CN107070895A - A kind of data flow source tracing method based on SDN - Google Patents
A kind of data flow source tracing method based on SDN Download PDFInfo
- Publication number
- CN107070895A CN107070895A CN201710160267.0A CN201710160267A CN107070895A CN 107070895 A CN107070895 A CN 107070895A CN 201710160267 A CN201710160267 A CN 201710160267A CN 107070895 A CN107070895 A CN 107070895A
- Authority
- CN
- China
- Prior art keywords
- packet
- port
- path
- sdn
- flow
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/146—Tracing the source of attacks
Abstract
The present invention provides a kind of data flow source tracing method based on SDN, and its step includes:1) SDN switch carries out periodic sampling to specified field, obtains packet information Flow_ID and exchanger information, wherein exchanger information includes switch identification Switch_ID and data wrap into port input port;2) above-mentioned packet information Flow_ID and exchanger information are carried out being grouped the data set SA for obtaining each packet by Key of Flow_IDi, the data set of wherein subscript i mark different groupings;3) according to SDN network topology structure G to the above-mentioned data set SA being each groupediCarry out path analysis;4) path starting point is determined according to above-mentioned path analysis result, carries out reconstructing path, obtain the path of packet or data flow.This method is by realizing the reconstruct of packet or data flow path, so as to trace back to the source of attack source.
Description
Technical field
The present invention relates to computer network field, more particularly to a kind of data flow source tracing method based on SDN.
Background technology
Usually, want effectively to take precautions against the Denial of Service attack being on the rise, basic method is attack source to be found, from source
Contain the generation of attack on head, be it is maximally efficient be also most economical method.If being unable to seat offence source when under attack simultaneously
It is punished, attacker will be caused more to have nothing to fear.Thus, tracing technology is in cyber-defence system in occupation of very
Consequence.Increasing with the application of internet, the network crime increases severely with day, and tracing technology can be traced back to and attacked
Source is hit, foundation is provided for the legal liabilities of investigating attacker.And during existing tracing technology is theoretical, the side based on package identification
Method is, it is necessary to the identification information of passed by using limited packet header spatial registration each hop router or interchanger, in order to prevent puppet
Authentication information can be added by making identification information, and this will cause storage information required in the packet more, so as to must divide many
Individual packet store path information, then this packet resulted in the need for again convergence number is more.And for tracing to the source based on daily record
Method, then be the summary for needing to record each packet identification information on the router, is inquired about for response, it is clear that at a high speed
Under network environment, router memory space is limited.Also just like the method based on link test, then be ISP to be depended on and
Network topology, these are not easily accomplished in legacy network.
It is CN200810103996.3 to be related to the patent traced to the source at present, and the method that the patent is traced to the source is traced to the source by setting
Daily record, terminal unique mark is corresponding with the IP address of the terminal, and the corresponding relation is documented in the daily record of tracing to the source,
When enquiry module receives request of tracing to the source, so as to initiate operation of tracing to the source, terminal unique mark and the terminal in daily record will be recorded
IP address be mapped, but this method realize premise be that can accurately obtain the mark and its IP address of each terminal,
Under the premise of ensuring that information is correct, it is used for inquiry of tracing to the source in deposit daily record.It is difficult to ensure that can accurately obtain in legacy network
All terminals and the information of network are taken, therefore this method can not be applied to trace to the source to find attack source well.
The content of the invention
It is an object of the invention to provide a kind of data flow source tracing method based on SDN, this method can realize packet or
The reconstruct of data flow path, so as to trace back to the source of attack source.
To reach above-mentioned purpose, the technical solution adopted in the present invention is:
A kind of data flow source tracing method based on SDN, its step includes:
1) SDN switch carries out periodic sampling to specified field, obtains packet information Flow_ID and interchanger letter
Breath, wherein exchanger information include switch identification Switch_ID and data wrap into port input port;
2) above-mentioned packet information Flow_ID and exchanger information be grouped obtaining each point by Key of Flow_ID
The data set SA of groupi, the data set of wherein subscript i mark different groupings;
3) according to SDN network topology structure G to the above-mentioned data set SA being each groupediCarry out path analysis;
4) path starting point is determined according to above-mentioned path analysis result, carries out reconstructing path, obtain packet or data flow
Path.
Further, step 1) described in specified field is carried out periodic sampling refer to that controller is received should from upper strata
With the sampling rule issued, SDN switch is parsed and according to the word of the required sampling parsed to sampling rule
Section parameter carries out periodic sampling.
Further, the displacement of field and length in the packet of sampling required for the sampling rule refers to.
Further, step 1) described in packet information Flow_ID refer to be used for distinguish different pieces of information bag or data flow
Mark;The exchanger information refers to for each information for jumping SDN switch of record path.
Further, the Flow_ID of TCP data bag is IP, fragment offset, TCP sequence number
Field;The Flow_ID of UDP message stream is source IP, destination IP, source port, destination
Port and protocol five-tuples.
Further, step 2) in be grouped according to the feature of the packet reviewed or data flow.
Further, step 3) described in the network topology structure G Topology services (Topology Service) that pass through SDN
Module is obtained.
Further, step 3) described in the data set SA of each packetiPath analysis is carried out, is comprised the following steps:
A) SA is extractediMiddle SDN switch set SS, each SDN switch in SS is obtained using the network topology structure G
SSi port set SPn={ input port, Other Port } n, and SPn corresponding SSi is stored in Port Table
In (SDN switch port list);I in wherein SSi is for variable to mark different SDN switches, and input port are number
According to wrapping into port and being marked by sampled result, Other Port are remaining port;
B) its corresponding existing jump of packet inbound port composition of each SDN switch in Port Table is gathered
I in (Current Hop) CH={ SSi, input port }, wherein SSi for variable with mark different SDN switches and
SSi ∈ SS, input port ∈ SPn;
C) each single item CH in CH is takeniCorresponding Other Ports, go out from Other Ports each port successively
Hair finds the other end of connection as CHiCorresponding all possible next-hop (Next Hop) NHi, wherein CHiIn subscript i
The position that flag data bag is currently located, NHiIn the next position that will be transferred to of subscript i flag datas bag;
D) by CHiWith NHiCorresponding relation recorded in Path Fragment Table (path branches list), then
NHiElement duplicate removal is simultaneously integrated into next-hop set NH={ SSi, input port }, wherein SSi, input port ∈ G;
E) CH and NH union is taken as SAiAll paths may node set AH, i.e. AH=CH ∪ NH, wherein nodes
Measure as n, and | AH |=n, a n rank square formation A is built with AH, wherein with CH in Path Fragment TablepFor row, NHqFor
The element of row is entered as 0;CHpFor row, NHq1 is entered as capable element, and Path Fragment Table line number is n, its
Middle CHpSubscript p and NHqSubscript q show p rows q row and q rows p row.
Further, the other end described in step c) is if interchanger, then NHiBy Switch_ID and Input
Port is represented;The other end is if main frame, then MAC is as Switch_ID, and Input Port are null.
Further, step 4) described in path starting point is determined according to path analysis result, comprise the following steps:
F) in square formation A, as aij=(r, c)=0, transmitting procedure of the packet from r to c is represented;As aij=1,
Represent transmitting procedure of the packet from c to r;When all values are 0 in described a line, represent that all elements will all be escape to from r and reach
Different next-hops, and when all values are all 1 in a line, represent that all elements all reach r together from different upper hops;Work as
There was only 0 in one row element without 1, represent and there was only next-hop, without upper hop;Now r is SAiThe starting point of middle packet, and will
Starting point is designated as reference point s;
G) when reference point s value is 0, then in the element x that the row lookup value where s is 1;When reference point s value is 1
When, then in the element x that the row lookup value where s is 0;If in the presence of the x for the condition that meets, as new reference point s, then following
Ring performs step f), the x until can not find the condition of satisfaction, that is, end of tracing to the source.
The beneficial effects of the present invention are:The present invention provides a kind of data flow source tracing method based on SDN, and this method is first
To being sampled by the packet or data flow of SDN switch, then the sampled data to collection carries out reconstructing path analysis,
So that it is determined that attack source, the problem of overcoming the limited storage space of data packet head or router and be difficult to expand, utilize
The path of visualitys of the SDN to network, jointly constructs packet or data flow is sampled and combined to packet or data flow, so that
It is more objective more efficiently to realize that attack is traced to the source.
Brief description of the drawings
Fig. 1 is a kind of operational process schematic diagram of the data flow source tracing method based on SDN of the present invention;
Fig. 2 is a kind of particular flow sheet of the data flow source tracing method based on SDN of the present invention.
Fig. 3 is the subnetwork topological diagram under the Attack Scenarios R of one embodiment of the invention.
Wherein S1, S2, S3 and V are main frame, and SSB, SSC, SSD, SSE and SSF are SDN switch.
Fig. 4 is the SDN switch port list under the Attack Scenarios R of one embodiment of the invention.
Fig. 5 is the path branches list under the Attack Scenarios R of one embodiment of the invention.
Fig. 6 is the square formation A that builds under the Attack Scenarios R of one embodiment of the invention.
Embodiment
To enable the features described above and advantage of the present invention to become apparent, special embodiment below, and coordinate institute's accompanying drawing work
Describe in detail as follows.
The present invention provides a kind of data flow source tracing method based on SDN, its operational flow diagram as shown in figure 1, SDN first is handed over
Change planes and periodic sampling is carried out to specified field, sampled result is input to given server and waits pending.Described pair specifies
Field carries out periodic sampling and refers to that controller receives the sampling rule issued from upper layer application, and SDN switch is advised to the sampling
Then parsed and periodic sampling is carried out according to the field parameter of the required sampling parsed.The use rule refers to institute
Need the displacement of certain several field and length in the packet of sampling;It is 16 in packet original position, length is such as field A
8.The sampled result includes packet information and exchanger information, wherein the packet information Flow_ID refers to be used for area
Divide Flow_ID under the mark of different pieces of information bag or data flow, and different purposes to differ, such as distinguish each data of Transmission Control Protocol
The Flow_ID of bag is IP, fragment offset, TCP sequence number fields;Distinguish being designated for UDP message stream
Source IP, destination IP, source port, destination port and protocol five-tuples.It is described to hand over
Information of changing planes refers to for each information for jumping SDN switch of record path, and including switch identification Switch ID and data
Wrap into port input port.Exemplified by being sampled to UDP message stream, sampled result is as shown in table 1.
Table 1:UDP message stream sampled result
| SrcIP | DstIP | SrcPort | DstPort | Protocol | SwID | InPort |
Then above-mentioned sampled result is carried out by Key of Flow_ID being grouped the data set SA for obtaining each packeti, wherein
Subscript i marks the data set of different grouping, and the packet refers to the feature for the packet or data flow reviewed as needed
It is grouped;For example, it is desired to which what is reviewed is the data flow that source IP is a, or need review to be DNS class packets, according to institute
The feature for the data flow or packet reviewed is needed as packet foundation.
Finally, according to network topology structure G to the above-mentioned data set SA being each groupediPath analysis is carried out, and according to institute
State path analysis result and determine path starting point, carry out reconstructing path, obtain the path of packet or data flow.Wherein, the net
Network topological structure G is obtained by SDN Topology service module.
The inventive method is illustrated with a specific embodiment below.
Fig. 2 is refer to, the figure is a kind of particular flow sheet of the data flow source tracing method based on SDN of the present invention, its step
Including:
1) SDN switch carries out periodic sampling to specified field, obtains sampled result, i.e. packet information Flow_ID
And exchanger information;And above-mentioned sampled result is carried out by Key of Flow_ID to be grouped the data set SA for obtaining each packeti, its
Middle subscript i marks the data set of different grouping.
2) network topology structure G is obtained by SDN Topology service module, and arranges every according to network topology structure G
The SA of individual packeti, by SAiIn all switch identification Switch_ID to arrange be set SS, in combination with above-mentioned network topology
Structure G finish message goes out each SDN switch SSi port, and marks packet inbound port input with reference to sampled result
Port, is stored in Port Table, and the i in wherein SSi is variable to mark different SDN switches.For example, sampling is tied
Fruit is grouped according to Flow_ID, and the data set of every group of sampled result is designated as SAi, the data of wherein subscript i mark different groupings
Collection, as shown in figure 3, in Attack Scenarios R, latter of sampled result packet be sent to from S3 V data flow (right side solid line, wherein
S3 and V is main frame) a sampling set as SA.And to every group of SA in sampled resultiAll proceed as follows:
A) SA is extractediMiddle SDN switch set SS, each SDN switch SSi in SS is obtained using network topology structure G
Port set SPn={ input port, Other Ports } n, and the corresponding SPn of SSi are stored in Port Table
In;I in wherein SSi is variable to mark different SDN switches and SSi ∈ SS, input port is packet inbound ports
And marked by sampled result, Other Ports are remaining port.For example, the SDN switch port list under Attack Scenarios R
As shown in Figure 4.
B) by its corresponding existing jump set CH=of packet inbound port composition of each SDN switch in Port Table
I in { SSi, input port }, wherein SSi is variable to mark different SDN switches, input port ∈ SPn.Example
Such as, in Attack Scenarios R, CH={ SSF2, SSC3, SSE2, SSD2 }, wherein SSF2 represents SDN switch for SSF (herein
Variable i in SSi is F), packet inbound port is Port 2.
C) each single item CH in CH is takeniCorresponding Other Ports, go out from Other Ports each port successively
Hair finds the other end of connection as CHiCorresponding all possible next-hop NHi, wherein CHiIn subscript i flag data bags
The position being currently located, NHiIn the next position that will be transferred to of subscript i flag datas bag.If the other end is interchanger, NHi
Represented by Switch_ID and Input Port;It is using MAC as Switch_ID, Input Port if the other end is main frame
null.For example, in Attack Scenarios R, CH2For SSC3, its next-hop is possible to as NH3={ SSD2, SSE2 }.
D) by CHiWith NHiCorresponding relation recorded in Path Fragment Table, as shown in Figure 5.Then NHi
Element duplicate removal is simultaneously integrated into next-hop set NH={ SSi, input port }, wherein SSi, input port ∈ G.For example attack
NH={ SSC3, SSE2, SSD2, V } in scene R.
E) CH and NH union is taken as SAiAll paths may node set AH, i.e. AH=CH ∪ NH, wherein nodes
Measure as n, and | AH |=n.For example, in Attack Scenarios R, AH={ SSF2, SSC3, SSE2, SSD2, V }.One n is built with AH
Rank square formation A, wherein with CH in Path Fragment TablepFor row, NHq0 is entered as the element of row;With CHpFor row, NHq
1, i.e. formula (1) are entered as capable element, and wherein Path Fragment Table line number is n, and CHpSubscript p and NHq
Subscript q simply indicate that p rows q row and q rows p are arranged in relation between the two, such as Attack Scenarios R, CH2For SSC3, NH3For
SSD2, then (SSC3, SSD2)=0, simultaneously (SSD2, SSC3)=1.The square formation A built under Attack Scenarios R is as shown in Figure 6.
F) in square formation A, as aij=(r, c)=0, transmitting procedure of the packet from r to c is represented;As aij=1,
Represent transmitting procedure of the packet from c to r.Therefore, represent that all elements will all be escape to from r when all values are 0 in a line
Up to different next-hops, and represent that all elements all reach r together from different upper hops when all values are all 1 in a line value.
So, when a row element only has 0 without 1, represent and there was only next-hop, without upper hop, now r is SAiThe starting point of middle data flow,
And starting point is designated as reference point s.As shown in figure 3, the starting point in path is SSF2, i.e. s=SSF2 in Attack Scenarios R.
G) when reference point s value is 0, then in the element x that the row lookup value where s is 1;When reference point s value is 1
When, then in the element x that the row lookup value where s is 0.If in the presence of the x for the condition that meets, as new reference point s.Then
Circulation performs step f), until can not find x, that is, end of tracing to the source.As shown in fig. 6, using SSF2 as starting point, i.e. a41=(SSF2,
SSC3)=0, represent to reach SSC3 from SSF2;Then SSC3 row in find value be 1 element, i.e. a31=(SSE2,
SSC3) and a21=(SSD2, SSC3), represent path You Liangtiao branches, SSE2 is led in branch 1, and SSD2 is led in branch 2, with point
Exemplified by branch 1, a31=(SSE2, SSC3)=1 represents that packet reaches SSE2 from SSC3;Then value is found in SSE2 is expert at
For 0 element, i.e. (SSE2 v), represents that the destination of arrival is V, is not had in V columns finally from SSE2 to a35=
It is worth the element for 1, the process of tracing to the source of branch 1 terminates, the path of reconstruct is SSF2->SSC3->SSE2->V;Branch 2 can similarly be obtained
Final path be SSF2->SSC3->SSD2->V.
In summary, a kind of data flow source tracing method based on SDN that the present invention is provided is by SDN to the visual of network
Property, by sampling the purpose that the method realizing route in server analysis path is reconstructed.The method overcome data packet head or
The limited storage space of router and be difficult expand the problem of.
Implement to be merely illustrative of the technical solution of the present invention rather than be limited above, the ordinary skill people of this area
Member can modify or equivalent substitution to technical scheme, without departing from the spirit and scope of the present invention, this hair
Bright protection domain should be to be defined described in claims.
Claims (10)
1. a kind of data flow source tracing method based on SDN, its step includes:
1) SDN switch carries out periodic sampling to specified field, obtains packet information Flow_ID and exchanger information, its
Middle exchanger information includes switch identification Switch_ID and data wrap into port input port;
2) above-mentioned packet information Flow_ID and exchanger information be grouped obtaining each packet by Key of Flow_ID
Data set SAi, the data set of wherein subscript i mark different groupings;
3) according to SDN network topology structure G to the above-mentioned data set SA being each groupediCarry out path analysis;
4) path starting point is determined according to above-mentioned path analysis result, carries out reconstructing path, obtain the path of packet or data flow.
2. the method as described in claim 1, it is characterised in that step 1) described in periodic sampling carried out to specified field be
Refer to controller and receive the sampling rule issued from upper layer application, SDN switch is parsed and according to solution to sampling rule
The field parameter of the required sampling separated out carries out periodic sampling.
3. method as claimed in claim 2, it is characterised in that word in the packet of sampling required for the sampling rule refers to
The displacement of section and length.
4. the method as described in claim 1, it is characterised in that step 1) described in packet information Flow_ID refer to be used for
Distinguish the mark of different pieces of information bag or data flow;The exchanger information refers to for each jump SDN switch of record path
Information.
5. method as claimed in claim 4, it is characterised in that the Flow_ID of TCP data bag is IP, fragment
Offset, TCP sequence number fields;The Flow_ID of UDP message stream be source IP, destination IP,
Source port, destination port and protocol five-tuples.
6. method as claimed in claim 4, it is characterised in that step 2) it is middle according to the packet or the feature of data flow reviewed
It is grouped.
7. the method as described in claim 1, it is characterised in that step 3) described in the network topology structure G topologys that pass through SDN
Service module is obtained.
8. the method as described in claim 1, it is characterised in that step 3) described in the data set SA of each packetiEnter walking along the street
Footpath is analyzed, and is comprised the following steps:
A) SA is extractediMiddle SDN switch set SS, each SDN switch SSi in SS is obtained using the network topology structure G
Port set SPn={ input port, Other Port } n, and SPn corresponding SSi is stored in Port Table;Its
I in middle SSi is for variable to mark different SDN switches, and input port are packet inbound port and pass through sampled result
Mark, Other Port are remaining port;
B) by its corresponding existing jump set CH=of packet inbound port composition of each SDN switch in Port Table
I in { SSi, input port }, wherein SSi is variable to mark different SDN switches and SSi ∈ SS, input port
∈SPn;
C) each single item CH in CH is takeniCorresponding Other Ports, find from Other Ports each port successively
The other end of connection is used as CHiCorresponding all possible next-hop NHi, wherein CHiIn the current institute of subscript i flag data bags
Position, NHiIn the next position that will be transferred to of subscript i flag datas bag;
D) by CHiWith NHiCorresponding relation recorded in Path Fragment Table, then NHiElement duplicate removal is simultaneously integrated
For next-hop set NH={ SSi, input port }, wherein SSi, input port ∈ G;
E) CH and NH union is taken as SAiAll paths may node set AH, i.e. AH=CH ∪ NH, wherein number of nodes is
N, and | AH |=n, a n rank square formation A is built with AH, wherein with CH in Path Fragment TablepFor row, NHqFor row
Element is entered as 0;CHpFor row, NHq1 is entered as capable element, and Path Fragment Table line number is n, wherein
CHpSubscript p and NHqSubscript q show p rows q row and q rows p row.
9. method as claimed in claim 8, it is characterised in that the other end described in step c) is if interchanger, then NHiBy
Switch_ID and Input Port are represented;The other end is as Switch_ID, Input Port if main frame, then MAC
null。
10. method as claimed in claim 8, it is characterised in that step 4) described in path is determined according to path analysis result
Starting point, comprises the following steps:
F) in square formation A, as aij=(r, c)=0, transmitting procedure of the packet from r to c is represented;As aij=1, represent
Transmitting procedure of the packet from c to r;When all values are 0 in described a line, represent that all elements will be all escape to from r up to difference
Next-hop, and in a line all values all be 1 when, represent all elements all reach r together from different upper hops;Work as a line
There was only 0 in element without 1, represent and there was only next-hop, without upper hop;Now r is SAiThe starting point of middle packet, and by starting point
It is designated as reference point s;
G) when reference point s value is 0, then in the element x that the row lookup value where s is 1;When reference point s value is 1, then
In the element x that the row lookup value where s is 0;If in the presence of the x for the condition that meets, as new reference point s, then circulation is held
Row step f), the x until can not find the condition of satisfaction, that is, end of tracing to the source.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710160267.0A CN107070895B (en) | 2017-03-17 | 2017-03-17 | SDN-based data flow tracing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710160267.0A CN107070895B (en) | 2017-03-17 | 2017-03-17 | SDN-based data flow tracing method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107070895A true CN107070895A (en) | 2017-08-18 |
| CN107070895B CN107070895B (en) | 2020-05-22 |
Family
ID=59621235
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710160267.0A Active CN107070895B (en) | 2017-03-17 | 2017-03-17 | SDN-based data flow tracing method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107070895B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108540383A (en) * | 2018-03-20 | 2018-09-14 | 大连理工大学 | A kind of data packet transmission locus detection method based on software defined network |
| CN109150920A (en) * | 2018-11-05 | 2019-01-04 | 南京邮电大学 | A kind of attack detecting source tracing method based on software defined network |
| CN109962879A (en) * | 2017-12-22 | 2019-07-02 | 中国电信股份有限公司 | Refuse the safety defense method and controller of service DRDoS for distributed reflection |
| CN109977680A (en) * | 2019-03-13 | 2019-07-05 | 北京国舜科技股份有限公司 | A kind of business datum security risk recognition methods and system |
| CN110113328A (en) * | 2019-04-28 | 2019-08-09 | 武汉理工大学 | A kind of software definition opportunistic network DDoS defence method based on block chain |
| CN111565125A (en) * | 2020-07-15 | 2020-08-21 | 成都数维通信技术有限公司 | Method for acquiring message passing through network traffic path |
| CN111586026A (en) * | 2020-04-30 | 2020-08-25 | 广州市品高软件股份有限公司 | Software defined boundary implementation method and system based on SDN |
| CN113556309A (en) * | 2020-04-23 | 2021-10-26 | 中国电信股份有限公司 | Method for predicting attack scale |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120082163A1 (en) * | 2009-06-09 | 2012-04-05 | Christian Esteve Rothenberg | Packet Routing In A Network |
| CN104852887A (en) * | 2014-02-17 | 2015-08-19 | 上海宽带技术及应用工程研究中心 | Network flow tracing system and method based on OpenFlow technology |
| CN105282169A (en) * | 2015-11-04 | 2016-01-27 | 中国电子科技集团公司第四十一研究所 | DDoS attack warning method and system based on SDN controller threshold |
| CN106027497A (en) * | 2016-05-04 | 2016-10-12 | 山东大学 | DDoS (Distributed Denial of Service) tracing and source end filtering method oriented to SDN (Software Defined Networking) and based on OpenFlow-DPM |
| CN106302006A (en) * | 2016-08-05 | 2017-01-04 | 南京理工大学 | A kind of dynamic source tracing method of IP spoofing packet based on SDN |
-
2017
- 2017-03-17 CN CN201710160267.0A patent/CN107070895B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120082163A1 (en) * | 2009-06-09 | 2012-04-05 | Christian Esteve Rothenberg | Packet Routing In A Network |
| CN104852887A (en) * | 2014-02-17 | 2015-08-19 | 上海宽带技术及应用工程研究中心 | Network flow tracing system and method based on OpenFlow technology |
| CN105282169A (en) * | 2015-11-04 | 2016-01-27 | 中国电子科技集团公司第四十一研究所 | DDoS attack warning method and system based on SDN controller threshold |
| CN106027497A (en) * | 2016-05-04 | 2016-10-12 | 山东大学 | DDoS (Distributed Denial of Service) tracing and source end filtering method oriented to SDN (Software Defined Networking) and based on OpenFlow-DPM |
| CN106302006A (en) * | 2016-08-05 | 2017-01-04 | 南京理工大学 | A kind of dynamic source tracing method of IP spoofing packet based on SDN |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109962879A (en) * | 2017-12-22 | 2019-07-02 | 中国电信股份有限公司 | Refuse the safety defense method and controller of service DRDoS for distributed reflection |
| CN108540383A (en) * | 2018-03-20 | 2018-09-14 | 大连理工大学 | A kind of data packet transmission locus detection method based on software defined network |
| CN109150920A (en) * | 2018-11-05 | 2019-01-04 | 南京邮电大学 | A kind of attack detecting source tracing method based on software defined network |
| CN109977680A (en) * | 2019-03-13 | 2019-07-05 | 北京国舜科技股份有限公司 | A kind of business datum security risk recognition methods and system |
| CN110113328A (en) * | 2019-04-28 | 2019-08-09 | 武汉理工大学 | A kind of software definition opportunistic network DDoS defence method based on block chain |
| CN113556309A (en) * | 2020-04-23 | 2021-10-26 | 中国电信股份有限公司 | Method for predicting attack scale |
| CN111586026A (en) * | 2020-04-30 | 2020-08-25 | 广州市品高软件股份有限公司 | Software defined boundary implementation method and system based on SDN |
| CN111586026B (en) * | 2020-04-30 | 2021-01-29 | 广州市品高软件股份有限公司 | Software defined boundary implementation method and system based on SDN |
| CN111565125A (en) * | 2020-07-15 | 2020-08-21 | 成都数维通信技术有限公司 | Method for acquiring message passing through network traffic path |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107070895B (en) | 2020-05-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107070895A (en) | A kind of data flow source tracing method based on SDN | |
| Medhi et al. | Network routing: algorithms, protocols, and architectures | |
| CN105743793B (en) | Bit index for network device components explicitly replicates (BIER) forwarding | |
| TWI683587B (en) | Apparatus and method for uniquely enumerating paths in a parse tree | |
| JP5880570B2 (en) | Mapping server device, network system, packet transfer method and program | |
| CN104660508B (en) | A kind of message forwarding method and device | |
| CN105765946B (en) | Support the method and system of the service chaining in data network | |
| CN102238083B (en) | For the system and method for adapted packet process streamline | |
| CN104243270B (en) | A kind of method and apparatus for establishing tunnel | |
| CN105099846B (en) | The method and supplier edge device of data message transmission | |
| CN105337881B (en) | A kind of processing method of data message, service node and drainage point | |
| CN106921572B (en) | A kind of method, apparatus and system for propagating qos policy | |
| CN103053138A (en) | A device and method for egress packet forwarding using mesh tagging | |
| CA2515667A1 (en) | Arrangement in a router for generating a route based on a pattern of a received packet | |
| CN106105130A (en) | Carry the source routing of entropy head | |
| CN103905251B (en) | Network topology obtaining method and device | |
| CN104702504A (en) | Communication system, control apparatus, configuration method for processing rules, and program | |
| CN104486161A (en) | Method and device for network traffic identification | |
| US20080310326A1 (en) | Network physical connection inference for ip tunnels | |
| US20150341263A1 (en) | Associating internet protocol (ip) addresses with ethernet virtualisation interconnection (evi) links | |
| US7894369B2 (en) | Network physical connection inference for IP tunnels | |
| CN103746914B (en) | Set up method, the apparatus and system of private network tags and original VRF corresponding relations | |
| CN102316121A (en) | Filtering matching preprocessing method supporting dynamic extended frame head and device | |
| CN102946349A (en) | OSPF (open shortest path first) protocol-based Ethernet E-Line service link discovery method and device | |
| CN106341423A (en) | Message processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |