CN107425999A - A kind of safety detection node dynamic deployment method of low overhead - Google Patents
A kind of safety detection node dynamic deployment method of low overhead Download PDFInfo
- Publication number
- CN107425999A CN107425999A CN201710260811.9A CN201710260811A CN107425999A CN 107425999 A CN107425999 A CN 107425999A CN 201710260811 A CN201710260811 A CN 201710260811A CN 107425999 A CN107425999 A CN 107425999A
- Authority
- CN
- China
- Prior art keywords
- node
- cost
- suspect
- mrow
- ordinary
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
Abstract
The present invention discloses a kind of safety detection node dynamic deployment method of low overhead, and nodes behavior is monitored by SDN controllers, suspect node is tentatively judged, realizes rough detection;On the basis of rough detection, calculate single ordinary node be elected as after temporary detecting node needed for cost value, temporary detecting node is chosen according to suspect node distribution and node cost value in network, to the further detection of suspect node, realizes that the examining to suspect node is surveyed;The temporary detecting node that the application is surveyed by examining cooperates with the conventional detection node of rough detection, the accuracy of detection is greatly improved, and the temporary detecting node set that the application chooses disclosure satisfy that network security requirement, it is relatively low to the expense of whole network and cost value caused by causing the temporary detecting nodal test function of deployment is as small as possible.
Description
Technical field
The invention belongs to network safety filed, and in particular to a kind of safety detection node Dynamical Deployment technology.
Background technology
Once there are the malicious nodes such as virus infection node, malicious attack nodes in network, pole will be brought to network security
Big threat.In order to reduce the harm of malicious node, internet security is improved, it usually needs take a series of safe nondominant hand
Section.A kind of common mode is fire wall or checking and killing virus software to be installed on all nodes, by virus/malicious attack
Keep out outside node.However, once there is new virus/attack meanses to break through system of defense, the node will be no longer safe, node
Itself it also is difficult to the ability for having self-recovery again.
Therefore, network also needs to possess cooperation detection, takes precautions against the means of virus/malicious attack.In SDN (software defined networks
Network:Software Defined Networking) in network, current Main is that the whole network is opened up using SDN controllers
Flutter, the overall grasp of flow, the viral infection/malicious attack nodes analyze in real time, having found that it is likely that.But due to current net
Network scale is increasing, and virus/malicious attack means are also in continuous evolution, simulation proper network behavior, single SDN controllers
There is significant limitation to the detectability of suspect node in network., would generally be in net in order to make up this problem
Disperse to dispose some safety detection nodes in network.But this mode remains sizable limitation:Peace in network
Full detection node is usually fixed deployment, and this kind of safety detection node deployment is overstocked, then can cause overhead (cost generation
Valency, resource consumption cost) it is too high;Safety detection node deployment is excessively sparse, then can not play and detect suspect node well
Effect.
Therefore, for suspicious actions/suspect node in network, lower, the more efficient safety detection side of expense is proposed
Method, the presence for effectively finding virus infection node/attack node in network, improves internet security, has important meaning
Justice.
The content of the invention
The present invention in order to solve the above technical problems, propose a kind of safety detection node dynamic deployment method of low overhead,
First, according to the behavior of nodes, preliminary discovery suspect node is held to the overall of network using SDN controllers, realized
Rough detection;And then utilize i.e. network function virtual technology (NFV:Network Function Virtualization) suspicious
The suitable safety detection node of Dynamical Deployment around node, realize that the examining to suspect node is surveyed, so as in the feelings compared with low overhead
Under condition, thickness combination, accurately and reliably safety detection are realized.
The technical solution adopted by the present invention is:A kind of safety detection node dynamic deployment method of low overhead, including:
S1, by SDN controllers nodes behavior is monitored, is ordinary node if detection state is safety;
Otherwise it is suspect node;
S2, calculate the cost value that each ordinary node is elected as temporary detecting node;
S3, the cost value according to the step S2 ordinary nodes being calculated, and the distribution of suspect node, from ordinary node
Middle selection temporary detecting node.
Further, SDN controllers described in step S1 also collect each nodal information, and the nodal information includes:Node is excellent
First level, the common degree of node, current battery charge, high power threshold, low battery threshold value.
Further, the cost value of each ordinary node of calculating is specially described in step S2:
A1, itself cost is determined, itself cost is the node priority;
A2, cost of detriment is determined, the cost of detriment is that the node is commonly spent;The common degree is the general of the node adjacency
The number of degrees of logical node;
A3, determine to start cost, the startup cost is that battery electric quantity starts temporary detecting function to the node with node
The degree itself impacted;
A4, according to itself cost, cost of detriment and start cost, the cost value of each ordinary node is calculated.
Further, it is fixed value to start cost when ordinary node is line node, described in step A3, is expressed as:
Con(i)=Con_wired;
Starting cost expression formula when ordinary node is radio node, described in step A3 is:
Wherein, Con(i)Represent the startup cost of i-th of ordinary node, ConlRepresent that node battery electric quantity is less than EbalWhen open
Dynamic cost value, EbalRepresent low battery threshold value, ConhRepresent node electricity higher than EbdhWhen startup cost value, EbdhRepresent high electricity
Measure threshold value;A and b are normal number, Eba(i)Represent the electricity of i-th of ordinary node.
Further, the cost value expression of each ordinary node described in step A4 is as follows:
Cost(i)=α * (Con(i)/(Cself(i)+β*Cdang(i)));
Wherein, Cost(i)For the cost value of i-th of ordinary node, Cself(i)For itself cost of i-th of ordinary node,
Cdang(i)For the cost of detriment of i-th of ordinary node, α is constant, and β is cost of detriment and the proportionality coefficient of itself cost.
Further, step S3 specifically include it is following step by step:
B1, statistics suspect node quantity;
B2, the suspect node deletion for being 0 by common degree, update suspect node quantity;
B3, common degree is put into First ray for 1 suspect node;
B4, common suspect node of the degree more than 1 be put into the second sequence;
Suspect node in B5, processing First ray, it is specially:Suspect node itself y is deleted, and is deleted suspicious with this
The ordinary node Nei that node y is uniquely abutted(y), and delete and ordinary node Nei(y)Remaining adjacent suspect node, then
The suspect node of deletion is subtracted, the suspect node quantity after being updated, and update first, second sequence;
B6, repeat step B5, until the number of nodes of First ray is 0;
Suspect node in B7, the second sequence of processing, it is specially:By the suspect node in the second sequence according to common degree from
It is small to being ranked up greatly;First suspect node z current in the second sequence is deleted, is found adjacent with z and cost value minimum
Temporary detecting node of the ordinary node as z;
Suspect node z and its other suspect nodes of temporary detecting node and the temporary detecting coverage are deleted, so
After update the second sequence;
The suspect node of deletion is subtracted, the suspect node quantity after being updated;
B8, repeat step B7, until suspect node quantity is 0.
Beneficial effects of the present invention:The method of the present invention, is monitored by SDN controllers to nodes behavior,
Tentatively judge suspect node, realize rough detection;On the basis of rough detection, using NFV technologies around suspect node dynamic
Suitable temporary detecting node is disposed, to the further detection of suspect node, realizes that the examining to suspect node is surveyed, the application passes through
The temporary detecting node that examining is surveyed cooperates with the conventional detection node of rough detection, and the accuracy of detection is greatly improved, and
And the temporary detecting node set that the application chooses disclosure satisfy that network security requirement, and allow the temporary detecting nodal test of deployment
Cost value is as small as possible caused by function, relatively low to the expense of whole network.
Brief description of the drawings
Fig. 1 is the configuration diagram that NFV is combined with SDN;
Fig. 2 is temporary detecting node selection model schematic;
Fig. 3 is the security node Dynamical Deployment flow chart of low overhead provided in an embodiment of the present invention;
Fig. 4 is cost classification and implication schematic diagram;
Fig. 5 is the algorithm flow chart that node cost value calculates;
Fig. 6 is that battery electric quantity starts cost relationship description qualitative representation to node;
Fig. 7 is node selection algorithm flow chart.
Embodiment
For ease of skilled artisan understands that the technology contents of the present invention, enter one to present invention below in conjunction with the accompanying drawings
Step explaination.
The framework that the method for the present invention is combined based on NFV with SDN, the framework logical schematic are as shown in Figure 1.At this
In framework, SDN controllers cooperate with OpenStack.SDN controllers are monitored to nodes behavior, are tentatively sentenced
Break and suspect node, realize rough detection;In addition SDN controllers also collect each nodal information, including:Node priority, node
Common degree, current battery charge, high power threshold, low battery threshold value etc., being elected to for ordinary node after temporary detecting node needs to pay
The calculating of the cost value gone out provides foundation.OpenStack issues deployment detection function to NFV nodes, and temporary detecting node pair can
Doubtful node further detects, and judges suspect node real conditions, is laid the foundation for subsequent network safety measure.
Conventional rough detection mode has two classes, and one kind is that detection discharging characteristic meets that certain attack, one kind are to detect to flow
Characteristic is unsatisfactory for normal stream feature.Two ways can be used for the generation for judging attack, be adopted after judging that (possibility) sends attack
Certain tracing technology is taken, it can be found that where which suspicious node, there is;Both rough detection methods are this area
Known technology, it is not set forth in detail herein.
In a network, deployment temporary detecting node needs consumption of network resources, the lazy weight of temporary detecting node deployment
Or choose node location it is improper can cause can not Logistics networks security.Based on this, the present invention proposes a kind of low overhead
Safety detection node dynamic deployment method, on the premise of internet security is ensured, the overall cost value of network is reduced as far as possible.This
The technical scheme of application is:First, nodes behavior is monitored by SDN controllers, suspect node is found in scalping;So
Single ordinary node is calculated afterwards is elected to the cost value for needing after temporary detecting node to pay;Finally it is distributed according to suspect node in network
Temporary detecting node is chosen with node cost value.The present embodiment is right by taking temporary detecting node selection model as shown in Figure 2 as an example
Present context is illustrated, and the suspect node in the application is found by rough detection process, and such node will be by examining
Survey process further confirms that node condition;Ordinary node in the application is that rough detection must do well as the node of safety, commonly
Node can be chosen for temporary detecting node;Temporary detecting node in the application is determined by Selection Strategy, from common section
Chosen in point, the examining for suspect node situation is surveyed.
The technical scheme of the application is as shown in figure 3, specifically comprise the following steps:
S1, by SDN controllers nodes behavior is monitored, is ordinary node if detection state is safety;
Otherwise it is suspect node;The SDN controllers also collect each nodal information, including:Node priority, the common degree of node, when
Preceding battery electric quantity, high power threshold, low battery threshold value etc., it is elected to the cost value for needing to pay after temporary detecting node for ordinary node
Calculating provide foundation.
S2, the cost value for calculating each ordinary node;The application is that each ordinary node calculates elected interim inspection
The cost value paid is needed after survey node;Cost is classified and implication is as shown in Figure 4;The cost of node is divided into three parts:Itself
Cost, cost of detriment, start cost;The calculating of cost value is as shown in Figure 5.
Assuming that rough detection, which obtains NFV nodes, includes n ordinary node, to each nodal scheme i, i=1,2,3 ...,
n。
Itself cost:Under normal circumstances, node may have specific function, for example, node itself is needed for other sections
Point offer service, if the node is infected, can influence the normal work of other nodes, the node can be endowed higher prior
Level.
Each NFV nodes are divided into μ classes according to priority, then priority corresponding to each ordinary node is designated as Pr(i)=j;I=
1,2,3,...,n;J=1,2,3 ..., μ.
Itself cost of each ordinary node is designated as:Cself(i)=Pr(i)。
Cost of detriment:After node is infected, cost caused by node infection surrounding ordinary node.Metainfective node
There is the possibility of infection surrounding ordinary node, do simple hypothesis herein, surrounding ordinary node quantity is bigger, and suspect node is to surrounding
Endangered caused by node is possible bigger.According to the common degree of the SDN each nodes counted, the common degree of each ordinary node is designated as
Degi, i=1,2,3 ..., n.
The cost of detriment of each ordinary node is designated as:Cdang(i)=Deg(i)。
Start cost:It is relevant with the battery electric quantity of node;Represent that node starts the electricity additionally consumed after detection function, it is right
The influence of node life cycle;When battery electric quantity is too low, node can be caused, which to exist, can not normally transmit data because of out of power
May;Therefore, the present invention will start cost and consider in temporary detecting node selection.
If NFV nodes are line node, it is not necessary to consider the influence that battery electric quantity starts to node, therefore, start cost
ConFor a fixed value, C is designated ason_wired;If NFV nodes are radio node, start cost ConWith the dump energy hundred of present node
Divide than relevant.The present embodiment is illustrated based on radio node to the calculating for starting cost.
Under radio node environment, electricity is few, has after this startup and there is a possibility that not starting next time, node by
In not enough power supply cause can not normal operation influence will also result on the function of whole network, therefore, electricity is fewer, and node is got over
" being unwilling " starts detection function and carrys out " waste " self electric quantity.
Start cost and describe what battery electric quantity impacted in itself with node startup temporary detecting function to the node
Degree;It is qualitative as shown in Figure 6 that battery electric quantity starts cost relationship description to node;Assuming that:High power threshold is Ebdh, low battery
Threshold value is Ebal;When electricity is less than EbalWhen, node can not start detection function;When electricity is higher than EbahWhen, node electricity is sufficient,
Assuming that it is a fixed value C to start costonh.When dump energy is in EbalAnd EbdhWhen before, qualitative analysis is first done, electricity is more
When, consideration of the node to electricity is less, and offseting the loss that power consumption is brought will not excessively lie in.
Battery electric quantity is the process of a dynamic change, and influence of the battery electric quantity to node itself is also a development and change
Process.Logistic regression equation be frequently used to predict object showed in its evolution with as biological species development
Change procedure, citation form are:
Wherein, k is saturated level, and ρ and σ are normal number, can be determined by primary condition.
Because logistic regression equation is the curve for describing things propagation process, and it is with electricity that node, which starts cost,
The curve that pond electricity successively decreases.On the other hand, because logistic regression curve is not the curve of the growth since 0, while become certainly
The span of amount arrives just infinite for 0.Consider to intercept the logistic song after a certain upset 2 points based on more than, in the present embodiment
Line is approximate as startup cost curve.
Correspond in particular problem, saturated level k=Conh。
Assuming that electricity is EbalWhen, startup cost is an approximate ConlValue Conl- ε, wherein ε are an arbitrarily small number;
Electricity is EbahWhen, startup cost is Conh+ε。
Curvilinear equation expression formula is:
Wherein, EbaiFor the electricity of node i;A and b value is in curvilinear equation:
To sum up, the deformation of logistic equation is used for node electricity and the relation for starting cost, the present invention;By right
Logistic regression equation is adjusted, and obtains moving towards roughly the same functional equation with qualitative profile.
In above-described three kinds of costs, the node of selection should be that security classes cost is larger and node class cost is small
Node;Therefore, the cost value obtained is:
Cost(i)=α * (Con(i)/(Cself(i)+β*Cdang(i)))
Wherein, α is constant, for adjusting the Cost orders of magnitude.
S3, the cost value according to the step S2 ordinary nodes being calculated, and the distribution of suspect node, from ordinary node
Middle selection temporary detecting node.Each node commonly spends Deg corresponding to having(i).Specific temporary detecting node selection algorithm is as schemed
Shown in 7, step is as follows:
B1, statistics suspect node quantity;
B2, it will commonly spend Deg(x)=0 suspect node x is deleted, and updates suspect node quantity;
B3, it will commonly spend Deg(y)=1 suspect node y is put into First ray;
B4, it will commonly spend Deg(z)> 1 suspect node z is put into the second sequence, and by the suspect node in the second sequence
It is ranked up from small to large according to common degree;
Suspect node in B5, processing First ray, it is specially:Suspect node itself y is deleted, and is deleted suspicious with this
The ordinary node Nei that node y is uniquely abutted(y), and delete and ordinary node Nei(y)Remaining adjacent suspect node, then
The suspect node of deletion is subtracted, the suspect node quantity after being updated, and update the second sequence;Y is represented can in First ray
Doubt the sequence number of node;
B6, repeat step B5, until the number of nodes of First ray is 0;
Suspect node in B7, the second sequence of processing, it is specially:By the suspect node in the second sequence according to common degree from
It is small to being ranked up greatly;First suspect node z current in the second sequence is deleted, is found adjacent with z and cost value minimum
Temporary detecting node of the ordinary node as z;Z represents the sequence number of suspect node in the second sequence;
Delete first suspect node z and its other of temporary detecting node and the temporary detecting coverage are suspicious
Node, update the second sequence;
Then the suspect node of deletion is subtracted, the suspect node quantity after being updated;
B8, repeat step B7, until suspect node quantity is 0.
One of ordinary skill in the art will be appreciated that embodiment described here is to aid in reader and understands this hair
Bright principle, it should be understood that protection scope of the present invention is not limited to such especially statement and embodiment.For ability
For the technical staff in domain, the present invention can have various modifications and variations.Within the spirit and principles of the invention, made
Any modification, equivalent substitution and improvements etc., should be included within scope of the presently claimed invention.
Claims (6)
- A kind of 1. safety detection node dynamic deployment method of low overhead, it is characterised in that including:S1, by SDN controllers nodes behavior is monitored, is ordinary node if detection state is safety;Otherwise For suspect node;S2, the cost value for calculating each ordinary node;S3, the cost value according to the step S2 ordinary nodes being calculated, and the distribution of suspect node, are selected from ordinary node Take temporary detecting node.
- A kind of 2. safety detection node dynamic deployment method of low overhead according to claim 1, it is characterised in that step SDN controllers described in S1 also collect each nodal information, and the nodal information includes:The common degree, current of node priority, node Battery electric quantity, high power threshold, low battery threshold value.
- 3. the safety detection node dynamic deployment method of a kind of low overhead according to claim 2, it is characterised in that described Step S2 specifically includes following steps:A1, itself cost is determined, itself cost is the node priority;A2, cost of detriment is determined, the cost of detriment is the common degree of the node;The common degree is the common of the node adjacency The number of degrees of node;A3, determine to start cost, the startup cost is that battery electric quantity and node start temporary detecting function to the node in itself The degree impacted;A4, according to itself cost, cost of detriment and start cost, the cost value of each ordinary node is calculated.
- 4. the safety detection node dynamic deployment method of a kind of low overhead according to claim 3, it is characterised in that when general When logical node is line node, it is fixed value C to start cost described in step A3on_wired, it is expressed as:Con(i)=Con_wired;Starting cost expression formula when ordinary node is radio node, described in step A3 is:<mrow> <msub> <mi>C</mi> <mrow> <mi>o</mi> <mi>n</mi> <mrow> <mo>(</mo> <mi>i</mi> <mo>)</mo> </mrow> </mrow> </msub> <mo>=</mo> <msub> <mi>C</mi> <mrow> <mi>o</mi> <mi>n</mi> <mi>l</mi> </mrow> </msub> <mo>-</mo> <mfrac> <msub> <mi>C</mi> <mrow> <mi>o</mi> <mi>n</mi> <mi>h</mi> </mrow> </msub> <mrow> <mn>1</mn> <mo>+</mo> <msup> <mi>ae</mi> <mrow> <mo>-</mo> <msub> <mi>bE</mi> <mrow> <mi>b</mi> <mi>a</mi> <mi>i</mi> </mrow> </msub> <mo>-</mo> <msub> <mi>E</mi> <mrow> <mi>b</mi> <mi>a</mi> <mi>l</mi> </mrow> </msub> </mrow> </msup> </mrow> </mfrac> <mo>;</mo> </mrow>Wherein, Con(i)Represent the startup cost of i-th of ordinary node, ConlRepresent that node battery electric quantity is less than EbalWhen startup generation Value, EbalRepresent low battery threshold value, ConhRepresent node electricity higher than EbdhWhen startup cost value, EbdhRepresent high electricity threshold Value;A and b are normal number, Eba(i)Represent the electricity of i-th of ordinary node.
- A kind of 5. safety detection node dynamic deployment method of low overhead according to claim 4, it is characterised in that step The cost value expression of each ordinary node described in A4 is as follows:COst(i)=α * (Con(i)/(Cself(i)+β*Cdang(i)))Wherein, Cost(i)For the cost value of i-th of ordinary node, Cself(i)For itself cost of i-th of ordinary node, Cdang(i) For the cost of detriment of i-th of ordinary node, α is constant, and β is cost of detriment and the proportionality coefficient of itself cost.
- A kind of 6. safety detection node dynamic deployment method of low overhead according to claim 5, it is characterised in that step S3 specifically include it is following step by step:B1, statistics suspect node quantity;B2, the suspect node deletion for being 0 by common degree, update suspect node quantity;B3, common degree is put into First ray for 1 suspect node;B4, common suspect node of the degree more than 1 be put into the second sequence;Suspect node in B5, processing First ray, it is specially:Suspect node itself y is deleted, and is deleted and the suspect node The ordinary node Nei that y is uniquely abutted(y), and delete and ordinary node Nei(y)Remaining adjacent suspect node, is then subtracted The suspect node of deletion, the suspect node quantity after being updated, and update First ray and the second sequence;B6, repeat step B5, until the number of nodes of First ray is 0;Suspect node in B7, the second sequence of processing, it is specially:By the suspect node in the second sequence according to common degree from it is small to It is ranked up greatly;First suspect node z current in the second sequence is deleted, is found adjacent with z and cost value minimum common Temporary detecting node of the node as z;Suspect node z and its temporary detecting node and other suspect nodes of the temporary detecting coverage are deleted, then Update the second sequence;The suspect node of deletion is subtracted, the suspect node quantity after being updated;B8, repeat step B7, until suspect node quantity is 0.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710260811.9A CN107425999B (en) | 2017-04-20 | 2017-04-20 | Low-overhead dynamic deployment method for security detection nodes |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710260811.9A CN107425999B (en) | 2017-04-20 | 2017-04-20 | Low-overhead dynamic deployment method for security detection nodes |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107425999A true CN107425999A (en) | 2017-12-01 |
CN107425999B CN107425999B (en) | 2020-11-10 |
Family
ID=60424030
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710260811.9A Expired - Fee Related CN107425999B (en) | 2017-04-20 | 2017-04-20 | Low-overhead dynamic deployment method for security detection nodes |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107425999B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108616394A (en) * | 2018-04-25 | 2018-10-02 | 电子科技大学 | A kind of backup of virtual network function and dispositions method |
CN108881324A (en) * | 2018-09-21 | 2018-11-23 | 电子科技大学 | A kind of the DoS attack Distributed Detection and defence method of SDN network |
CN113242266A (en) * | 2021-07-12 | 2021-08-10 | 深圳市永达电子信息股份有限公司 | NFV-based dynamic intrusion detection method and system |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102006586A (en) * | 2010-11-30 | 2011-04-06 | 上海交通大学 | Wireless Mesh network intrusion detection system and detection method thereof |
CN102572991A (en) * | 2010-12-31 | 2012-07-11 | 中国人民解放军总参谋部第六十一研究所 | Transmission method with low power consumption based on trust control |
CN103327592A (en) * | 2013-05-23 | 2013-09-25 | 南京邮电大学 | Wireless sensor network power control method based on node degrees |
CN105873065A (en) * | 2016-03-28 | 2016-08-17 | 南京邮电大学 | Safe positioning method of wireless sensor network based on trust level evaluation |
US20160269464A1 (en) * | 2014-10-15 | 2016-09-15 | Meru Networks | Optimizing multimedia streaming in wlans (wireless local access networks) with a remote sdn (software-defined networking) controller |
CN106612289A (en) * | 2017-01-18 | 2017-05-03 | 中山大学 | Network collaborative abnormality detection method based on SDN |
-
2017
- 2017-04-20 CN CN201710260811.9A patent/CN107425999B/en not_active Expired - Fee Related
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102006586A (en) * | 2010-11-30 | 2011-04-06 | 上海交通大学 | Wireless Mesh network intrusion detection system and detection method thereof |
CN102572991A (en) * | 2010-12-31 | 2012-07-11 | 中国人民解放军总参谋部第六十一研究所 | Transmission method with low power consumption based on trust control |
CN103327592A (en) * | 2013-05-23 | 2013-09-25 | 南京邮电大学 | Wireless sensor network power control method based on node degrees |
US20160269464A1 (en) * | 2014-10-15 | 2016-09-15 | Meru Networks | Optimizing multimedia streaming in wlans (wireless local access networks) with a remote sdn (software-defined networking) controller |
CN105873065A (en) * | 2016-03-28 | 2016-08-17 | 南京邮电大学 | Safe positioning method of wireless sensor network based on trust level evaluation |
CN106612289A (en) * | 2017-01-18 | 2017-05-03 | 中山大学 | Network collaborative abnormality detection method based on SDN |
Non-Patent Citations (2)
Title |
---|
杨梦婷: "基于OpenFlow的SDN网络仿真平台设计与DoS攻击检测", 《中国硕士学位论文全文数据库信息科技辑》 * |
欧阳熹: "基于节点信誉的无线传感器网络安全关键技术研究", 《中国博士学位论文全文数据库信息科技辑》 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108616394A (en) * | 2018-04-25 | 2018-10-02 | 电子科技大学 | A kind of backup of virtual network function and dispositions method |
CN108881324A (en) * | 2018-09-21 | 2018-11-23 | 电子科技大学 | A kind of the DoS attack Distributed Detection and defence method of SDN network |
CN108881324B (en) * | 2018-09-21 | 2020-04-14 | 电子科技大学 | DoS attack distributed detection and defense method for SDN network |
CN113242266A (en) * | 2021-07-12 | 2021-08-10 | 深圳市永达电子信息股份有限公司 | NFV-based dynamic intrusion detection method and system |
CN113242266B (en) * | 2021-07-12 | 2021-11-30 | 深圳市永达电子信息股份有限公司 | NFV-based dynamic intrusion detection method and system |
Also Published As
Publication number | Publication date |
---|---|
CN107425999B (en) | 2020-11-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Zhu et al. | Network security configurations: A nonzero-sum stochastic game approach | |
WO2020093201A1 (en) | Security modeling quantisation method for cyberspace mimic defence based on gspn and martingale theory | |
CN106341414A (en) | Bayesian network-based multi-step attack security situation assessment method | |
CN107786369A (en) | Based on the perception of IRT step analyses and LSTM powerline network security postures and Forecasting Methodology | |
CN105516177B (en) | 5G network multi-level based on SDN and NFV attacks alleviation method | |
CN107425999A (en) | A kind of safety detection node dynamic deployment method of low overhead | |
CN105868629B (en) | Security threat situation assessment method suitable for electric power information physical system | |
Lu et al. | Constrained-differential-evolution-based stealthy sparse cyber-attack and countermeasure in an AC smart grid | |
CN106850558A (en) | Intelligent electric meter abnormal state detection method based on seaconal model time series | |
Li et al. | On reliability analysis of smart grids under topology attacks: A stochastic petri net approach | |
CN111404915A (en) | Power grid information physical security risk detection method based on three-layer model | |
CN115361150B (en) | Security risk assessment method for power distribution network risk cascade under network attack | |
Zhou et al. | An efficient victim prediction for Sybil detection in online social network | |
Altaher et al. | Application of adaptive neuro-fuzzy inference system for information secuirty | |
Kaviani et al. | Identifying an exploitable structure for the core problem of load-redistribution attack problems | |
CN105844425A (en) | Comprehensive assessing method for security threat situations in electric cyber physical system | |
Duy Le et al. | Cvss based attack analysis using a graphical security model: Review and smart grid case study | |
Ding et al. | Cyber risks of PMU networks with observation errors: Assessment and mitigation | |
CN106506567A (en) | The hidden network attack that a kind of Behavior-based control is passed judgment on is actively discovered method | |
Yu et al. | An advanced accurate intrusion detection system for smart grid cybersecurity based on evolving machine learning | |
Meng et al. | Novel Wireless Sensor Network Intrusion Detection Method Based on LightGBM Model. | |
De et al. | A PMU assisted cyber attack resilient framework against power systems structural vulnerabilities | |
Chang et al. | Implementation of ransomware prediction system based on weighted-KNN and real-time isolation architecture on SDN Networks | |
CN110210221A (en) | A kind of documentation risk detection method and device | |
Basan et al. | Methodology of Countering Attacks for Wireless Sensor Networks Based on Trust |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20201110 Termination date: 20210420 |