CN105516091A - Secure flow filter and filtering method based on software defined network (SDN) controller - Google Patents
Secure flow filter and filtering method based on software defined network (SDN) controller Download PDFInfo
- Publication number
- CN105516091A CN105516091A CN201510852333.1A CN201510852333A CN105516091A CN 105516091 A CN105516091 A CN 105516091A CN 201510852333 A CN201510852333 A CN 201510852333A CN 105516091 A CN105516091 A CN 105516091A
- Authority
- CN
- China
- Prior art keywords
- stream
- sdn
- network
- controller
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
The invention relates to the fields of computer technologies and networks, in particular to a secure flow filter and a filtering method based on a software defined network (SDN) controller. Before various unknown flow information is written into a flow table of the SDN controller, the secure flow filter can be established at a location through which the flow passes, and is used for analyzing and processing the flow and identifying various attacks or sniffing the flow in order to ensure the validity of data in the flow table and overcome defects caused by a firewall. The secure flow filter is transparent to an existing network; network elements and architecture of the existing network do not need to be modified; extremely-high flow filtering efficiency is achieved through use of a DPDK driver; and the network performance is not influenced. Through adoption of the secure flow filter and the filtering method, the security of the whole network is enhanced at minimum investment on the premise of not modifying the existing SDN network.
Description
Technical field
The present invention relates to computer technology and network field, particularly relate to software defined network (SDN) and network security control field.
Background technology
For the new technology of innovation, people are easy to ignore safety problem.Inventor notices several safety problem when disposing SDN, SDN technology is made to face lot of challenges, as malicious data flow, switch stream table are distorted, vulnerability of application program, data management confidentiality and availability threat etc., these are all attacks common in legacy network, still exist in SDN.The safety problem of most software define grid is mainly around controller itself, and controller can be considered to " brain " of exchange/route, and it allows to be managed concentratedly from the control plane of each system.Controller was once lose efficacy, and whole network will collapse.For safety manager, the ultimate challenge of SDN is protection controller at all costs." brain " takes out from router or switch now, and uses new controller to substitute.A very important safety problem understands and whom audits to access controller and controller position in a network, and access controller may allow assailant control completely, therefore, and must the safety of protection controller.
Network information maintenance on the controller, usually relies on and opens up special memory module.Controller and application program are according to network state distributing policy.The network information that controller is safeguarded is divided into Static and dynamic two kinds.Because controllable performs corresponding function in a network according to the network information, just can be produced Internet Transmission when information illegally writes and destroy, the safety problem cardinal index of therefore network maintenance of information on controller is destroyed according to integrality and availability.Data message is distorted by rogue program or assailant, is problem common in legacy network.When multi controller systems works, the controller be tampered can revise the information of other controllers by East and West direction interface, also by the interface amendment SDN switch in north-south and the information of application program, upsets correct control logic and user data.Multi-controller coordinated management there is availability of data problem, and such as, a controller node occurs that all controllers that mistake causes consulting with it all obtain the wrong network information, affects the strategy that final data flows to.The northbound interface access controller that application program is provided by controller, call controller management resource, if there is no the functional modules such as authentication, rights management, log management, still there will be unauthorized applications access common in legacy network, application program unauthorized operation, walk around the safety problems such as audit trail.In addition, may, due to the disappearance of control logic completeness, cause strategy inconsistent when multiple application program is run simultaneously, main manifestations be the problem such as policy conflict and local strategy fails.
Target of attack may be locked as the network element in network by assailant.In theory, assailant can illegally obtain the physics of network or virtual access power, or threatens the main frame is connected with SDN, then the stability of offensive attack destruction network element.This attack is similar to denial of service (DoS) and attacks, or a kind ofly attempts to attack the fuzzy attack of network element.Communication between current controller and network element employs a large amount of API (application programming interface) and communication protocol.The communication of SDN south orientation may use OpenFlow (OF), OpenvSwitch data base administration agreement (OVSDB), path computation element communication protocol (PCEP), route system interface (I2RS), BGP-LS, OpenStackNeutron, Family administration infrastructure (OMI), Puppet, Chef, Diameter, Radius, NETCONF, scalable message process Presence Protocol (XMPP), location/mark separated protocol (LISP), Simple Network Management Protocol (SNMP), CLI, embedded task manager (EEM), Cisco onePK, application center infrastructures (ACI), the agreements such as Opflex.These agreements have some to guarantee the method with network element communication security separately.However, many agreements are all very new, and deployers may not arrange them in safest mode.
In current SDN security attack, assailant can utilize these agreements to attempt some new stream instantiations in the stream table of equipment.Assailant can attempt to forge some new streams, should be allowed through to allow by the flow of network.Although direct traffic is responsible for instructing flow by fire compartment wall, if assailant can create the stream that one can get around direct traffic, assailant will success attack.If assailant can control the direction of traffic steering oneself setting, so they may attempt utilizing this function to smell spy to flow, then mobilize " go-between (MITM) " to attack.
The technology technology that is most and legacy network used due to the security management of current SDN is similar, also do not form the special technology and equipment carrying out protecting for SDN, and traditional technology too complex redundancy, maintenance cost also unusual height, when current SDN does not also have considerable scale, how appropriate is not high.Day by day remarkable along with SDN safety issue, the various security protocol for SDN also can constantly occur, traditional safe practice expandability is not enough, is lost the marrow of software definition (SoftwareDefine).
Summary of the invention
For the deficiency of background technology, the present invention can allow from various types of unknown flow rate information in write SDN controller before stream table, secure flows filter must be set up through part what flow, it is allowed to carry out the analyzing and processing flowed, identify various attack (go-between, Dos etc.) or smell spy flow, ensure the legitimacy of data in stream table, make up the deficiency that fire compartment wall brings.Simultaneously the present invention can process and control SDN switch ACL, can set up the stream view in the overall situation, all kinds of policy library, rule base and daily record storehouse etc., can dynamic realtime Administrative Security equipment, according to policy co-ordination safety devices.
Technical scheme of the present invention is: a kind of secure flows filter based on SDN controller, comprises stream monitor, stream user management module, stream maker, policing rule administration module, safety means administration module, security information storehouse, it is characterized in that:
Described stream user management module obtains user profile, through the examination & verification of policing rule administration module by after, user profile is write security information storehouse; If examination & verification is not passed through, belong to disabled user, the administration module directly to OrchestrationLayer layer sends warning message;
Stream monitor: use DPDK framework and driver, the various streams that monitoring SDN north orientation application program and East and West direction SDN controller send, audit according to whether the information convection current of policing rule administration module submission is legal, if legal, this stream be sent to stream maker module and forward, otherwise send warning message;
Stream maker: use DPDK driver, certain SDN controller forwarding flow information in network; The stream information that stream maker resolution flow watch-dog provides, obtain the destination object that this stream needs to send, according to target object information query aim controller north orientation or East and West direction nuclear interface standardizing data from safety information storehouse, then it is carried out to the parsing of standard agreement, repacking this stream makes it consistent with sending object controller, for source and destination standard phase homogeneous turbulence, this module only carries out transparent transmission
Policing rule administration module: the security strategy in this module definition SDN and specification, it is legal that the stream only meeting these tactful Sum fanction is only;
Safety means administration module: the conventional safety apparatus of this module management existing network, and be recorded in security information storehouse;
Security information storehouse: user stores the data message of whole SDN.
According to the secure flows filter based on SDN controller as above, it is characterized in that: the user profile that described stream user management module obtains is: connect the north orientation application program of SDN and transmeridional SDN controller, application service known in SDN and adjacent SDN controller are registered, the user profile that acquisition north orientation application program and transmeridional SDN controller are sent.
Based on a secure flows filter method for SDN controller, it is characterized in that: it comprises the steps:
Stream user management module has known north orientation application program and transmeridional SDN controller information according in the stream information automatic detection network received, and is recorded in security information storehouse by these information;
Conventional safety apparatus in safety means administration module meeting detection network, and facility information and their tactful Sum fanction are recorded in native system security information storehouse;
Monitor for flowing, by DPDK driver, receives the stream of the unexamined of north orientation application program and the transmission of transmeridional SDN controller, and trigger policy rules administration module, the stream of unexamined is monitored repeatedly;
The security strategy defined in policing rule administration module is audited, and returns the message of whether auditing and passing through to monitor for flowing;
Policy management module regularly sends message to safety means administration module, obtains the security strategy Sum fanction that conventional safety apparatus upgrades;
Examine legal rear monitor for flowing and give stream maker by legal circulation, by DPDK driver packing also SDN controller forwarding.
The invention has the beneficial effects as follows:
The present invention can prevent assailant from setting up the stream getting around direct traffic, evades the protection of fire compartment wall, attacks the core network element of SDN.The present invention is transparent to existing network, do not need any network element and the framework of revising existing network, and use DPDK driver to make traffic filtering ultrahigh in efficiency, do not affect network performance, and there is the self-defining ability of elasticity software, overall safety control strategy, stream view and respective security rule base etc. can be built for embody rule.Under the early stage of not revising the SDN existed, utilize minimum investment, reinforce the fail safe of whole network.The north orientation user that this system returns SDN provides a kind of ability of safety virtualization network insertion.The present invention simultaneously also adapts to the requirement of SDN future secure, and space has been reserved in the expansion for its fail safe.
Accompanying drawing explanation
Fig. 1 is native system structure chart;
Fig. 2 is the workflow diagram of native system.
Embodiment
Explanation of nouns: SDN controller is the application program in software defined network (SDN), is responsible for flow control to guarantee intelligent network.SDN controller, based on agreements such as such as OpenFlow, allows server to tell that switch is to where sending packet.
SDN: by network equipment chain of command and data surface are separated, thus achieve the flexible control of network traffics, for the innovation of core network and application provides good platform.
OrchestrationLayer: the service orchestration layer namely in SDN, it is a level of abstraction being between SDN controller and operation layer.According to the difference of network element and network, in communication network, a large amount of SDNController will be there is, such as: oneself the SDN controller all corresponding such as core I P bearer network, core OTN transport network, service control layer, wireless carrier network, fixed access network network.Therefore, when these of the same type or dissimilar SDN controllers upwards provide service, use Orchestration layer to carry out further abstract and virtualizing network resources, so that operation layer calls Internet resources more flexibly to numerous controllers.
Below in conjunction with accompanying drawing, the present invention is described further.
As shown in Figure 1, secure flows filter of the present invention is that an independent security procedure module is installed and runs on the having in the server of north orientation and East and West direction interface access capability of the Orchestration layer in SDN.If network is fairly simple, only have a SDN controller, also can directly it can be used as a common java program install and run in SDN controller.
As shown in Figure 1, secure flows filter of the present invention is made up of 5 modules and a database, comprises stream monitor, stream user management module, stream maker, policing rule administration module, safety means administration module, security information storehouse.
Stream user management module: this module major function connects the north orientation application program of SDN and transmeridional SDN controller, application service known in SDN and other adjacent SDN controllers are registered, obtain these directions and send user profile, through policing rule administration module examination & verification by after, write security information storehouse; If examination & verification is not passed through, belong to disabled user, the administration module directly to OrchestrationLayer layer sends warning message.
Stream monitor: the DPDK framework and the driver that use the up-to-date release of Intel Company, the various streams that efficient monitoring SDN north orientation application program and East and West direction SDN controller send, audit whether these streams are legal according to the information that policing rule administration module is submitted to, if legal, this stream be sent to stream maker module and forward, otherwise send warning message.
Stream maker: use DPDK driver, certain SDN controller forwarding flow information in network efficiently.The stream information that stream maker resolution flow watch-dog provides, obtain the destination object that this stream needs to send, according to target object information query aim controller north orientation or East and West direction nuclear interface standardizing data from safety information storehouse, then it is carried out to the parsing of standard agreement, repack this stream and make it consistent with sending object controller.For source and destination standard phase homogeneous turbulence, this module only carries out transparent transmission.Due to the agreement not standardization of SDN northbound interface, there is different vendor and use respective distinctive agreement, this module provides easy the to be easy-to-use interface that a whole set of can use script edit, can the SDN controller of dynamic compatible different vendor.
Policing rule administration module: a series of security strategy and specification in this module definition SDN, it is legal that the stream only meeting these tactful Sum fanction is only.Such as: certain assailant disposes oneself SDN controller, and the OF switch under the controller that other are legal issues stream list item, and " pseudo-cartridge controller " can revise switch forward-path.In this case, stream monitor can be checked through new not having registered traffic flow information and is transmitted to this resume module, policing rule administration module is according to the header packet information of this data flow, analyze and whether pass through encryption and certification, simultaneously whether the log-on message of query safe information bank to obtain this stream effective, also can issue conventional safety apparatus if necessary to differentiate, confirm that this data flow is for after illegal, stream user management module to transmit messages alarming information to the application program of each north orientation and transmeridional controller group, flow maker simultaneously and can send failure code to " pseudo-cartridge controller ", termination communicates with.Keeper can define these rules, also can be obtained the security strategy Sum fanction in conventional safety apparatus by safety means administration module simultaneously.
Safety means administration module: the conventional safety apparatus of this module management existing network, the fire compartment wall etc. of such as each producer, registers its position, dynamic scan and the security strategy Sum fanction obtained in these equipment, and is recorded in security information storehouse.
Security information storehouse: this module is a database, user stores the user of whole SDN, strategy, rule, the information such as equipment and daily record.
As shown in Figure 2, the secure flows filter method based on SDN controller of the present invention is:
1., after secure flows filter starts, stream user management module has known north orientation application program and transmeridional SDN controller information according in the stream information automatic detection network received, and these information is recorded in security information storehouse.
2. simultaneously, these facility informations and their tactful Sum fanction are recorded in native system security information storehouse by the conventional safety apparatus in safety means administration module meeting detection network.
3. monitor for flowing is by DPDK driver, receives the stream of the unexamined of north orientation application program and the transmission of transmeridional SDN controller efficiently, and trigger policy rules administration module, the stream of unexamined is monitored repeatedly.
4. the security strategy defined in policing rule administration module is audited, and returns the message of whether auditing and passing through to monitor for flowing.
5. the security strategy in the self-defined policy management module of network manager, this module is simultaneously regular sends message to safety means administration module, obtains the security strategy Sum fanction that conventional safety apparatus upgrades.
6. examine legal rear monitor for flowing and give stream maker by legal circulation, by DPDK driver packing also SDN controller forwarding.This module provides framework and the interface of the access of a set of north orientation, script can be used according to the SDN controller of different vendor, write the agreement of SDN northbound interface access.
Secure flows filter based on SDN controller of the present invention can realize with high-level language java and script python, user can give to customize different interfaces according to different SDN agreements and security protocol Normalization rule script, also high-level language can be used to realize access way according to the interface of system definition, for following unknown SDN protocol specification and security protocol, only need increase corresponding adaptation module, use simple and flexible, user is provided secondary development environment easily.
The present invention can allow from various types of unknown flow rate information in write SDN controller before stream table, secure flows filter must be set up through part what flow, it is allowed to carry out the analyzing and processing flowed, identify various attack (go-between, Dos etc.) or smell spy flow, ensure the legitimacy of data in stream table, make up the deficiency that fire compartment wall brings.This security filter can process and control SDN switch ACL simultaneously, can set up the stream view in the overall situation, all kinds of policy library, rule base and daily record storehouse etc., can dynamic realtime Administrative Security equipment, according to policy co-ordination safety devices.
Claims (3)
1., based on a secure flows filter for SDN controller, comprise stream monitor, stream user management module, stream maker, policing rule administration module, safety means administration module, security information storehouse, it is characterized in that:
Described stream user management module obtains user profile, through the examination & verification of policing rule administration module by after, user profile is write security information storehouse; If examination & verification is not passed through, belong to disabled user, the administration module directly to OrchestrationLayer layer sends warning message;
Stream monitor: use DPDK framework and driver, the various streams that monitoring SDN north orientation application program and East and West direction SDN controller send, audit according to whether the information convection current of policing rule administration module submission is legal, if legal, this stream be sent to stream maker module and forward, otherwise send warning message;
Stream maker: use DPDK driver, certain SDN controller forwarding flow information in network; The stream information that stream maker resolution flow watch-dog provides, obtain the destination object that this stream needs to send, according to target object information query aim controller north orientation or East and West direction nuclear interface standardizing data from safety information storehouse, then it is carried out to the parsing of standard agreement, repacking this stream makes it consistent with sending object controller, for source and destination standard phase homogeneous turbulence, this module only carries out transparent transmission
Policing rule administration module: the security strategy in this module definition SDN and specification, it is legal that the stream only meeting these tactful Sum fanction is only;
Safety means administration module: the conventional safety apparatus of this module management existing network, and be recorded in security information storehouse;
Security information storehouse: user stores the data message of whole SDN.
2. the secure flows filter based on SDN controller according to claim 1, it is characterized in that: the user profile that described stream user management module obtains is: connect the north orientation application program of SDN and transmeridional SDN controller, application service known in SDN and adjacent SDN controller are registered, the user profile that acquisition north orientation application program and transmeridional SDN controller are sent.
3., based on a secure flows filter method for SDN controller, it is characterized in that: it comprises the steps:
Stream user management module has known north orientation application program and transmeridional SDN controller information according in the stream information automatic detection network received, and is recorded in security information storehouse by these information;
Conventional safety apparatus in safety means administration module meeting detection network, and facility information and their tactful Sum fanction are recorded in native system security information storehouse;
Monitor for flowing, by DPDK driver, receives the stream of the unexamined of north orientation application program and the transmission of transmeridional SDN controller, and trigger policy rules administration module, the stream of unexamined is monitored repeatedly;
The security strategy defined in policing rule administration module is audited, and returns the message of whether auditing and passing through to monitor for flowing;
Policy management module regularly sends message to safety means administration module, obtains the security strategy Sum fanction that conventional safety apparatus upgrades;
Examine legal rear monitor for flowing and give stream maker by legal circulation, by DPDK driver packing also SDN controller forwarding.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510852333.1A CN105516091B (en) | 2015-11-27 | 2015-11-27 | A kind of safe flow filter and filter method based on SDN controllers |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510852333.1A CN105516091B (en) | 2015-11-27 | 2015-11-27 | A kind of safe flow filter and filter method based on SDN controllers |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105516091A true CN105516091A (en) | 2016-04-20 |
| CN105516091B CN105516091B (en) | 2018-09-25 |
Family
ID=55723729
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510852333.1A Active CN105516091B (en) | 2015-11-27 | 2015-11-27 | A kind of safe flow filter and filter method based on SDN controllers |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105516091B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107181738A (en) * | 2017-04-25 | 2017-09-19 | 中国科学院信息工程研究所 | A kind of software implementation intruding detection system and method |
| CN107682312A (en) * | 2017-08-25 | 2018-02-09 | 中国科学院信息工程研究所 | A kind of security protection system and method |
| CN110830469A (en) * | 2019-11-05 | 2020-02-21 | 中国人民解放军战略支援部队信息工程大学 | DDoS attack protection system and method based on SDN and BGP flow specification |
| CN112769748A (en) * | 2020-12-07 | 2021-05-07 | 浪潮云信息技术股份公司 | DPDK-based ACL packet filtering method |
| CN113132382A (en) * | 2021-04-19 | 2021-07-16 | 何文刚 | Intelligent computer network information safety controller |
| CN113132349A (en) * | 2021-03-12 | 2021-07-16 | 中国科学院信息工程研究所 | Agent-free cloud platform virtual flow intrusion detection method and device |
| CN114338496A (en) * | 2020-10-12 | 2022-04-12 | 中移(苏州)软件技术有限公司 | Resource forwarding method, device, terminal and computer storage medium |
| CN115967642A (en) * | 2021-11-04 | 2023-04-14 | 贵州电网有限责任公司 | Software defined network-based method for detecting quality of east-west link in cloud |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015009404A1 (en) * | 2013-07-18 | 2015-01-22 | Palo Alto Networks, Inc. | Packet classification for network routing |
| CN104539625A (en) * | 2015-01-09 | 2015-04-22 | 江苏理工学院 | Network security defense system based on software-defined network and working method of network security defense system |
| CN104967615A (en) * | 2015-06-03 | 2015-10-07 | 浪潮集团有限公司 | Security SDN controller and network security method based on same |
| CN105072085A (en) * | 2015-07-03 | 2015-11-18 | 北京航空航天大学 | Flow rule validity authentication method under software-defined networking |
-
2015
- 2015-11-27 CN CN201510852333.1A patent/CN105516091B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015009404A1 (en) * | 2013-07-18 | 2015-01-22 | Palo Alto Networks, Inc. | Packet classification for network routing |
| CN104539625A (en) * | 2015-01-09 | 2015-04-22 | 江苏理工学院 | Network security defense system based on software-defined network and working method of network security defense system |
| CN104967615A (en) * | 2015-06-03 | 2015-10-07 | 浪潮集团有限公司 | Security SDN controller and network security method based on same |
| CN105072085A (en) * | 2015-07-03 | 2015-11-18 | 北京航空航天大学 | Flow rule validity authentication method under software-defined networking |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107181738A (en) * | 2017-04-25 | 2017-09-19 | 中国科学院信息工程研究所 | A kind of software implementation intruding detection system and method |
| CN107181738B (en) * | 2017-04-25 | 2020-09-11 | 中国科学院信息工程研究所 | Software intrusion detection system and method |
| CN107682312A (en) * | 2017-08-25 | 2018-02-09 | 中国科学院信息工程研究所 | A kind of security protection system and method |
| CN110830469A (en) * | 2019-11-05 | 2020-02-21 | 中国人民解放军战略支援部队信息工程大学 | DDoS attack protection system and method based on SDN and BGP flow specification |
| CN114338496A (en) * | 2020-10-12 | 2022-04-12 | 中移(苏州)软件技术有限公司 | Resource forwarding method, device, terminal and computer storage medium |
| CN114338496B (en) * | 2020-10-12 | 2023-09-05 | 中移(苏州)软件技术有限公司 | Resource forwarding method, device, terminal and computer storage medium |
| CN112769748A (en) * | 2020-12-07 | 2021-05-07 | 浪潮云信息技术股份公司 | DPDK-based ACL packet filtering method |
| CN112769748B (en) * | 2020-12-07 | 2022-05-31 | 浪潮云信息技术股份公司 | DPDK-based ACL packet filtering method |
| CN113132349A (en) * | 2021-03-12 | 2021-07-16 | 中国科学院信息工程研究所 | Agent-free cloud platform virtual flow intrusion detection method and device |
| CN113132382A (en) * | 2021-04-19 | 2021-07-16 | 何文刚 | Intelligent computer network information safety controller |
| CN113132382B (en) * | 2021-04-19 | 2022-09-02 | 中文出版集团有限公司 | Intelligent computer network information safety controller |
| CN115967642A (en) * | 2021-11-04 | 2023-04-14 | 贵州电网有限责任公司 | Software defined network-based method for detecting quality of east-west link in cloud |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105516091B (en) | 2018-09-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105516091A (en) | Secure flow filter and filtering method based on software defined network (SDN) controller | |
| CN101438255B (en) | Network and application attack protection based on application layer message inspection | |
| CN105577637B (en) | Calculating equipment, method and machine readable storage medium for being communicated between secured virtual network function | |
| CN1823514B (en) | Method and apparatus for providing network security using role-based access control | |
| US10354070B2 (en) | Thread level access control to socket descriptors and end-to-end thread level policies for thread protection | |
| Cunha et al. | Network slicing security: Challenges and directions | |
| CN106850690B (en) | Honeypot construction method and system | |
| CN110086825B (en) | Unmanned aerial vehicle power inspection data safety transmission system and method | |
| CN103597795A (en) | System and method for authenticating components in an InfiniBand (IB)network | |
| CN105051696A (en) | An improved streaming method and system for processing network metadata | |
| Dineva et al. | Security in IoT systems | |
| CN109617875A (en) | A kind of the secure accessing platform and its implementation of terminal communication network | |
| KR20220125251A (en) | Programmable Switching Device for Network Infrastructures | |
| CN109995720A (en) | Heterogeneous device manages method, apparatus, system, equipment and medium concentratedly | |
| Klement et al. | Open or not open: Are conventional radio access networks more secure and trustworthy than Open-RAN? | |
| CN102217248B (en) | Distributed packet flow checks and process | |
| Toker et al. | Mitre ics attack simulation and detection on ethercat based drinking water system | |
| Schlehuber et al. | A security architecture for railway signalling | |
| CN102045310B (en) | Industrial Internet intrusion detection as well as defense method and device | |
| O'Raw et al. | IEC 61850 substation configuration language as a basis for automated security and SDN configuration | |
| CN101621427B (en) | Anti-intrusion method and system for a communication network | |
| CN114024767B (en) | Method for constructing password definition network security system, system architecture and data forwarding method | |
| CN114430553A (en) | Portable proxy server for deception defense of mobile internet of things equipment | |
| CN114143028A (en) | Data cross-region safe transmission method and system based on electric power spot transaction service scene | |
| CN105376167A (en) | Distributed packet stream inspection and processing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |