CN107425999A - A kind of safety detection node dynamic deployment method of low overhead - Google Patents

A kind of safety detection node dynamic deployment method of low overhead Download PDF

Info

Publication number
CN107425999A
CN107425999A CN201710260811.9A CN201710260811A CN107425999A CN 107425999 A CN107425999 A CN 107425999A CN 201710260811 A CN201710260811 A CN 201710260811A CN 107425999 A CN107425999 A CN 107425999A
Authority
CN
China
Prior art keywords
node
cost
suspect
mrow
ordinary
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710260811.9A
Other languages
Chinese (zh)
Other versions
CN107425999B (en
Inventor
张凤
韦云凯
马立香
李娜
陈怡瑾
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of Electronic Science and Technology of China
Original Assignee
University of Electronic Science and Technology of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Electronic Science and Technology of China filed Critical University of Electronic Science and Technology of China
Priority to CN201710260811.9A priority Critical patent/CN107425999B/en
Publication of CN107425999A publication Critical patent/CN107425999A/en
Application granted granted Critical
Publication of CN107425999B publication Critical patent/CN107425999B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design

Abstract

The present invention discloses a kind of safety detection node dynamic deployment method of low overhead, and nodes behavior is monitored by SDN controllers, suspect node is tentatively judged, realizes rough detection;On the basis of rough detection, calculate single ordinary node be elected as after temporary detecting node needed for cost value, temporary detecting node is chosen according to suspect node distribution and node cost value in network, to the further detection of suspect node, realizes that the examining to suspect node is surveyed;The temporary detecting node that the application is surveyed by examining cooperates with the conventional detection node of rough detection, the accuracy of detection is greatly improved, and the temporary detecting node set that the application chooses disclosure satisfy that network security requirement, it is relatively low to the expense of whole network and cost value caused by causing the temporary detecting nodal test function of deployment is as small as possible.

Description

A kind of safety detection node dynamic deployment method of low overhead
Technical field
The invention belongs to network safety filed, and in particular to a kind of safety detection node Dynamical Deployment technology.
Background technology
Once there are the malicious nodes such as virus infection node, malicious attack nodes in network, pole will be brought to network security Big threat.In order to reduce the harm of malicious node, internet security is improved, it usually needs take a series of safe nondominant hand Section.A kind of common mode is fire wall or checking and killing virus software to be installed on all nodes, by virus/malicious attack Keep out outside node.However, once there is new virus/attack meanses to break through system of defense, the node will be no longer safe, node Itself it also is difficult to the ability for having self-recovery again.
Therefore, network also needs to possess cooperation detection, takes precautions against the means of virus/malicious attack.In SDN (software defined networks Network:Software Defined Networking) in network, current Main is that the whole network is opened up using SDN controllers Flutter, the overall grasp of flow, the viral infection/malicious attack nodes analyze in real time, having found that it is likely that.But due to current net Network scale is increasing, and virus/malicious attack means are also in continuous evolution, simulation proper network behavior, single SDN controllers There is significant limitation to the detectability of suspect node in network., would generally be in net in order to make up this problem Disperse to dispose some safety detection nodes in network.But this mode remains sizable limitation:Peace in network Full detection node is usually fixed deployment, and this kind of safety detection node deployment is overstocked, then can cause overhead (cost generation Valency, resource consumption cost) it is too high;Safety detection node deployment is excessively sparse, then can not play and detect suspect node well Effect.
Therefore, for suspicious actions/suspect node in network, lower, the more efficient safety detection side of expense is proposed Method, the presence for effectively finding virus infection node/attack node in network, improves internet security, has important meaning Justice.
The content of the invention
The present invention in order to solve the above technical problems, propose a kind of safety detection node dynamic deployment method of low overhead, First, according to the behavior of nodes, preliminary discovery suspect node is held to the overall of network using SDN controllers, realized Rough detection;And then utilize i.e. network function virtual technology (NFV:Network Function Virtualization) suspicious The suitable safety detection node of Dynamical Deployment around node, realize that the examining to suspect node is surveyed, so as in the feelings compared with low overhead Under condition, thickness combination, accurately and reliably safety detection are realized.
The technical solution adopted by the present invention is:A kind of safety detection node dynamic deployment method of low overhead, including:
S1, by SDN controllers nodes behavior is monitored, is ordinary node if detection state is safety; Otherwise it is suspect node;
S2, calculate the cost value that each ordinary node is elected as temporary detecting node;
S3, the cost value according to the step S2 ordinary nodes being calculated, and the distribution of suspect node, from ordinary node Middle selection temporary detecting node.
Further, SDN controllers described in step S1 also collect each nodal information, and the nodal information includes:Node is excellent First level, the common degree of node, current battery charge, high power threshold, low battery threshold value.
Further, the cost value of each ordinary node of calculating is specially described in step S2:
A1, itself cost is determined, itself cost is the node priority;
A2, cost of detriment is determined, the cost of detriment is that the node is commonly spent;The common degree is the general of the node adjacency The number of degrees of logical node;
A3, determine to start cost, the startup cost is that battery electric quantity starts temporary detecting function to the node with node The degree itself impacted;
A4, according to itself cost, cost of detriment and start cost, the cost value of each ordinary node is calculated.
Further, it is fixed value to start cost when ordinary node is line node, described in step A3, is expressed as: Con(i)=Con_wired
Starting cost expression formula when ordinary node is radio node, described in step A3 is:
Wherein, Con(i)Represent the startup cost of i-th of ordinary node, ConlRepresent that node battery electric quantity is less than EbalWhen open Dynamic cost value, EbalRepresent low battery threshold value, ConhRepresent node electricity higher than EbdhWhen startup cost value, EbdhRepresent high electricity Measure threshold value;A and b are normal number, Eba(i)Represent the electricity of i-th of ordinary node.
Further, the cost value expression of each ordinary node described in step A4 is as follows:
Cost(i)=α * (Con(i)/(Cself(i)+β*Cdang(i)));
Wherein, Cost(i)For the cost value of i-th of ordinary node, Cself(i)For itself cost of i-th of ordinary node, Cdang(i)For the cost of detriment of i-th of ordinary node, α is constant, and β is cost of detriment and the proportionality coefficient of itself cost.
Further, step S3 specifically include it is following step by step:
B1, statistics suspect node quantity;
B2, the suspect node deletion for being 0 by common degree, update suspect node quantity;
B3, common degree is put into First ray for 1 suspect node;
B4, common suspect node of the degree more than 1 be put into the second sequence;
Suspect node in B5, processing First ray, it is specially:Suspect node itself y is deleted, and is deleted suspicious with this The ordinary node Nei that node y is uniquely abutted(y), and delete and ordinary node Nei(y)Remaining adjacent suspect node, then The suspect node of deletion is subtracted, the suspect node quantity after being updated, and update first, second sequence;
B6, repeat step B5, until the number of nodes of First ray is 0;
Suspect node in B7, the second sequence of processing, it is specially:By the suspect node in the second sequence according to common degree from It is small to being ranked up greatly;First suspect node z current in the second sequence is deleted, is found adjacent with z and cost value minimum Temporary detecting node of the ordinary node as z;
Suspect node z and its other suspect nodes of temporary detecting node and the temporary detecting coverage are deleted, so After update the second sequence;
The suspect node of deletion is subtracted, the suspect node quantity after being updated;
B8, repeat step B7, until suspect node quantity is 0.
Beneficial effects of the present invention:The method of the present invention, is monitored by SDN controllers to nodes behavior, Tentatively judge suspect node, realize rough detection;On the basis of rough detection, using NFV technologies around suspect node dynamic Suitable temporary detecting node is disposed, to the further detection of suspect node, realizes that the examining to suspect node is surveyed, the application passes through The temporary detecting node that examining is surveyed cooperates with the conventional detection node of rough detection, and the accuracy of detection is greatly improved, and And the temporary detecting node set that the application chooses disclosure satisfy that network security requirement, and allow the temporary detecting nodal test of deployment Cost value is as small as possible caused by function, relatively low to the expense of whole network.
Brief description of the drawings
Fig. 1 is the configuration diagram that NFV is combined with SDN;
Fig. 2 is temporary detecting node selection model schematic;
Fig. 3 is the security node Dynamical Deployment flow chart of low overhead provided in an embodiment of the present invention;
Fig. 4 is cost classification and implication schematic diagram;
Fig. 5 is the algorithm flow chart that node cost value calculates;
Fig. 6 is that battery electric quantity starts cost relationship description qualitative representation to node;
Fig. 7 is node selection algorithm flow chart.
Embodiment
For ease of skilled artisan understands that the technology contents of the present invention, enter one to present invention below in conjunction with the accompanying drawings Step explaination.
The framework that the method for the present invention is combined based on NFV with SDN, the framework logical schematic are as shown in Figure 1.At this In framework, SDN controllers cooperate with OpenStack.SDN controllers are monitored to nodes behavior, are tentatively sentenced Break and suspect node, realize rough detection;In addition SDN controllers also collect each nodal information, including:Node priority, node Common degree, current battery charge, high power threshold, low battery threshold value etc., being elected to for ordinary node after temporary detecting node needs to pay The calculating of the cost value gone out provides foundation.OpenStack issues deployment detection function to NFV nodes, and temporary detecting node pair can Doubtful node further detects, and judges suspect node real conditions, is laid the foundation for subsequent network safety measure.
Conventional rough detection mode has two classes, and one kind is that detection discharging characteristic meets that certain attack, one kind are to detect to flow Characteristic is unsatisfactory for normal stream feature.Two ways can be used for the generation for judging attack, be adopted after judging that (possibility) sends attack Certain tracing technology is taken, it can be found that where which suspicious node, there is;Both rough detection methods are this area Known technology, it is not set forth in detail herein.
In a network, deployment temporary detecting node needs consumption of network resources, the lazy weight of temporary detecting node deployment Or choose node location it is improper can cause can not Logistics networks security.Based on this, the present invention proposes a kind of low overhead Safety detection node dynamic deployment method, on the premise of internet security is ensured, the overall cost value of network is reduced as far as possible.This The technical scheme of application is:First, nodes behavior is monitored by SDN controllers, suspect node is found in scalping;So Single ordinary node is calculated afterwards is elected to the cost value for needing after temporary detecting node to pay;Finally it is distributed according to suspect node in network Temporary detecting node is chosen with node cost value.The present embodiment is right by taking temporary detecting node selection model as shown in Figure 2 as an example Present context is illustrated, and the suspect node in the application is found by rough detection process, and such node will be by examining Survey process further confirms that node condition;Ordinary node in the application is that rough detection must do well as the node of safety, commonly Node can be chosen for temporary detecting node;Temporary detecting node in the application is determined by Selection Strategy, from common section Chosen in point, the examining for suspect node situation is surveyed.
The technical scheme of the application is as shown in figure 3, specifically comprise the following steps:
S1, by SDN controllers nodes behavior is monitored, is ordinary node if detection state is safety; Otherwise it is suspect node;The SDN controllers also collect each nodal information, including:Node priority, the common degree of node, when Preceding battery electric quantity, high power threshold, low battery threshold value etc., it is elected to the cost value for needing to pay after temporary detecting node for ordinary node Calculating provide foundation.
S2, the cost value for calculating each ordinary node;The application is that each ordinary node calculates elected interim inspection The cost value paid is needed after survey node;Cost is classified and implication is as shown in Figure 4;The cost of node is divided into three parts:Itself Cost, cost of detriment, start cost;The calculating of cost value is as shown in Figure 5.
Assuming that rough detection, which obtains NFV nodes, includes n ordinary node, to each nodal scheme i, i=1,2,3 ..., n。
Itself cost:Under normal circumstances, node may have specific function, for example, node itself is needed for other sections Point offer service, if the node is infected, can influence the normal work of other nodes, the node can be endowed higher prior Level.
Each NFV nodes are divided into μ classes according to priority, then priority corresponding to each ordinary node is designated as Pr(i)=j;I= 1,2,3,...,n;J=1,2,3 ..., μ.
Itself cost of each ordinary node is designated as:Cself(i)=Pr(i)
Cost of detriment:After node is infected, cost caused by node infection surrounding ordinary node.Metainfective node There is the possibility of infection surrounding ordinary node, do simple hypothesis herein, surrounding ordinary node quantity is bigger, and suspect node is to surrounding Endangered caused by node is possible bigger.According to the common degree of the SDN each nodes counted, the common degree of each ordinary node is designated as Degi, i=1,2,3 ..., n.
The cost of detriment of each ordinary node is designated as:Cdang(i)=Deg(i)
Start cost:It is relevant with the battery electric quantity of node;Represent that node starts the electricity additionally consumed after detection function, it is right The influence of node life cycle;When battery electric quantity is too low, node can be caused, which to exist, can not normally transmit data because of out of power May;Therefore, the present invention will start cost and consider in temporary detecting node selection.
If NFV nodes are line node, it is not necessary to consider the influence that battery electric quantity starts to node, therefore, start cost ConFor a fixed value, C is designated ason_wired;If NFV nodes are radio node, start cost ConWith the dump energy hundred of present node Divide than relevant.The present embodiment is illustrated based on radio node to the calculating for starting cost.
Under radio node environment, electricity is few, has after this startup and there is a possibility that not starting next time, node by In not enough power supply cause can not normal operation influence will also result on the function of whole network, therefore, electricity is fewer, and node is got over " being unwilling " starts detection function and carrys out " waste " self electric quantity.
Start cost and describe what battery electric quantity impacted in itself with node startup temporary detecting function to the node Degree;It is qualitative as shown in Figure 6 that battery electric quantity starts cost relationship description to node;Assuming that:High power threshold is Ebdh, low battery Threshold value is Ebal;When electricity is less than EbalWhen, node can not start detection function;When electricity is higher than EbahWhen, node electricity is sufficient, Assuming that it is a fixed value C to start costonh.When dump energy is in EbalAnd EbdhWhen before, qualitative analysis is first done, electricity is more When, consideration of the node to electricity is less, and offseting the loss that power consumption is brought will not excessively lie in.
Battery electric quantity is the process of a dynamic change, and influence of the battery electric quantity to node itself is also a development and change Process.Logistic regression equation be frequently used to predict object showed in its evolution with as biological species development Change procedure, citation form are:
Wherein, k is saturated level, and ρ and σ are normal number, can be determined by primary condition.
Because logistic regression equation is the curve for describing things propagation process, and it is with electricity that node, which starts cost, The curve that pond electricity successively decreases.On the other hand, because logistic regression curve is not the curve of the growth since 0, while become certainly The span of amount arrives just infinite for 0.Consider to intercept the logistic song after a certain upset 2 points based on more than, in the present embodiment Line is approximate as startup cost curve.
Correspond in particular problem, saturated level k=Conh
Assuming that electricity is EbalWhen, startup cost is an approximate ConlValue Conl- ε, wherein ε are an arbitrarily small number; Electricity is EbahWhen, startup cost is Conh+ε。
Curvilinear equation expression formula is:
Wherein, EbaiFor the electricity of node i;A and b value is in curvilinear equation:
To sum up, the deformation of logistic equation is used for node electricity and the relation for starting cost, the present invention;By right Logistic regression equation is adjusted, and obtains moving towards roughly the same functional equation with qualitative profile.
In above-described three kinds of costs, the node of selection should be that security classes cost is larger and node class cost is small Node;Therefore, the cost value obtained is:
Cost(i)=α * (Con(i)/(Cself(i)+β*Cdang(i)))
Wherein, α is constant, for adjusting the Cost orders of magnitude.
S3, the cost value according to the step S2 ordinary nodes being calculated, and the distribution of suspect node, from ordinary node Middle selection temporary detecting node.Each node commonly spends Deg corresponding to having(i).Specific temporary detecting node selection algorithm is as schemed Shown in 7, step is as follows:
B1, statistics suspect node quantity;
B2, it will commonly spend Deg(x)=0 suspect node x is deleted, and updates suspect node quantity;
B3, it will commonly spend Deg(y)=1 suspect node y is put into First ray;
B4, it will commonly spend Deg(z)> 1 suspect node z is put into the second sequence, and by the suspect node in the second sequence It is ranked up from small to large according to common degree;
Suspect node in B5, processing First ray, it is specially:Suspect node itself y is deleted, and is deleted suspicious with this The ordinary node Nei that node y is uniquely abutted(y), and delete and ordinary node Nei(y)Remaining adjacent suspect node, then The suspect node of deletion is subtracted, the suspect node quantity after being updated, and update the second sequence;Y is represented can in First ray Doubt the sequence number of node;
B6, repeat step B5, until the number of nodes of First ray is 0;
Suspect node in B7, the second sequence of processing, it is specially:By the suspect node in the second sequence according to common degree from It is small to being ranked up greatly;First suspect node z current in the second sequence is deleted, is found adjacent with z and cost value minimum Temporary detecting node of the ordinary node as z;Z represents the sequence number of suspect node in the second sequence;
Delete first suspect node z and its other of temporary detecting node and the temporary detecting coverage are suspicious Node, update the second sequence;
Then the suspect node of deletion is subtracted, the suspect node quantity after being updated;
B8, repeat step B7, until suspect node quantity is 0.
One of ordinary skill in the art will be appreciated that embodiment described here is to aid in reader and understands this hair Bright principle, it should be understood that protection scope of the present invention is not limited to such especially statement and embodiment.For ability For the technical staff in domain, the present invention can have various modifications and variations.Within the spirit and principles of the invention, made Any modification, equivalent substitution and improvements etc., should be included within scope of the presently claimed invention.

Claims (6)

  1. A kind of 1. safety detection node dynamic deployment method of low overhead, it is characterised in that including:
    S1, by SDN controllers nodes behavior is monitored, is ordinary node if detection state is safety;Otherwise For suspect node;
    S2, the cost value for calculating each ordinary node;
    S3, the cost value according to the step S2 ordinary nodes being calculated, and the distribution of suspect node, are selected from ordinary node Take temporary detecting node.
  2. A kind of 2. safety detection node dynamic deployment method of low overhead according to claim 1, it is characterised in that step SDN controllers described in S1 also collect each nodal information, and the nodal information includes:The common degree, current of node priority, node Battery electric quantity, high power threshold, low battery threshold value.
  3. 3. the safety detection node dynamic deployment method of a kind of low overhead according to claim 2, it is characterised in that described Step S2 specifically includes following steps:
    A1, itself cost is determined, itself cost is the node priority;
    A2, cost of detriment is determined, the cost of detriment is the common degree of the node;The common degree is the common of the node adjacency The number of degrees of node;
    A3, determine to start cost, the startup cost is that battery electric quantity and node start temporary detecting function to the node in itself The degree impacted;
    A4, according to itself cost, cost of detriment and start cost, the cost value of each ordinary node is calculated.
  4. 4. the safety detection node dynamic deployment method of a kind of low overhead according to claim 3, it is characterised in that when general When logical node is line node, it is fixed value C to start cost described in step A3on_wired, it is expressed as:Con(i)=Con_wired
    Starting cost expression formula when ordinary node is radio node, described in step A3 is:
    <mrow> <msub> <mi>C</mi> <mrow> <mi>o</mi> <mi>n</mi> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </mrow> </msub> <mo>=</mo> <msub> <mi>C</mi> <mrow> <mi>o</mi> <mi>n</mi> <mi>l</mi> </mrow> </msub> <mo>-</mo> <mfrac> <msub> <mi>C</mi> <mrow> <mi>o</mi> <mi>n</mi> <mi>h</mi> </mrow> </msub> <mrow> <mn>1</mn> <mo>+</mo> <msup> <mi>ae</mi> <mrow> <mo>-</mo> <msub> <mi>bE</mi> <mrow> <mi>b</mi> <mi>a</mi> <mi>i</mi> </mrow> </msub> <mo>-</mo> <msub> <mi>E</mi> <mrow> <mi>b</mi> <mi>a</mi> <mi>l</mi> </mrow> </msub> </mrow> </msup> </mrow> </mfrac> <mo>;</mo> </mrow>
    Wherein, Con(i)Represent the startup cost of i-th of ordinary node, ConlRepresent that node battery electric quantity is less than EbalWhen startup generation Value, EbalRepresent low battery threshold value, ConhRepresent node electricity higher than EbdhWhen startup cost value, EbdhRepresent high electricity threshold Value;A and b are normal number, Eba(i)Represent the electricity of i-th of ordinary node.
  5. A kind of 5. safety detection node dynamic deployment method of low overhead according to claim 4, it is characterised in that step The cost value expression of each ordinary node described in A4 is as follows:
    COst(i)=α * (Con(i)/(Cself(i)+β*Cdang(i)))
    Wherein, Cost(i)For the cost value of i-th of ordinary node, Cself(i)For itself cost of i-th of ordinary node, Cdang(i) For the cost of detriment of i-th of ordinary node, α is constant, and β is cost of detriment and the proportionality coefficient of itself cost.
  6. A kind of 6. safety detection node dynamic deployment method of low overhead according to claim 5, it is characterised in that step S3 specifically include it is following step by step:
    B1, statistics suspect node quantity;
    B2, the suspect node deletion for being 0 by common degree, update suspect node quantity;
    B3, common degree is put into First ray for 1 suspect node;
    B4, common suspect node of the degree more than 1 be put into the second sequence;
    Suspect node in B5, processing First ray, it is specially:Suspect node itself y is deleted, and is deleted and the suspect node The ordinary node Nei that y is uniquely abutted(y), and delete and ordinary node Nei(y)Remaining adjacent suspect node, is then subtracted The suspect node of deletion, the suspect node quantity after being updated, and update First ray and the second sequence;
    B6, repeat step B5, until the number of nodes of First ray is 0;
    Suspect node in B7, the second sequence of processing, it is specially:By the suspect node in the second sequence according to common degree from it is small to It is ranked up greatly;First suspect node z current in the second sequence is deleted, is found adjacent with z and cost value minimum common Temporary detecting node of the node as z;
    Suspect node z and its temporary detecting node and other suspect nodes of the temporary detecting coverage are deleted, then Update the second sequence;
    The suspect node of deletion is subtracted, the suspect node quantity after being updated;
    B8, repeat step B7, until suspect node quantity is 0.
CN201710260811.9A 2017-04-20 2017-04-20 Low-overhead dynamic deployment method for security detection nodes Expired - Fee Related CN107425999B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710260811.9A CN107425999B (en) 2017-04-20 2017-04-20 Low-overhead dynamic deployment method for security detection nodes

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710260811.9A CN107425999B (en) 2017-04-20 2017-04-20 Low-overhead dynamic deployment method for security detection nodes

Publications (2)

Publication Number Publication Date
CN107425999A true CN107425999A (en) 2017-12-01
CN107425999B CN107425999B (en) 2020-11-10

Family

ID=60424030

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710260811.9A Expired - Fee Related CN107425999B (en) 2017-04-20 2017-04-20 Low-overhead dynamic deployment method for security detection nodes

Country Status (1)

Country Link
CN (1) CN107425999B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108616394A (en) * 2018-04-25 2018-10-02 电子科技大学 A kind of backup of virtual network function and dispositions method
CN108881324A (en) * 2018-09-21 2018-11-23 电子科技大学 A kind of the DoS attack Distributed Detection and defence method of SDN network
CN113242266A (en) * 2021-07-12 2021-08-10 深圳市永达电子信息股份有限公司 NFV-based dynamic intrusion detection method and system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102006586A (en) * 2010-11-30 2011-04-06 上海交通大学 Wireless Mesh network intrusion detection system and detection method thereof
CN102572991A (en) * 2010-12-31 2012-07-11 中国人民解放军总参谋部第六十一研究所 Transmission method with low power consumption based on trust control
CN103327592A (en) * 2013-05-23 2013-09-25 南京邮电大学 Wireless sensor network power control method based on node degrees
CN105873065A (en) * 2016-03-28 2016-08-17 南京邮电大学 Safe positioning method of wireless sensor network based on trust level evaluation
US20160269464A1 (en) * 2014-10-15 2016-09-15 Meru Networks Optimizing multimedia streaming in wlans (wireless local access networks) with a remote sdn (software-defined networking) controller
CN106612289A (en) * 2017-01-18 2017-05-03 中山大学 Network collaborative abnormality detection method based on SDN

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102006586A (en) * 2010-11-30 2011-04-06 上海交通大学 Wireless Mesh network intrusion detection system and detection method thereof
CN102572991A (en) * 2010-12-31 2012-07-11 中国人民解放军总参谋部第六十一研究所 Transmission method with low power consumption based on trust control
CN103327592A (en) * 2013-05-23 2013-09-25 南京邮电大学 Wireless sensor network power control method based on node degrees
US20160269464A1 (en) * 2014-10-15 2016-09-15 Meru Networks Optimizing multimedia streaming in wlans (wireless local access networks) with a remote sdn (software-defined networking) controller
CN105873065A (en) * 2016-03-28 2016-08-17 南京邮电大学 Safe positioning method of wireless sensor network based on trust level evaluation
CN106612289A (en) * 2017-01-18 2017-05-03 中山大学 Network collaborative abnormality detection method based on SDN

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
杨梦婷: "基于OpenFlow的SDN网络仿真平台设计与DoS攻击检测", 《中国硕士学位论文全文数据库信息科技辑》 *
欧阳熹: "基于节点信誉的无线传感器网络安全关键技术研究", 《中国博士学位论文全文数据库信息科技辑》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108616394A (en) * 2018-04-25 2018-10-02 电子科技大学 A kind of backup of virtual network function and dispositions method
CN108881324A (en) * 2018-09-21 2018-11-23 电子科技大学 A kind of the DoS attack Distributed Detection and defence method of SDN network
CN108881324B (en) * 2018-09-21 2020-04-14 电子科技大学 DoS attack distributed detection and defense method for SDN network
CN113242266A (en) * 2021-07-12 2021-08-10 深圳市永达电子信息股份有限公司 NFV-based dynamic intrusion detection method and system
CN113242266B (en) * 2021-07-12 2021-11-30 深圳市永达电子信息股份有限公司 NFV-based dynamic intrusion detection method and system

Also Published As

Publication number Publication date
CN107425999B (en) 2020-11-10

Similar Documents

Publication Publication Date Title
Zhu et al. Network security configurations: A nonzero-sum stochastic game approach
WO2020093201A1 (en) Security modeling quantisation method for cyberspace mimic defence based on gspn and martingale theory
CN106341414A (en) Bayesian network-based multi-step attack security situation assessment method
CN107786369A (en) Based on the perception of IRT step analyses and LSTM powerline network security postures and Forecasting Methodology
CN105516177B (en) 5G network multi-level based on SDN and NFV attacks alleviation method
CN107425999A (en) A kind of safety detection node dynamic deployment method of low overhead
CN105868629B (en) Security threat situation assessment method suitable for electric power information physical system
Lu et al. Constrained-differential-evolution-based stealthy sparse cyber-attack and countermeasure in an AC smart grid
CN106850558A (en) Intelligent electric meter abnormal state detection method based on seaconal model time series
Li et al. On reliability analysis of smart grids under topology attacks: A stochastic petri net approach
CN111404915A (en) Power grid information physical security risk detection method based on three-layer model
CN115361150B (en) Security risk assessment method for power distribution network risk cascade under network attack
Zhou et al. An efficient victim prediction for Sybil detection in online social network
Altaher et al. Application of adaptive neuro-fuzzy inference system for information secuirty
Kaviani et al. Identifying an exploitable structure for the core problem of load-redistribution attack problems
CN105844425A (en) Comprehensive assessing method for security threat situations in electric cyber physical system
Duy Le et al. Cvss based attack analysis using a graphical security model: Review and smart grid case study
Ding et al. Cyber risks of PMU networks with observation errors: Assessment and mitigation
CN106506567A (en) The hidden network attack that a kind of Behavior-based control is passed judgment on is actively discovered method
Yu et al. An advanced accurate intrusion detection system for smart grid cybersecurity based on evolving machine learning
Meng et al. Novel Wireless Sensor Network Intrusion Detection Method Based on LightGBM Model.
De et al. A PMU assisted cyber attack resilient framework against power systems structural vulnerabilities
Chang et al. Implementation of ransomware prediction system based on weighted-KNN and real-time isolation architecture on SDN Networks
CN110210221A (en) A kind of documentation risk detection method and device
Basan et al. Methodology of Countering Attacks for Wireless Sensor Networks Based on Trust

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20201110

Termination date: 20210420