji Intellectual Property Operation Co.,Ltd. Address before: 201616 Shanghai city Songjiang District Sixian Road No. 3666 Patentee before: Phicomm (Shanghai) Co.,Ltd. |
|
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20230810 Address after: 313000 room 1019, Xintiandi commercial office, Yishan street, Wuxing District, Huzhou, Zhejiang, China Patentee after: Huzhou YingLie Intellectual Property Operation Co.,Ltd. Address before: 318015 no.2-3167, area a, nonggangcheng, 2388 Donghuan Avenue, Hongjia street, Jiaojiang District, Taizhou City, Zhejiang Province Patentee before: Taizhou Jiji Intellectual Property Operation Co.,Ltd. |
|
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20240104 Address after: Room 1028, 1st Floor, Building 1, No. 9 Xinghuo Road, Fengtai District, Beijing, 100000 Patentee after: Beijing Perston Automatic Control Engineering Technology Co.,Ltd. Address before: 313000 room 1019, Xintiandi commercial office, Yishan street, Wuxing District, Huzhou, Zhejiang, China Patentee before: Huzhou YingLie Intellectual Property Operation Co.,Ltd. |
|
TR01 | Transfer of patent right |