CN106534197A - Method and system for filtering malicious traffic in autonomous domain - Google Patents
Method and system for filtering malicious traffic in autonomous domain Download PDFInfo
- Publication number
- CN106534197A CN106534197A CN201611199382.0A CN201611199382A CN106534197A CN 106534197 A CN106534197 A CN 106534197A CN 201611199382 A CN201611199382 A CN 201611199382A CN 106534197 A CN106534197 A CN 106534197A
- Authority
- CN
- China
- Prior art keywords
- node
- malicious traffic
- traffic stream
- filter
- filtering
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method and system for filtering malicious traffic in an autonomous domain. The method comprises the following steps of acquiring network information and node state information of node equipment in a current network in real time, and generating a global unified real-time information view according to the information; constructing a filtering strategy module based on an Exception-Handler strategy module; instantiating the filtering strategy module according to the type of the malicious traffic and the type of a filter node in the network; and based on the instantiated filtering strategy module, using a filter node search algorithm to deploy the instantiated filtering strategy module to the filter node of the network to realize the filtering of the malicious traffic. The method for filtering the malicious traffic in the autonomous domain provided by the invention has greater advantages in the aspects of scope of protection, flexibility and expandability on the premise of realizing effective filtering of the malicious traffic in the network, and has a good application prospect.
Description
Technical field
The present invention relates to technical field of the computer network, and in particular in a kind of Autonomous Domain malicious traffic stream filter method and its
Implementation method.
Background technology
With developing rapidly for the sector applications such as network technology and intelligent grid, for big with power telecom network as representative
For scale complexity Autonomous Domain network, by virus in domain, the malicious traffic stream that anthelmintic and spam are produced, the mistake of management personnel
Configuration or attack of the Malware to server, it will make each node in domain consume the huge network bandwidth, network is caused
Huge pressure, certainly will influence whether the real-time of power grid control and the stability of operation of power networks.For this present situation, how structure
A treatment mechanism that can effectively filter malicious traffic stream in domain is built, is a current network research important topic of interest.
At present, traditional safe practice can be by network edge router (Edge Router) or key service
The malicious traffic stream that the method such as configurating filtered strategy is come on screen on the fire wall of front end deployment, work is concentrated mainly on following
Several aspects:1) prevention (Attack Prevention) is attacked, and the thinking is directed generally to realistic objective be produced in malicious traffic stream
Before raw impact, in key node (such as Autonomous Domain fringe node) the deployment filtering policy of network;2) bottleneck management
(Bottleneck Resource Management), the thinking thinks, malicious traffic stream to the harm of bottleneck in network most
For serious, they are most easily attacked by malicious traffic stream and are expended totally;3) reply (Attack Reaction) is attacked, it is main to think
Road is the source as close possible to malicious traffic stream, malicious traffic stream is carried out at the intermediate path node of network or flow source
Filter.All it is to think deeply how filtering fallacious flow under whole Wide Area Network System Framework in terms of three above, but great majority
Scheme is complex, and can not process the malicious traffic stream in from domain, and, implement more to be stranded in the range of Wide Area Network
Difficulty, needs to dispose specific equipment (such as fire wall or router) in whole network to support specific communication information, or even needs
Want specific network architecture etc.;Simultaneously above-mentioned method itself can not eliminate malicious traffic stream, therefore, malicious traffic stream is to other nets
The pressure of network node is yet suffered from;Finally configure these rules and lack extensibility, need engineer, deployment, therefore, it is impossible to
The malicious traffic stream attack type for emerging in an endless stream is tackled flexibly.
By the problem of foregoing description, as the current network architecture does not adapt to the demand for development of network, therefore, having must
Consider to solve this key issue under next generation network framework.Different from legacy network, software defined network
(Software-Defined Networking, SDN) is initially proposed by Clean Slate project team of Stanford University, according to
Based on the research work such as SANE, Ethane, using OpenFlow technologies, extended accordingly.It is using concentration control in domain
The principle of system, network central control logical AND network data transmission is separated, and control logic focused on controller, natural for disliking
Meaning traffic filtering mechanism is uniformly controlled ability there is provided global.Meanwhile, the network model can also have in the range of Autonomous Domain
Effect ground obtains each node related information in domain, how finds that malicious traffic stream provides solid Information base for control node detection
Using SDN, realize that what malicious traffic stream in Autonomous Domain filtered implements, be current urgent problem.
The content of the invention
The purpose of the present invention be overcome prior art in cannot realize problem that malicious traffic stream in Autonomous Domain is filtered.The present invention
Autonomous Domain in malicious traffic stream filter method and system, compared with traditional malicious traffic stream strobe utility, can be real in a network
Now to effective filtration of malicious traffic stream on the premise of, have greater advantage in terms of protection domain, motility, extensibility, have
There is good application prospect.
In order to achieve the above object, the technical solution adopted in the present invention is:
Include the step of malicious traffic stream filter method, the method in a kind of Autonomous Domain,
The network information and node status information of Real-time Collection current network interior joint equipment, and generated according to the information complete
The unified real time information view of office;
Based on abnormality processing Exception-Handler Policy model, filtering policy model is built;
According to the type of filter node in malicious traffic stream type and network, instantiation filtering policy model;
The filtering policy model of Case-based Reasoning, using filter node searching algorithm, by the filtering policy mould of the instantiation
Type is deployed in the filter node of network, realizes the filtration to malicious traffic stream.
Malicious traffic stream filter method in aforesaid Autonomous Domain, it is characterised in that:The step of the method, further includes:To dislike
The result of meaning traffic filtering is fed back and is stored.
Malicious traffic stream filter method in aforesaid Autonomous Domain, the network information and node status information of the node device are
By the information collection agent in control centre is deployed on current network interior joint equipment, using described information Collection agent
The network information and node status information of acquisition node equipment, and it is supplied to control centre;
The real time information view is generated the network information of node device and node status information using control centre
Global unified real time information view.
Malicious traffic stream filter method in aforesaid Autonomous Domain, based on abnormality processing Exception-Handler Policy model,
Filtering policy model is built, is the mapping relations according to malicious traffic stream type and filtering rule, and the type of combined filtering node
The filtering policy of formulation.
Malicious traffic stream filter method in aforesaid Autonomous Domain, according to malicious traffic stream type and the mapping relations of filtering rule,
And the process of the filtering policy of the type formulation of combined filtering node includes:
(1) control centre is abstract for Exception according to the malicious traffic stream Type Concretization for specifically detecting, according to filtration
The corresponding Handler of node type instantiation of node, and corresponding filtration is generated for the corresponding Handler of Exception
Rule;
(2) when same Exception has different Handler, using OO stratification inheritance mechanism,
Exception is organized by inheritance with each Handler;
(3) if there is new malicious traffic stream type, control centre takes out new Exception and corresponding Handler,
So as to ensure the extensibility of filtering policy.
Malicious traffic stream filter method in aforesaid Autonomous Domain, the filter node searching algorithm are closest by calculating discovery
The filter node in malicious traffic stream source, and corresponding filtering policy is disposed on the filter node, filtering fallacious flow.
Malicious traffic stream filter method in aforesaid Autonomous Domain, the filter node searching algorithm are the filtration sections based on BFS
Point search algorithm, according to the width first traversal in network based on figure, searches for all arrival targets from malicious traffic stream source point
The path of node, subsequently according to the distance of node and source, node type and state carry calculation power in each paths
Weight, used as filter node, last amalgamation result obtains the filter node closest to malicious traffic stream source to one node of reselection.
Malicious traffic stream filter method in aforesaid Autonomous Domain, the filter node searching algorithm based on BFS, including single source
Single goal filter node searching algorithm and multi-source multi-target filter node searching algorithm, single source single goal filter node search
Algorithm is used for the situation of single malicious traffic stream source sequence in attacking single target node in network;
The multi-source multi-target filter node searching algorithm is used for multiple malicious traffic stream sources in network and zeals section
The situation of point.
Malicious traffic stream filtration system in a kind of Autonomous Domain, it is characterised in that:Based on Controller-Agent patterns it is
System framework is intracardiac built-up in the controlling, including
Information collection module, the network information and node status information of Real-time Collection current network interior joint equipment, and root
Global unified real time information view is generated according to the information;
Filtering policy model construction module, based on abnormality processing Exception-Handler Policy model, builds and filters plan
Omit model;
Instantiation module, according to the type of filter node in malicious traffic stream type and network, instantiation filtering policy model;
Filtering policy is disposed and performing module, the filtering policy model of Case-based Reasoning, using filter node searching algorithm,
The filtering policy model of the instantiation is deployed in the filter node of network, the filtration to malicious traffic stream is realized,
The control centre is by its internal information collection module, filtering policy model construction module, instantiation module, mistake
Filter policy deployment and performing module form self feed back closed loop control entirety.
Malicious traffic stream filtration system in aforesaid Autonomous Domain, filtering policy deployment and filtration of the performing module to malicious traffic stream
After the completion of, filter result is fed back to into control centre.
Malicious traffic stream filtration system in aforesaid Autonomous Domain, the information collection agent portion of information collection module in control centre
It is deployed on current network interior joint equipment, the network information of described information Collection agent acquisition node equipment and node state are believed
Breath, and it is supplied to control centre;The network information of node device and node status information are generated global unification by control centre
Real time information view.
Malicious traffic stream filtration system in aforesaid Autonomous Domain, based on abnormality processing Exception-Handler Policy model,
Filtering policy model is built, is the mapping relations according to malicious traffic stream type and filtering rule, and the type of combined filtering node
The filtering policy of formulation.
Malicious traffic stream filtration system in aforesaid Autonomous Domain, according to malicious traffic stream type and the mapping relations of filtering rule,
And the process of the filtering policy of the type formulation of combined filtering node is,
(1) control centre is abstract for Exception according to the malicious traffic stream Type Concretization for specifically detecting, according to filtration
The corresponding Handler of node type instantiation of node, and corresponding filtration is generated for the corresponding Handler of Exception
Rule;
(2) when same Exception has different Handler, using OO stratification inheritance mechanism,
Exception is organized by inheritance with each Handler;
(3) if there is new malicious traffic stream type, control centre takes out new Exception and corresponding Handler,
So as to ensure the extensibility of filtering policy.
Malicious traffic stream filtration system in aforesaid Autonomous Domain, the filter node searching algorithm are closest by calculating discovery
The filter node in malicious traffic stream source, control centre perform agency to disposing corresponding filtration plan on the filter node by filtering
Slightly, filtering fallacious flow.
Malicious traffic stream filtration system in aforesaid Autonomous Domain, the filter node searching algorithm are the filtration sections based on BFS
Point search algorithm, according to the width first traversal in network based on figure, searches for all arrival targets from malicious traffic stream source point
The path of node, subsequently according to the distance of node and source, node type and state carry calculation power in each paths
Weight, used as filter node, last amalgamation result obtains the filter node closest to malicious traffic stream source to one node of reselection.
Malicious traffic stream filtration system in aforesaid Autonomous Domain, the filter node searching algorithm based on BFS, including single source
Single goal filter node searching algorithm and multi-source multi-target filter node searching algorithm, single source single goal filter node search
Algorithm is used for the situation of single malicious traffic stream source sequence in attacking single target node in network;The multi-source multi-target filter node search
Algorithm is used for multiple malicious traffic stream sources in network and zeals the situation of node.
The invention has the beneficial effects as follows:Malicious traffic stream filter method and its implementation in the Autonomous Domain of the present invention, are based on
Controller-Agent modular systems framework intracardiac structure in the controlling, wherein, control centre is by SDN system
Controller is served as, and has advantages below,
(1) can natural the filtering for malicious traffic stream of effectively utilizes control centre the overall situation is provided be uniformly controlled ability, reality
The detection and filtering policy deployment of existing malicious traffic stream, and filtering policy is performed by filtering execution agency;
(2) OO layer reasonably make use of based on the foundation of the filtering policy model of Exception-Handler
Secondaryization inheritance mechanism so that Exception and Handler can be organized by inheritance, once there is new malicious stream
Amount type, updates new Exception and corresponding Handler, so as to ensure motility and the extensibility of filtering policy;
(3) filter node searching algorithm is based on, obtains the filter node closest to malicious traffic stream source, its time complexity can
It is considered as space complexity and can be considered O (n), algorithm is cut based on the side of figure (time complexity is mostly O (n with traditional2)) for,
There is certain advantage in its time complexity, there is provided the search efficiency of filter node;
(4) control centre is by its internal information collection module, filtering policy model construction module, instantiation module, mistake
Filter policy deployment and performing module form self feed back closed loop control entirety, it is ensured that the filtration system possesses good completeness.
Description of the drawings
Fig. 1 is the flow chart of malicious traffic stream filter method in the Autonomous Domain of the present invention.
Fig. 2 is the schematic diagram of Exception-Handler filtering policy model one embodiment of the present invention.
Fig. 3 is the schematic diagram that one embodiment is inherited in the xception stratification of the present invention.
Fig. 4 is the schematic diagram of one embodiment of the control centre of the present invention.
Fig. 5 is the schematic diagram of one embodiment that the malicious traffic stream of the present invention is filtered.
Fig. 6 is the system block diagram of malicious traffic stream filtration system in the Autonomous Domain of the present invention.
Specific embodiment
Below in conjunction with Figure of description, the present invention is further illustrated.
Malicious traffic stream filter method in the Autonomous Domain of the present invention, based on Controller-Agent (controller-agency) mould
The system framework of formula, wherein, control centre is served as by the Controlle in SDN system, can solve the problem that tradition based on wide area
There is protective capability in terms of the malicious traffic stream in domain is taken precautions against in network boundary router, the strobe utility of server end fire wall
Difference, low filtering rule motility, deployment and the deficiency such as maintenance costs are big, can realize the effective mistake to malicious traffic stream in a network
On the premise of filter, there is greater advantage in terms of protection domain, motility, extensibility, as shown in figure 1, the autonomy of the present invention
Malicious traffic stream filter method in domain, comprises the following steps,
Step (A), the network information and node status information of Real-time Collection current network interior joint equipment, and according to the letter
Breath generates global unified real time information view;
Step (B), based on abnormality processing Exception-Handler Policy model, builds filtering policy model;
Step (C), according to the type of filter node in malicious traffic stream type and network, instantiation filtering policy model;
Step (D), the filtering policy model of Case-based Reasoning, using filter node searching algorithm, by the mistake of the instantiation
Filter Policy model is deployed in the filter node of network, realizes the filtration to malicious traffic stream.
Also include step (E), to the filtration of malicious traffic stream after the completion of, filter result is fed back to into control centre.
Information collection agent (Report Agent) in control centre is deployed on current network interior joint equipment, described
The network information and node status information of information collection agent acquisition node equipment, and it is supplied to control centre;Control centre will
The network information of node device and node status information generate global unified real time information view, and the real time information view is
The network information of node device and node status information are generated into global unified real time information view using control centre.
The filtering policy model is generated according to Exception-Handler Policy models, Exception-
One embodiment of Handler Policy models, as shown in Fig. 2 according to malicious traffic stream type and the mapping relations of filtering rule, and tie
The filtering policy that the type of filter node is formulated is closed, detailed process is,
(1) control centre is abstract for Exception according to the malicious traffic stream Type Concretization for specifically detecting, according to filtration
The corresponding Handler of node type instantiation of node, and corresponding filtration is generated for the corresponding Handler of Exception
Rule;
(2) when same Exception has different Handler, using OO stratification inheritance mechanism,
Exception is organized by inheritance with each Handler, an enforcement of OO stratification inheritance mechanism
Example, as shown in Figure 3;
(3) if there is new malicious traffic stream type, control centre takes out new Exception and corresponding Handler,
So as to ensure the extensibility of filtering policy, so as to get filtering policy model, after new malicious traffic stream type is needed, flexibly
Property it is strong, be easy to extension.
The control centre judges whether malice by the unified real time information view of malicious traffic stream detection algorithm detection
Flow, if finding malicious traffic stream, obtains the quantity of type, source position, quantity and the target of attack of malicious traffic stream;According to evil
The quantity of the source position, quantity and target of attack of meaning flow, filter node searching algorithm find closest evil by calculating
The filter node of meaning traffic sources, control centre perform agency (Execute Agent) to disposing on the filter node by filtering
Corresponding filtering policy, filtering fallacious flow, the filter node searching algorithm are the filter node searching algorithms based on BFS,
According to the width first traversal in network based on figure, from all paths for reaching destination node of malicious traffic stream source point search,
Subsequently according to the distance of node and source, node type and state carry calculation weight, reselection one in each paths
Used as filter node, last amalgamation result obtains the filter node closest to malicious traffic stream source to individual node.
The filter node searching algorithm based on BFS is more including single source single goal filter node searching algorithm and multi-source
Goal filtering nodal search algorithm, single source single goal filter node searching algorithm are used for single malicious traffic stream source in network and attack
Hit the situation of single target node;The multi-source multi-target filter node searching algorithm is used for network (can be powerline network)
In multiple malicious traffic stream sources zeal the situation of node,
Single source single goal filter node searching algorithm realizes that process is as follows:
The multi-source multi-target filter node searching algorithm, multiple source points or destination node are merged, and are allowed to convert
For the situation of single source single goal, process is implemented as follows:
As shown in fig. 6, malicious traffic stream filtration system in the Autonomous Domain of the present invention, it is characterised in that:Based on Controller-
The system framework of Agent patterns is intracardiac built-up in the controlling, including
Information collection module, the network information and node status information of Real-time Collection current network interior joint equipment, and root
Global unified real time information view is generated according to the information;
Filtering policy model construction module, based on abnormality processing Exception-Handler Policy model, builds and filters plan
Omit model;
Instantiation module, according to the type of filter node in malicious traffic stream type and network, instantiation filtering policy model;
Filtering policy is disposed and performing module, the filtering policy model of Case-based Reasoning, using filter node searching algorithm,
The filtering policy model of the instantiation is deployed in the filter node of network, the filtration to malicious traffic stream is realized,
The control centre is by its internal information collection module, filtering policy model construction module, instantiation module, mistake
Filter policy deployment and performing module form self feed back closed loop control entirety.
After the completion of the filtering policy deployment and performing module are to the filtration of malicious traffic stream, filter result is fed back to into control
Center.
Ultimate principle, principal character and the advantage of the present invention has been shown and described above.The technical staff of the industry should
Understand, the present invention is not restricted to the described embodiments, the original for simply illustrating the present invention described in above-described embodiment and description
Reason, without departing from the spirit and scope of the present invention, the present invention also has various changes and modifications, these changes and improvements
Both fall within scope of the claimed invention.The claimed scope of the invention is by appending claims and its equivalent circle.
It is fixed.
Claims (16)
1. malicious traffic stream filter method in a kind of Autonomous Domain, it is characterised in that:The step of the method includes,
The network information and node status information of Real-time Collection current network interior joint equipment, and global system is generated according to the information
One real time information view;
Based on abnormality processing Exception-Handler Policy model, filtering policy model is built;
According to the type of filter node in malicious traffic stream type and network, instantiation filtering policy model;
The filtering policy model of Case-based Reasoning, using filter node searching algorithm, by the filtering policy mold portion of the instantiation
Affix one's name in the filter node of network, realize the filtration to malicious traffic stream.
2. malicious traffic stream filter method in Autonomous Domain according to claim 1, it is characterised in that:The step of the method, enters one
Step includes:The result that malicious traffic stream is filtered is fed back and stored.
3. malicious traffic stream filter method in Autonomous Domain according to claim 1, it is characterised in that:The net of the node device
Network information and node status information are by the information collection agent in control centre is deployed in current network interior joint equipment
On, using the network information and node status information of described information Collection agent acquisition node equipment, and it is supplied to control centre;
The real time information view is that the network information of node device and node status information are generated the overall situation using control centre
Unified real time information view.
4. malicious traffic stream filter method in Autonomous Domain according to claim 1, it is characterised in that:Based on abnormality processing
Exception-Handler Policy models, build filtering policy model, are the mappings according to malicious traffic stream type and filtering rule
Relation, and the filtering policy that the type of combined filtering node is formulated.
5. malicious traffic stream filter method in Autonomous Domain according to claim 4, it is characterised in that:According to malicious traffic stream type
With the mapping relations of filtering rule, and the process of filtering policy that the type of combined filtering node is formulated includes:
(1) control centre is abstract for Exception according to the malicious traffic stream Type Concretization for specifically detecting, according to filter node
The corresponding Handler of node type instantiation, and generate corresponding filtering rule for the corresponding Handler of Exception;
(2) when same Exception has different Handler, using OO stratification inheritance mechanism, will
Exception is organized by inheritance with each Handler;
(3) if there is new malicious traffic stream type, control centre takes out new Exception and corresponding Handler, so as to
Ensure the extensibility of filtering policy.
6. malicious traffic stream filter method in Autonomous Domain according to claim 1, it is characterised in that:The filter node search
Algorithm is by calculating the filter node found closest to malicious traffic stream source, and disposes corresponding filtration plan on the filter node
Slightly, filtering fallacious flow.
7. malicious traffic stream filter method in Autonomous Domain according to claim 6, it is characterised in that:The filter node search
Algorithm is the filter node searching algorithm based on BFS, according to the width first traversal in network based on figure, from malicious traffic stream source point
The all paths for reaching destination node of search of setting out, subsequently according to the distance of node and source, node class in each paths
Type and state carry calculation weight, used as filter node, last amalgamation result is obtained closest to malice one node of reselection
The filter node of traffic sources.
8. malicious traffic stream filter method in Autonomous Domain according to claim 7, it is characterised in that:The mistake based on BFS
Filter nodal search algorithm, including single source single goal filter node searching algorithm and multi-source multi-target filter node searching algorithm, institute
Stating single source single goal filter node searching algorithm is used for the situation of single malicious traffic stream source sequence in attacking single target node in network;
The multi-source multi-target filter node searching algorithm is used for multiple malicious traffic stream sources in network and zeals node
Situation.
9. malicious traffic stream filtration system in a kind of Autonomous Domain, it is characterised in that:System based on Controller-Agent patterns
Framework is intracardiac built-up in the controlling, including
Information collection module, the network information and node status information of Real-time Collection current network interior joint equipment, and according to this
Information generates global unified real time information view;
Filtering policy model construction module, based on abnormality processing Exception-Handler Policy model, builds filtering policy mould
Type;
Instantiation module, according to the type of filter node in malicious traffic stream type and network, instantiation filtering policy model;
Filtering policy is disposed and performing module, the filtering policy model of Case-based Reasoning, using filter node searching algorithm, should
The filtering policy model of instantiation is deployed in the filter node of network, realizes the filtration to malicious traffic stream,
The control centre by its internal information collection module, filtering policy model construction module, instantiation module, filter plan
Slightly deployment and performing module form self feed back closed loop control entirety.
10. malicious traffic stream filtration system in Autonomous Domain according to claim 9, it is characterised in that:Filtering policy dispose and
After the completion of performing module is to the filtration of malicious traffic stream, filter result is fed back to into control centre.
Malicious traffic stream filtration system in 11. Autonomous Domains according to claim 9, it is characterised in that:Information in control centre
The information collection agent of collection module is deployed on current network interior joint equipment, described information Collection agent acquisition node equipment
The network information and node status information, and be supplied to control centre;Control centre is by the network information of node device and node
Status information generates global unified real time information view.
Malicious traffic stream filtration system in 12. Autonomous Domains according to claim 9, it is characterised in that:Based on abnormality processing
Exception-Handler Policy models, build filtering policy model, are the mappings according to malicious traffic stream type and filtering rule
Relation, and the filtering policy that the type of combined filtering node is formulated.
Malicious traffic stream filtration system in 13. Autonomous Domains according to claim 12, it is characterised in that:According to malicious traffic stream class
The mapping relations of type and filtering rule, and the process of filtering policy that the type of combined filtering node is formulated is,
(1) control centre is abstract for Exception according to the malicious traffic stream Type Concretization for specifically detecting, according to filter node
The corresponding Handler of node type instantiation, and generate corresponding filtering rule for the corresponding Handler of Exception;
(2) when same Exception has different Handler, using OO stratification inheritance mechanism, will
Exception is organized by inheritance with each Handler;
(3) if there is new malicious traffic stream type, control centre takes out new Exception and corresponding Handler, so as to
Ensure the extensibility of filtering policy.
Malicious traffic stream filtration system in 14. Autonomous Domains according to claim 9, it is characterised in that:The filter node is searched
Rope algorithm performs agency to the filtration by calculating the filter node found closest to malicious traffic stream source, control centre by filtering
Corresponding filtering policy, filtering fallacious flow is disposed on node.
Malicious traffic stream filtration system in 15. Autonomous Domains according to claim 14, it is characterised in that:The filter node is searched
Rope algorithm is the filter node searching algorithm based on BFS, according to the width first traversal in network based on figure, from malicious traffic stream source
Point sets out and searches for all paths for reaching destination node, subsequently according to the distance of node and source, node in each paths
Type and state carry calculation weight, used as filter node, last amalgamation result is obtained closest to evil one node of reselection
The filter node of meaning traffic sources.
Malicious traffic stream filtration system in 16. Autonomous Domains according to claim 15, it is characterised in that:It is described based on BFS's
Filter node searching algorithm, including single source single goal filter node searching algorithm and multi-source multi-target filter node searching algorithm,
Single source single goal filter node searching algorithm is used for the situation of single malicious traffic stream source sequence in attacking single target node in network;
The multi-source multi-target filter node searching algorithm is used for multiple malicious traffic stream sources in network and zeals the situation of node.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611199382.0A CN106534197A (en) | 2016-12-22 | 2016-12-22 | Method and system for filtering malicious traffic in autonomous domain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611199382.0A CN106534197A (en) | 2016-12-22 | 2016-12-22 | Method and system for filtering malicious traffic in autonomous domain |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106534197A true CN106534197A (en) | 2017-03-22 |
Family
ID=58341293
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611199382.0A Pending CN106534197A (en) | 2016-12-22 | 2016-12-22 | Method and system for filtering malicious traffic in autonomous domain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106534197A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110196833A (en) * | 2018-03-22 | 2019-09-03 | 腾讯科技(深圳)有限公司 | Searching method, device, terminal and the storage medium of application program |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102916840A (en) * | 2012-10-30 | 2013-02-06 | 东南大学 | Method for controlling centralized resources in domain |
US20140331280A1 (en) * | 2012-05-22 | 2014-11-06 | Sri International | Network Privilege Manager for a Dynamically Programmable Computer Network |
CN104539594A (en) * | 2014-12-17 | 2015-04-22 | 南京晓庄学院 | SDN (software defined network) framework, system and working method combining DDoS (distributed denial of service) threat filtering and routing optimization |
CN106060015A (en) * | 2016-05-18 | 2016-10-26 | 深圳信息职业技术学院 | IP source address verification method based on SDN |
-
2016
- 2016-12-22 CN CN201611199382.0A patent/CN106534197A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140331280A1 (en) * | 2012-05-22 | 2014-11-06 | Sri International | Network Privilege Manager for a Dynamically Programmable Computer Network |
CN102916840A (en) * | 2012-10-30 | 2013-02-06 | 东南大学 | Method for controlling centralized resources in domain |
CN104539594A (en) * | 2014-12-17 | 2015-04-22 | 南京晓庄学院 | SDN (software defined network) framework, system and working method combining DDoS (distributed denial of service) threat filtering and routing optimization |
CN106060015A (en) * | 2016-05-18 | 2016-10-26 | 深圳信息职业技术学院 | IP source address verification method based on SDN |
Non-Patent Citations (1)
Title |
---|
吴帅: "《一种基于SDN的自治域内恶意流量过滤机制》", 《中国科技论文在线》 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110196833A (en) * | 2018-03-22 | 2019-09-03 | 腾讯科技(深圳)有限公司 | Searching method, device, terminal and the storage medium of application program |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Xiao et al. | Deep-q: Traffic-driven qos inference using deep generative network | |
CN107683597A (en) | Network behavior data collection and analysis for abnormality detection | |
CN102801738B (en) | Distributed DoS (Denial of Service) detection method and system on basis of summary matrices | |
CN108900541A (en) | One kind being directed to cloud data center SDN Security Situation Awareness Systems and method | |
CN106330602A (en) | Method and system for monitoring cloud computing virtual tenant network | |
CN104506507A (en) | Honey net safeguard system and honey net safeguard method for SDN (self-defending network) | |
CN108040055A (en) | A kind of fire wall combined strategy and safety of cloud service protection | |
CN108011894A (en) | Botnet detecting system and method under a kind of software defined network | |
CN104601482A (en) | Traffic cleaning method and device | |
CN114531273B (en) | Method for defending distributed denial of service attack of industrial network system | |
Dayal et al. | An RBF-PSO based approach for early detection of DDoS attacks in SDN | |
CN113271318B (en) | Network threat perception system and method | |
CN110099046A (en) | Network hopping method and system of super-convergence server | |
Wang et al. | Source-based defense against DDoS attacks in SDN based on sFlow and SOM | |
Zaman et al. | Lightweight IDS based on features selection and IDS classification scheme | |
Sahu et al. | Design of next-generation cyber-physical energy management systems: Monitoring to mitigation | |
CN106534197A (en) | Method and system for filtering malicious traffic in autonomous domain | |
Peng et al. | ADVICE: Towards adaptive scheduling for data collection and DDoS detection in SDN | |
Wang et al. | Abnormal traffic detection system in SDN based on deep learning hybrid models | |
Hu et al. | Topology optimization for urban traffic sensor network | |
Malikovich et al. | Method of constucting packet filtering rules | |
Zou et al. | An identification decision tree learning model for self-management in virtual radio access network: IDTLM | |
CN105610787B (en) | A kind of Network Traffic Monitoring System based on SDN | |
Crooks et al. | Operational security, threat intelligence & distributed computing: the WLCG Security Operations Center Working Group | |
Xie et al. | An approach for network function combination based on least busy placement algorithm |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170322 |
|
RJ01 | Rejection of invention patent application after publication |