CN106534197A - Method and system for filtering malicious traffic in autonomous domain - Google Patents

Method and system for filtering malicious traffic in autonomous domain Download PDF

Info

Publication number
CN106534197A
CN106534197A CN201611199382.0A CN201611199382A CN106534197A CN 106534197 A CN106534197 A CN 106534197A CN 201611199382 A CN201611199382 A CN 201611199382A CN 106534197 A CN106534197 A CN 106534197A
Authority
CN
China
Prior art keywords
node
malicious traffic
traffic stream
filter
filtering
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611199382.0A
Other languages
Chinese (zh)
Inventor
刘金锁
李洋
张立武
冯宝
蔡世龙
刘文贵
丁晨阳
高雪
胡阳
张迎星
崔林
周建华
缪巍巍
李伟
张润环
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
Nari Information and Communication Technology Co
Nanjing NARI Group Corp
Electric Power Research Institute of State Grid Jiangsu Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
Nari Information and Communication Technology Co
Nanjing NARI Group Corp
Electric Power Research Institute of State Grid Jiangsu Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, Nari Information and Communication Technology Co, Nanjing NARI Group Corp, Electric Power Research Institute of State Grid Jiangsu Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN201611199382.0A priority Critical patent/CN106534197A/en
Publication of CN106534197A publication Critical patent/CN106534197A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method and system for filtering malicious traffic in an autonomous domain. The method comprises the following steps of acquiring network information and node state information of node equipment in a current network in real time, and generating a global unified real-time information view according to the information; constructing a filtering strategy module based on an Exception-Handler strategy module; instantiating the filtering strategy module according to the type of the malicious traffic and the type of a filter node in the network; and based on the instantiated filtering strategy module, using a filter node search algorithm to deploy the instantiated filtering strategy module to the filter node of the network to realize the filtering of the malicious traffic. The method for filtering the malicious traffic in the autonomous domain provided by the invention has greater advantages in the aspects of scope of protection, flexibility and expandability on the premise of realizing effective filtering of the malicious traffic in the network, and has a good application prospect.

Description

Malicious traffic stream filter method and system in a kind of Autonomous Domain
Technical field
The present invention relates to technical field of the computer network, and in particular in a kind of Autonomous Domain malicious traffic stream filter method and its Implementation method.
Background technology
With developing rapidly for the sector applications such as network technology and intelligent grid, for big with power telecom network as representative For scale complexity Autonomous Domain network, by virus in domain, the malicious traffic stream that anthelmintic and spam are produced, the mistake of management personnel Configuration or attack of the Malware to server, it will make each node in domain consume the huge network bandwidth, network is caused Huge pressure, certainly will influence whether the real-time of power grid control and the stability of operation of power networks.For this present situation, how structure A treatment mechanism that can effectively filter malicious traffic stream in domain is built, is a current network research important topic of interest.
At present, traditional safe practice can be by network edge router (Edge Router) or key service The malicious traffic stream that the method such as configurating filtered strategy is come on screen on the fire wall of front end deployment, work is concentrated mainly on following Several aspects:1) prevention (Attack Prevention) is attacked, and the thinking is directed generally to realistic objective be produced in malicious traffic stream Before raw impact, in key node (such as Autonomous Domain fringe node) the deployment filtering policy of network;2) bottleneck management (Bottleneck Resource Management), the thinking thinks, malicious traffic stream to the harm of bottleneck in network most For serious, they are most easily attacked by malicious traffic stream and are expended totally;3) reply (Attack Reaction) is attacked, it is main to think Road is the source as close possible to malicious traffic stream, malicious traffic stream is carried out at the intermediate path node of network or flow source Filter.All it is to think deeply how filtering fallacious flow under whole Wide Area Network System Framework in terms of three above, but great majority Scheme is complex, and can not process the malicious traffic stream in from domain, and, implement more to be stranded in the range of Wide Area Network Difficulty, needs to dispose specific equipment (such as fire wall or router) in whole network to support specific communication information, or even needs Want specific network architecture etc.;Simultaneously above-mentioned method itself can not eliminate malicious traffic stream, therefore, malicious traffic stream is to other nets The pressure of network node is yet suffered from;Finally configure these rules and lack extensibility, need engineer, deployment, therefore, it is impossible to The malicious traffic stream attack type for emerging in an endless stream is tackled flexibly.
By the problem of foregoing description, as the current network architecture does not adapt to the demand for development of network, therefore, having must Consider to solve this key issue under next generation network framework.Different from legacy network, software defined network (Software-Defined Networking, SDN) is initially proposed by Clean Slate project team of Stanford University, according to Based on the research work such as SANE, Ethane, using OpenFlow technologies, extended accordingly.It is using concentration control in domain The principle of system, network central control logical AND network data transmission is separated, and control logic focused on controller, natural for disliking Meaning traffic filtering mechanism is uniformly controlled ability there is provided global.Meanwhile, the network model can also have in the range of Autonomous Domain Effect ground obtains each node related information in domain, how finds that malicious traffic stream provides solid Information base for control node detection Using SDN, realize that what malicious traffic stream in Autonomous Domain filtered implements, be current urgent problem.
The content of the invention
The purpose of the present invention be overcome prior art in cannot realize problem that malicious traffic stream in Autonomous Domain is filtered.The present invention Autonomous Domain in malicious traffic stream filter method and system, compared with traditional malicious traffic stream strobe utility, can be real in a network Now to effective filtration of malicious traffic stream on the premise of, have greater advantage in terms of protection domain, motility, extensibility, have There is good application prospect.
In order to achieve the above object, the technical solution adopted in the present invention is:
Include the step of malicious traffic stream filter method, the method in a kind of Autonomous Domain,
The network information and node status information of Real-time Collection current network interior joint equipment, and generated according to the information complete The unified real time information view of office;
Based on abnormality processing Exception-Handler Policy model, filtering policy model is built;
According to the type of filter node in malicious traffic stream type and network, instantiation filtering policy model;
The filtering policy model of Case-based Reasoning, using filter node searching algorithm, by the filtering policy mould of the instantiation Type is deployed in the filter node of network, realizes the filtration to malicious traffic stream.
Malicious traffic stream filter method in aforesaid Autonomous Domain, it is characterised in that:The step of the method, further includes:To dislike The result of meaning traffic filtering is fed back and is stored.
Malicious traffic stream filter method in aforesaid Autonomous Domain, the network information and node status information of the node device are By the information collection agent in control centre is deployed on current network interior joint equipment, using described information Collection agent The network information and node status information of acquisition node equipment, and it is supplied to control centre;
The real time information view is generated the network information of node device and node status information using control centre Global unified real time information view.
Malicious traffic stream filter method in aforesaid Autonomous Domain, based on abnormality processing Exception-Handler Policy model, Filtering policy model is built, is the mapping relations according to malicious traffic stream type and filtering rule, and the type of combined filtering node The filtering policy of formulation.
Malicious traffic stream filter method in aforesaid Autonomous Domain, according to malicious traffic stream type and the mapping relations of filtering rule, And the process of the filtering policy of the type formulation of combined filtering node includes:
(1) control centre is abstract for Exception according to the malicious traffic stream Type Concretization for specifically detecting, according to filtration The corresponding Handler of node type instantiation of node, and corresponding filtration is generated for the corresponding Handler of Exception Rule;
(2) when same Exception has different Handler, using OO stratification inheritance mechanism, Exception is organized by inheritance with each Handler;
(3) if there is new malicious traffic stream type, control centre takes out new Exception and corresponding Handler, So as to ensure the extensibility of filtering policy.
Malicious traffic stream filter method in aforesaid Autonomous Domain, the filter node searching algorithm are closest by calculating discovery The filter node in malicious traffic stream source, and corresponding filtering policy is disposed on the filter node, filtering fallacious flow.
Malicious traffic stream filter method in aforesaid Autonomous Domain, the filter node searching algorithm are the filtration sections based on BFS Point search algorithm, according to the width first traversal in network based on figure, searches for all arrival targets from malicious traffic stream source point The path of node, subsequently according to the distance of node and source, node type and state carry calculation power in each paths Weight, used as filter node, last amalgamation result obtains the filter node closest to malicious traffic stream source to one node of reselection.
Malicious traffic stream filter method in aforesaid Autonomous Domain, the filter node searching algorithm based on BFS, including single source Single goal filter node searching algorithm and multi-source multi-target filter node searching algorithm, single source single goal filter node search Algorithm is used for the situation of single malicious traffic stream source sequence in attacking single target node in network;
The multi-source multi-target filter node searching algorithm is used for multiple malicious traffic stream sources in network and zeals section The situation of point.
Malicious traffic stream filtration system in a kind of Autonomous Domain, it is characterised in that:Based on Controller-Agent patterns it is System framework is intracardiac built-up in the controlling, including
Information collection module, the network information and node status information of Real-time Collection current network interior joint equipment, and root Global unified real time information view is generated according to the information;
Filtering policy model construction module, based on abnormality processing Exception-Handler Policy model, builds and filters plan Omit model;
Instantiation module, according to the type of filter node in malicious traffic stream type and network, instantiation filtering policy model;
Filtering policy is disposed and performing module, the filtering policy model of Case-based Reasoning, using filter node searching algorithm, The filtering policy model of the instantiation is deployed in the filter node of network, the filtration to malicious traffic stream is realized,
The control centre is by its internal information collection module, filtering policy model construction module, instantiation module, mistake Filter policy deployment and performing module form self feed back closed loop control entirety.
Malicious traffic stream filtration system in aforesaid Autonomous Domain, filtering policy deployment and filtration of the performing module to malicious traffic stream After the completion of, filter result is fed back to into control centre.
Malicious traffic stream filtration system in aforesaid Autonomous Domain, the information collection agent portion of information collection module in control centre It is deployed on current network interior joint equipment, the network information of described information Collection agent acquisition node equipment and node state are believed Breath, and it is supplied to control centre;The network information of node device and node status information are generated global unification by control centre Real time information view.
Malicious traffic stream filtration system in aforesaid Autonomous Domain, based on abnormality processing Exception-Handler Policy model, Filtering policy model is built, is the mapping relations according to malicious traffic stream type and filtering rule, and the type of combined filtering node The filtering policy of formulation.
Malicious traffic stream filtration system in aforesaid Autonomous Domain, according to malicious traffic stream type and the mapping relations of filtering rule, And the process of the filtering policy of the type formulation of combined filtering node is,
(1) control centre is abstract for Exception according to the malicious traffic stream Type Concretization for specifically detecting, according to filtration The corresponding Handler of node type instantiation of node, and corresponding filtration is generated for the corresponding Handler of Exception Rule;
(2) when same Exception has different Handler, using OO stratification inheritance mechanism, Exception is organized by inheritance with each Handler;
(3) if there is new malicious traffic stream type, control centre takes out new Exception and corresponding Handler, So as to ensure the extensibility of filtering policy.
Malicious traffic stream filtration system in aforesaid Autonomous Domain, the filter node searching algorithm are closest by calculating discovery The filter node in malicious traffic stream source, control centre perform agency to disposing corresponding filtration plan on the filter node by filtering Slightly, filtering fallacious flow.
Malicious traffic stream filtration system in aforesaid Autonomous Domain, the filter node searching algorithm are the filtration sections based on BFS Point search algorithm, according to the width first traversal in network based on figure, searches for all arrival targets from malicious traffic stream source point The path of node, subsequently according to the distance of node and source, node type and state carry calculation power in each paths Weight, used as filter node, last amalgamation result obtains the filter node closest to malicious traffic stream source to one node of reselection.
Malicious traffic stream filtration system in aforesaid Autonomous Domain, the filter node searching algorithm based on BFS, including single source Single goal filter node searching algorithm and multi-source multi-target filter node searching algorithm, single source single goal filter node search Algorithm is used for the situation of single malicious traffic stream source sequence in attacking single target node in network;The multi-source multi-target filter node search Algorithm is used for multiple malicious traffic stream sources in network and zeals the situation of node.
The invention has the beneficial effects as follows:Malicious traffic stream filter method and its implementation in the Autonomous Domain of the present invention, are based on Controller-Agent modular systems framework intracardiac structure in the controlling, wherein, control centre is by SDN system Controller is served as, and has advantages below,
(1) can natural the filtering for malicious traffic stream of effectively utilizes control centre the overall situation is provided be uniformly controlled ability, reality The detection and filtering policy deployment of existing malicious traffic stream, and filtering policy is performed by filtering execution agency;
(2) OO layer reasonably make use of based on the foundation of the filtering policy model of Exception-Handler Secondaryization inheritance mechanism so that Exception and Handler can be organized by inheritance, once there is new malicious stream Amount type, updates new Exception and corresponding Handler, so as to ensure motility and the extensibility of filtering policy;
(3) filter node searching algorithm is based on, obtains the filter node closest to malicious traffic stream source, its time complexity can It is considered as space complexity and can be considered O (n), algorithm is cut based on the side of figure (time complexity is mostly O (n with traditional2)) for, There is certain advantage in its time complexity, there is provided the search efficiency of filter node;
(4) control centre is by its internal information collection module, filtering policy model construction module, instantiation module, mistake Filter policy deployment and performing module form self feed back closed loop control entirety, it is ensured that the filtration system possesses good completeness.
Description of the drawings
Fig. 1 is the flow chart of malicious traffic stream filter method in the Autonomous Domain of the present invention.
Fig. 2 is the schematic diagram of Exception-Handler filtering policy model one embodiment of the present invention.
Fig. 3 is the schematic diagram that one embodiment is inherited in the xception stratification of the present invention.
Fig. 4 is the schematic diagram of one embodiment of the control centre of the present invention.
Fig. 5 is the schematic diagram of one embodiment that the malicious traffic stream of the present invention is filtered.
Fig. 6 is the system block diagram of malicious traffic stream filtration system in the Autonomous Domain of the present invention.
Specific embodiment
Below in conjunction with Figure of description, the present invention is further illustrated.
Malicious traffic stream filter method in the Autonomous Domain of the present invention, based on Controller-Agent (controller-agency) mould The system framework of formula, wherein, control centre is served as by the Controlle in SDN system, can solve the problem that tradition based on wide area There is protective capability in terms of the malicious traffic stream in domain is taken precautions against in network boundary router, the strobe utility of server end fire wall Difference, low filtering rule motility, deployment and the deficiency such as maintenance costs are big, can realize the effective mistake to malicious traffic stream in a network On the premise of filter, there is greater advantage in terms of protection domain, motility, extensibility, as shown in figure 1, the autonomy of the present invention Malicious traffic stream filter method in domain, comprises the following steps,
Step (A), the network information and node status information of Real-time Collection current network interior joint equipment, and according to the letter Breath generates global unified real time information view;
Step (B), based on abnormality processing Exception-Handler Policy model, builds filtering policy model;
Step (C), according to the type of filter node in malicious traffic stream type and network, instantiation filtering policy model;
Step (D), the filtering policy model of Case-based Reasoning, using filter node searching algorithm, by the mistake of the instantiation Filter Policy model is deployed in the filter node of network, realizes the filtration to malicious traffic stream.
Also include step (E), to the filtration of malicious traffic stream after the completion of, filter result is fed back to into control centre.
Information collection agent (Report Agent) in control centre is deployed on current network interior joint equipment, described The network information and node status information of information collection agent acquisition node equipment, and it is supplied to control centre;Control centre will The network information of node device and node status information generate global unified real time information view, and the real time information view is The network information of node device and node status information are generated into global unified real time information view using control centre.
The filtering policy model is generated according to Exception-Handler Policy models, Exception- One embodiment of Handler Policy models, as shown in Fig. 2 according to malicious traffic stream type and the mapping relations of filtering rule, and tie The filtering policy that the type of filter node is formulated is closed, detailed process is,
(1) control centre is abstract for Exception according to the malicious traffic stream Type Concretization for specifically detecting, according to filtration The corresponding Handler of node type instantiation of node, and corresponding filtration is generated for the corresponding Handler of Exception Rule;
(2) when same Exception has different Handler, using OO stratification inheritance mechanism, Exception is organized by inheritance with each Handler, an enforcement of OO stratification inheritance mechanism Example, as shown in Figure 3;
(3) if there is new malicious traffic stream type, control centre takes out new Exception and corresponding Handler, So as to ensure the extensibility of filtering policy, so as to get filtering policy model, after new malicious traffic stream type is needed, flexibly Property it is strong, be easy to extension.
The control centre judges whether malice by the unified real time information view of malicious traffic stream detection algorithm detection Flow, if finding malicious traffic stream, obtains the quantity of type, source position, quantity and the target of attack of malicious traffic stream;According to evil The quantity of the source position, quantity and target of attack of meaning flow, filter node searching algorithm find closest evil by calculating The filter node of meaning traffic sources, control centre perform agency (Execute Agent) to disposing on the filter node by filtering Corresponding filtering policy, filtering fallacious flow, the filter node searching algorithm are the filter node searching algorithms based on BFS, According to the width first traversal in network based on figure, from all paths for reaching destination node of malicious traffic stream source point search, Subsequently according to the distance of node and source, node type and state carry calculation weight, reselection one in each paths Used as filter node, last amalgamation result obtains the filter node closest to malicious traffic stream source to individual node.
The filter node searching algorithm based on BFS is more including single source single goal filter node searching algorithm and multi-source Goal filtering nodal search algorithm, single source single goal filter node searching algorithm are used for single malicious traffic stream source in network and attack Hit the situation of single target node;The multi-source multi-target filter node searching algorithm is used for network (can be powerline network) In multiple malicious traffic stream sources zeal the situation of node,
Single source single goal filter node searching algorithm realizes that process is as follows:
The multi-source multi-target filter node searching algorithm, multiple source points or destination node are merged, and are allowed to convert For the situation of single source single goal, process is implemented as follows:
As shown in fig. 6, malicious traffic stream filtration system in the Autonomous Domain of the present invention, it is characterised in that:Based on Controller- The system framework of Agent patterns is intracardiac built-up in the controlling, including
Information collection module, the network information and node status information of Real-time Collection current network interior joint equipment, and root Global unified real time information view is generated according to the information;
Filtering policy model construction module, based on abnormality processing Exception-Handler Policy model, builds and filters plan Omit model;
Instantiation module, according to the type of filter node in malicious traffic stream type and network, instantiation filtering policy model;
Filtering policy is disposed and performing module, the filtering policy model of Case-based Reasoning, using filter node searching algorithm, The filtering policy model of the instantiation is deployed in the filter node of network, the filtration to malicious traffic stream is realized,
The control centre is by its internal information collection module, filtering policy model construction module, instantiation module, mistake Filter policy deployment and performing module form self feed back closed loop control entirety.
After the completion of the filtering policy deployment and performing module are to the filtration of malicious traffic stream, filter result is fed back to into control Center.
Ultimate principle, principal character and the advantage of the present invention has been shown and described above.The technical staff of the industry should Understand, the present invention is not restricted to the described embodiments, the original for simply illustrating the present invention described in above-described embodiment and description Reason, without departing from the spirit and scope of the present invention, the present invention also has various changes and modifications, these changes and improvements Both fall within scope of the claimed invention.The claimed scope of the invention is by appending claims and its equivalent circle. It is fixed.

Claims (16)

1. malicious traffic stream filter method in a kind of Autonomous Domain, it is characterised in that:The step of the method includes,
The network information and node status information of Real-time Collection current network interior joint equipment, and global system is generated according to the information One real time information view;
Based on abnormality processing Exception-Handler Policy model, filtering policy model is built;
According to the type of filter node in malicious traffic stream type and network, instantiation filtering policy model;
The filtering policy model of Case-based Reasoning, using filter node searching algorithm, by the filtering policy mold portion of the instantiation Affix one's name in the filter node of network, realize the filtration to malicious traffic stream.
2. malicious traffic stream filter method in Autonomous Domain according to claim 1, it is characterised in that:The step of the method, enters one Step includes:The result that malicious traffic stream is filtered is fed back and stored.
3. malicious traffic stream filter method in Autonomous Domain according to claim 1, it is characterised in that:The net of the node device Network information and node status information are by the information collection agent in control centre is deployed in current network interior joint equipment On, using the network information and node status information of described information Collection agent acquisition node equipment, and it is supplied to control centre;
The real time information view is that the network information of node device and node status information are generated the overall situation using control centre Unified real time information view.
4. malicious traffic stream filter method in Autonomous Domain according to claim 1, it is characterised in that:Based on abnormality processing Exception-Handler Policy models, build filtering policy model, are the mappings according to malicious traffic stream type and filtering rule Relation, and the filtering policy that the type of combined filtering node is formulated.
5. malicious traffic stream filter method in Autonomous Domain according to claim 4, it is characterised in that:According to malicious traffic stream type With the mapping relations of filtering rule, and the process of filtering policy that the type of combined filtering node is formulated includes:
(1) control centre is abstract for Exception according to the malicious traffic stream Type Concretization for specifically detecting, according to filter node The corresponding Handler of node type instantiation, and generate corresponding filtering rule for the corresponding Handler of Exception;
(2) when same Exception has different Handler, using OO stratification inheritance mechanism, will Exception is organized by inheritance with each Handler;
(3) if there is new malicious traffic stream type, control centre takes out new Exception and corresponding Handler, so as to Ensure the extensibility of filtering policy.
6. malicious traffic stream filter method in Autonomous Domain according to claim 1, it is characterised in that:The filter node search Algorithm is by calculating the filter node found closest to malicious traffic stream source, and disposes corresponding filtration plan on the filter node Slightly, filtering fallacious flow.
7. malicious traffic stream filter method in Autonomous Domain according to claim 6, it is characterised in that:The filter node search Algorithm is the filter node searching algorithm based on BFS, according to the width first traversal in network based on figure, from malicious traffic stream source point The all paths for reaching destination node of search of setting out, subsequently according to the distance of node and source, node class in each paths Type and state carry calculation weight, used as filter node, last amalgamation result is obtained closest to malice one node of reselection The filter node of traffic sources.
8. malicious traffic stream filter method in Autonomous Domain according to claim 7, it is characterised in that:The mistake based on BFS Filter nodal search algorithm, including single source single goal filter node searching algorithm and multi-source multi-target filter node searching algorithm, institute Stating single source single goal filter node searching algorithm is used for the situation of single malicious traffic stream source sequence in attacking single target node in network;
The multi-source multi-target filter node searching algorithm is used for multiple malicious traffic stream sources in network and zeals node Situation.
9. malicious traffic stream filtration system in a kind of Autonomous Domain, it is characterised in that:System based on Controller-Agent patterns Framework is intracardiac built-up in the controlling, including
Information collection module, the network information and node status information of Real-time Collection current network interior joint equipment, and according to this Information generates global unified real time information view;
Filtering policy model construction module, based on abnormality processing Exception-Handler Policy model, builds filtering policy mould Type;
Instantiation module, according to the type of filter node in malicious traffic stream type and network, instantiation filtering policy model;
Filtering policy is disposed and performing module, the filtering policy model of Case-based Reasoning, using filter node searching algorithm, should The filtering policy model of instantiation is deployed in the filter node of network, realizes the filtration to malicious traffic stream,
The control centre by its internal information collection module, filtering policy model construction module, instantiation module, filter plan Slightly deployment and performing module form self feed back closed loop control entirety.
10. malicious traffic stream filtration system in Autonomous Domain according to claim 9, it is characterised in that:Filtering policy dispose and After the completion of performing module is to the filtration of malicious traffic stream, filter result is fed back to into control centre.
Malicious traffic stream filtration system in 11. Autonomous Domains according to claim 9, it is characterised in that:Information in control centre The information collection agent of collection module is deployed on current network interior joint equipment, described information Collection agent acquisition node equipment The network information and node status information, and be supplied to control centre;Control centre is by the network information of node device and node Status information generates global unified real time information view.
Malicious traffic stream filtration system in 12. Autonomous Domains according to claim 9, it is characterised in that:Based on abnormality processing Exception-Handler Policy models, build filtering policy model, are the mappings according to malicious traffic stream type and filtering rule Relation, and the filtering policy that the type of combined filtering node is formulated.
Malicious traffic stream filtration system in 13. Autonomous Domains according to claim 12, it is characterised in that:According to malicious traffic stream class The mapping relations of type and filtering rule, and the process of filtering policy that the type of combined filtering node is formulated is,
(1) control centre is abstract for Exception according to the malicious traffic stream Type Concretization for specifically detecting, according to filter node The corresponding Handler of node type instantiation, and generate corresponding filtering rule for the corresponding Handler of Exception;
(2) when same Exception has different Handler, using OO stratification inheritance mechanism, will Exception is organized by inheritance with each Handler;
(3) if there is new malicious traffic stream type, control centre takes out new Exception and corresponding Handler, so as to Ensure the extensibility of filtering policy.
Malicious traffic stream filtration system in 14. Autonomous Domains according to claim 9, it is characterised in that:The filter node is searched Rope algorithm performs agency to the filtration by calculating the filter node found closest to malicious traffic stream source, control centre by filtering Corresponding filtering policy, filtering fallacious flow is disposed on node.
Malicious traffic stream filtration system in 15. Autonomous Domains according to claim 14, it is characterised in that:The filter node is searched Rope algorithm is the filter node searching algorithm based on BFS, according to the width first traversal in network based on figure, from malicious traffic stream source Point sets out and searches for all paths for reaching destination node, subsequently according to the distance of node and source, node in each paths Type and state carry calculation weight, used as filter node, last amalgamation result is obtained closest to evil one node of reselection The filter node of meaning traffic sources.
Malicious traffic stream filtration system in 16. Autonomous Domains according to claim 15, it is characterised in that:It is described based on BFS's Filter node searching algorithm, including single source single goal filter node searching algorithm and multi-source multi-target filter node searching algorithm, Single source single goal filter node searching algorithm is used for the situation of single malicious traffic stream source sequence in attacking single target node in network; The multi-source multi-target filter node searching algorithm is used for multiple malicious traffic stream sources in network and zeals the situation of node.
CN201611199382.0A 2016-12-22 2016-12-22 Method and system for filtering malicious traffic in autonomous domain Pending CN106534197A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611199382.0A CN106534197A (en) 2016-12-22 2016-12-22 Method and system for filtering malicious traffic in autonomous domain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611199382.0A CN106534197A (en) 2016-12-22 2016-12-22 Method and system for filtering malicious traffic in autonomous domain

Publications (1)

Publication Number Publication Date
CN106534197A true CN106534197A (en) 2017-03-22

Family

ID=58341293

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611199382.0A Pending CN106534197A (en) 2016-12-22 2016-12-22 Method and system for filtering malicious traffic in autonomous domain

Country Status (1)

Country Link
CN (1) CN106534197A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110196833A (en) * 2018-03-22 2019-09-03 腾讯科技(深圳)有限公司 Searching method, device, terminal and the storage medium of application program

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102916840A (en) * 2012-10-30 2013-02-06 东南大学 Method for controlling centralized resources in domain
US20140331280A1 (en) * 2012-05-22 2014-11-06 Sri International Network Privilege Manager for a Dynamically Programmable Computer Network
CN104539594A (en) * 2014-12-17 2015-04-22 南京晓庄学院 SDN (software defined network) framework, system and working method combining DDoS (distributed denial of service) threat filtering and routing optimization
CN106060015A (en) * 2016-05-18 2016-10-26 深圳信息职业技术学院 IP source address verification method based on SDN

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140331280A1 (en) * 2012-05-22 2014-11-06 Sri International Network Privilege Manager for a Dynamically Programmable Computer Network
CN102916840A (en) * 2012-10-30 2013-02-06 东南大学 Method for controlling centralized resources in domain
CN104539594A (en) * 2014-12-17 2015-04-22 南京晓庄学院 SDN (software defined network) framework, system and working method combining DDoS (distributed denial of service) threat filtering and routing optimization
CN106060015A (en) * 2016-05-18 2016-10-26 深圳信息职业技术学院 IP source address verification method based on SDN

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
吴帅: "《一种基于SDN的自治域内恶意流量过滤机制》", 《中国科技论文在线》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110196833A (en) * 2018-03-22 2019-09-03 腾讯科技(深圳)有限公司 Searching method, device, terminal and the storage medium of application program

Similar Documents

Publication Publication Date Title
Xiao et al. Deep-q: Traffic-driven qos inference using deep generative network
CN107683597A (en) Network behavior data collection and analysis for abnormality detection
CN102801738B (en) Distributed DoS (Denial of Service) detection method and system on basis of summary matrices
CN108900541A (en) One kind being directed to cloud data center SDN Security Situation Awareness Systems and method
CN106330602A (en) Method and system for monitoring cloud computing virtual tenant network
CN104506507A (en) Honey net safeguard system and honey net safeguard method for SDN (self-defending network)
CN108040055A (en) A kind of fire wall combined strategy and safety of cloud service protection
CN108011894A (en) Botnet detecting system and method under a kind of software defined network
CN104601482A (en) Traffic cleaning method and device
CN114531273B (en) Method for defending distributed denial of service attack of industrial network system
Dayal et al. An RBF-PSO based approach for early detection of DDoS attacks in SDN
CN113271318B (en) Network threat perception system and method
CN110099046A (en) Network hopping method and system of super-convergence server
Wang et al. Source-based defense against DDoS attacks in SDN based on sFlow and SOM
Zaman et al. Lightweight IDS based on features selection and IDS classification scheme
Sahu et al. Design of next-generation cyber-physical energy management systems: Monitoring to mitigation
CN106534197A (en) Method and system for filtering malicious traffic in autonomous domain
Peng et al. ADVICE: Towards adaptive scheduling for data collection and DDoS detection in SDN
Wang et al. Abnormal traffic detection system in SDN based on deep learning hybrid models
Hu et al. Topology optimization for urban traffic sensor network
Malikovich et al. Method of constucting packet filtering rules
Zou et al. An identification decision tree learning model for self-management in virtual radio access network: IDTLM
CN105610787B (en) A kind of Network Traffic Monitoring System based on SDN
Crooks et al. Operational security, threat intelligence & distributed computing: the WLCG Security Operations Center Working Group
Xie et al. An approach for network function combination based on least busy placement algorithm

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170322

RJ01 Rejection of invention patent application after publication