CN107425999B - Low-overhead dynamic deployment method for security detection nodes - Google Patents

Low-overhead dynamic deployment method for security detection nodes Download PDF

Info

Publication number
CN107425999B
CN107425999B CN201710260811.9A CN201710260811A CN107425999B CN 107425999 B CN107425999 B CN 107425999B CN 201710260811 A CN201710260811 A CN 201710260811A CN 107425999 B CN107425999 B CN 107425999B
Authority
CN
China
Prior art keywords
node
nodes
cost
suspicious
detection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201710260811.9A
Other languages
Chinese (zh)
Other versions
CN107425999A (en
Inventor
张凤
韦云凯
马立香
李娜
陈怡瑾
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of Electronic Science and Technology of China
Original Assignee
University of Electronic Science and Technology of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Electronic Science and Technology of China filed Critical University of Electronic Science and Technology of China
Priority to CN201710260811.9A priority Critical patent/CN107425999B/en
Publication of CN107425999A publication Critical patent/CN107425999A/en
Application granted granted Critical
Publication of CN107425999B publication Critical patent/CN107425999B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design

Abstract

The invention discloses a low-overhead dynamic deployment method of security detection nodes, which monitors the behavior of nodes in a network through an SDN controller, preliminarily judges suspicious nodes and realizes coarse detection; on the basis of coarse detection, calculating a cost value required by a single common node after the common node is selected as a temporary detection node, selecting the temporary detection node according to the distribution of suspicious nodes in the network and the node cost value, and further detecting the suspicious nodes to realize fine detection of the suspicious nodes; according to the method and the device, the detection accuracy is greatly improved through the cooperation of the temporary detection nodes for fine detection and the conventional detection nodes for coarse detection, the selected temporary detection node set can meet the network safety requirement, the cost value caused by the deployed temporary detection node detection function is enabled to be as small as possible, and the cost of the whole network is low.

Description

Low-overhead dynamic deployment method for security detection nodes
Technical Field
The invention belongs to the field of network security, and particularly relates to a dynamic deployment technology of security detection nodes.
Background
Once malicious nodes such as virus infected nodes and malicious attack nodes appear in the network, great threat is brought to the network security. In order to reduce the harm of malicious nodes and improve the network security, a series of security assistance measures are generally required to be adopted. One common way is to install firewalls or virus-killing software on all nodes, to keep virus/malicious attacks out of the nodes. However, once a new virus/attack breaks through the defense system, the node is no longer secure, and the node itself has a difficult ability to recover itself.
Therefore, the network also needs to have a means for cooperatively detecting and protecting against virus/malicious attacks. In an SDN (Software Defined Networking) network, a current main practice is to analyze and discover possible virus infection/malicious attack nodes in real time by using an SDN controller to integrally grasp a full network topology and traffic. However, as the current network scale is larger and larger, virus/malicious attack means are evolving and simulating normal network behaviors, and a single SDN controller has great limitation on the detection capability of a suspicious node in the network. To compensate for this problem, some security detection nodes are usually deployed in a decentralized network in an application. However, this approach still has considerable limitations: the security detection nodes in the network are usually deployed fixedly, and if the security detection nodes are deployed too densely, extra overhead (cost and resource consumption) is too high; if the deployment of the safety detection nodes is too sparse, the safety detection nodes cannot well detect suspicious nodes.
Therefore, a safety detection method with lower cost and higher efficiency is provided for suspicious behaviors/suspicious nodes in the network, and the method has important significance for effectively discovering the existence of virus infected nodes/attack nodes in the network and improving the network safety.
Disclosure of Invention
The invention provides a low-overhead dynamic deployment method of security detection nodes to solve the technical problems, and the method comprises the following steps of firstly, preliminarily discovering suspicious nodes by utilizing the overall grasp of an SDN controller on a network according to the behavior of the nodes in the network, and realizing coarse detection; furthermore, appropriate safety detection nodes are dynamically deployed around the suspicious node by using a Network Function Virtualization (NFV) technology to realize the fine detection of the suspicious node, so that the thickness combination, the accuracy and the reliability of the safety detection are realized under the condition of low cost.
The technical scheme adopted by the invention is as follows: a low-overhead dynamic deployment method for security detection nodes comprises the following steps:
s1, monitoring the node behavior in the network by the SDN controller, and if the detection state is safe, determining the node is a common node; otherwise, the node is a suspicious node;
s2, calculating the cost value of each common node as a temporary detection node;
and S3, selecting temporary detection nodes from the common nodes according to the cost values of the common nodes obtained by calculation in the step S2 and the distribution of the suspicious nodes.
Further, in step S1, the SDN controller further collects node information, where the node information includes: node priority, node popularity, current battery power, high power threshold, low power threshold.
Further, the step S2 of calculating the cost value of each common node specifically includes:
a1, determining self cost, wherein the self cost is the priority of the node;
a2, determining a hazard cost, wherein the hazard cost is the node popularity; the degree of the common node is the degree of the common node adjacent to the node;
a3, determining a starting cost, wherein the starting cost is the battery power and the degree of influence of the node starting temporary detection function on the node;
and A4, calculating the cost value of each common node according to the cost, the harm cost and the starting cost.
Further, when the normal node is a wired node, the start cost in step a3 is a fixed value, which is expressed as: con(i)=Con_wired
When the normal node is a wireless node, the starting cost expression in step a3 is:
Figure BDA0001274697690000021
wherein, Con(i)Represents the startup cost of the ith ordinary node, ConlIndicating that the node battery capacity is below EbalStarting cost value of time, EbalIndicating a low battery threshold, ConhIndicating that the node electric quantity is higher than EbdhStarting cost value of time, EbdhRepresents a high charge threshold; a and b are normal numbers, Eba(i)Representing the ith ordinary nodeThe amount of electricity.
Further, the cost value of each ordinary node in step a4 is expressed as follows:
Cost(i)=α*(Con(i)/(Cself(i)+β*Cdang(i)));
among them, Cost(i)Is the cost value of the ith normal node, Cself(i)Is the cost of the ith ordinary node, Cdang(i)And the hazard cost of the ith common node is alpha which is a constant, and beta is a proportionality coefficient of the hazard cost and the cost of the ith common node.
Further, step S3 specifically includes the following sub-steps:
b1, counting the number of suspicious nodes;
b2, deleting the suspicious nodes with the common degree of 0, and updating the number of the suspicious nodes;
b3, placing the suspicious node with the common degree of 1 into a first sequence;
b4, placing the suspicious nodes with the common degree larger than 1 into a second sequence;
b5, processing the suspicious node in the first sequence, specifically: deleting the suspicious node y and deleting the common node Nei which is only adjacent to the suspicious node y(y)And deleting the common node Nei(y)Subtracting the deleted suspicious nodes from other adjacent suspicious nodes to obtain the updated number of the suspicious nodes, and updating the first sequence and the second sequence;
b6, repeating the step B5 until the number of the nodes of the first sequence is 0;
b7, processing the suspicious node in the second sequence, specifically: sorting the suspicious nodes in the second sequence from small to large according to the common degree; deleting the current first suspicious node z in the second sequence, and searching a common node which is adjacent to the z and has the minimum cost value as a temporary detection node of the z;
deleting the suspicious node z, the temporary detection node z and other suspicious nodes covered by the temporary detection node z, and then updating the second sequence;
subtracting the deleted suspicious nodes to obtain the updated number of the suspicious nodes;
b8, repeating the step B7 until the number of suspicious nodes is 0.
The invention has the beneficial effects that: according to the method, the SDN controller is used for monitoring the node behaviors in the network, and preliminarily judging suspicious nodes to realize coarse detection; on the basis of rough detection, appropriate temporary detection nodes are dynamically deployed around suspicious nodes by utilizing the NFV technology, the suspicious nodes are further detected, fine detection on the suspicious nodes is realized, the detection accuracy is greatly improved through cooperation of the temporary detection nodes for fine detection and conventional detection nodes for rough detection, the temporary detection node set selected by the application can meet the network safety requirement, the cost value caused by the detection function of the deployed temporary detection nodes is enabled to be as small as possible, and the overhead of the whole network is low.
Drawings
Fig. 1 is an architecture diagram of NFV in combination with SDN;
FIG. 2 is a schematic diagram of a temporary detection node selection model;
FIG. 3 is a flow chart of dynamic deployment of low-overhead security nodes according to an embodiment of the present invention;
FIG. 4 is a schematic of cost classification and meaning;
FIG. 5 is an algorithm flow diagram for node cost value calculation;
FIG. 6 is a qualitative diagram illustrating a relationship between battery power and node startup cost;
fig. 7 is a flow chart of a node selection algorithm.
Detailed Description
In order to facilitate the understanding of the technical contents of the present invention by those skilled in the art, the present invention will be further explained with reference to the accompanying drawings.
The method of the invention is based on an architecture combining NFV and SDN, and the logic diagram of the architecture is shown in FIG. 1. In this architecture, an SDN controller works in conjunction with OpenStack. The SDN controller monitors the node behavior in the network, preliminarily judges out suspicious nodes and realizes coarse detection; in addition, the SDN controller also collects node information, including: the node priority, the node popularity, the current battery power, the high power threshold, the low power threshold and the like provide basis for calculating the cost value required by the ordinary node after the node is elected to temporarily detect the node. The OpenStack issues a deployment detection function to the NFV node, the temporary detection node further detects the suspicious node, the real condition of the suspicious node is judged, and a foundation is laid for subsequent network security measures.
The general coarse detection methods are classified into two types, one is to detect that the flow characteristics satisfy a certain attack, and the other is to detect that the flow characteristics do not satisfy the normal flow characteristics. Both modes can be used for judging the occurrence of the attack, and a certain traceability technology is adopted after the attack is judged (possibly) sent, so that the suspicious nodes can be found where and what the suspicious nodes are; both of these coarse detection methods are well known in the art and will not be described in detail herein.
In a network, network resources are consumed for deploying temporary detection nodes, and the security of the network cannot be guaranteed due to insufficient deployment quantity of the temporary detection nodes or improper positions of selected nodes. Based on the method, the invention provides a low-overhead dynamic deployment method of the security detection nodes, and the overall cost value of the network is reduced as much as possible on the premise of ensuring the security of the network. The technical scheme of the application is as follows: firstly, monitoring node behaviors in a network by an SDN controller, and roughly screening out suspicious nodes; then calculating the cost value of a single common node which needs to be paid after the temporary detection node is selected; and finally, selecting temporary detection nodes according to the distribution of suspicious nodes and the node cost values in the network. In this embodiment, the content of the present application is described by taking a temporary detection node selection model as shown in fig. 2 as an example, suspicious nodes in the present application are discovered by a coarse detection process, and such nodes will further confirm the node status by a fine detection process; the common node in the application is a node with a safe state detected by rough detection, and can be selected as a temporary detection node; the temporary detection node in the application is determined by a selection strategy, is selected from common nodes and is used for fine detection of the condition of a suspicious node.
The technical scheme of the application is shown in fig. 3, and specifically comprises the following steps:
s1, monitoring the node behavior in the network by the SDN controller, and if the detection state is safe, determining the node is a common node; otherwise, the node is a suspicious node; the SDN controller also collects node information, including: the node priority, the node popularity, the current battery power, the high power threshold, the low power threshold and the like provide basis for calculating the cost value required by the ordinary node after the node is elected to temporarily detect the node.
S2, calculating the cost value of each common node; the method comprises the steps that a cost value required to be paid after a temporary detection node is elected is calculated for each common node; the cost classification and meaning are shown in fig. 4; the cost of a node is divided into three parts: self cost, hazard cost, start cost; the calculation of the cost value is shown in fig. 5.
Assuming that n common nodes are included in the NFV nodes obtained by the coarse detection, i is 1,2, 3.
Self cost: under normal circumstances a node may have a specific function, for example, the node itself needs to serve other nodes, and if the node becomes infected, it will affect the normal operation of other nodes, and the node will be given a higher priority.
Each NFV node is divided into mu classes according to the priority, and the corresponding priority of each common node is recorded as Pr(i)=j;i=1,2,3,...,n;j=1,2,3,...,μ。
The cost of each common node is recorded as: cself(i)=Pr(i)
And (4) hazard cost: when a node is infected, the node infects the cost caused by the surrounding ordinary nodes. The infected nodes have the possibility of infecting the surrounding common nodes, and a simple assumption is made here that the larger the number of the surrounding common nodes is, the greater the damage of the suspicious nodes to the surrounding nodes is. Calculating the popularity of each node according to the SDN, and recording the popularity of each common node as Degi,i=1,2,3,...,n。
The hazard cost of each common node is recorded as: cdang(i)=Deg(i)
The starting cost is as follows: related to the battery level of the node; the influence of the additionally consumed electric quantity after the node starts the detection function on the life cycle of the node is represented; when the battery power is too low, the node has the possibility that data cannot be normally transmitted due to power failure; therefore, the invention takes the starting cost into consideration in the selection of the temporary detection node.
If the NFV node is a wired node, the influence of the battery power on the node start does not need to be considered, so the start cost ConIs a fixed value, denoted as Con_wired(ii) a If the NFV node is a wireless node, starting cost ConRelated to the percentage of the remaining capacity of the current node. The present embodiment explains the calculation of the startup cost based on the wireless node.
Under the wireless node environment, the electric quantity is few, there is the possibility that can't start next time after this start-up, and the node also can cause the influence to the function of whole network because the electric quantity is not enough to cause unable normal operating, therefore, the electric quantity is less, and the node is more "unwilling" to start the detection function and "waste" self electric quantity.
The starting cost describes the degree of influence of the battery power and the node starting temporary detection function on the node; the relationship description of the battery power to the node starting cost is qualitative as shown in fig. 6; suppose that: high battery threshold value of EbdhThe low battery threshold is Ebal(ii) a When the electric quantity is lower than EbalWhen the node is in use, the node cannot start a detection function; when the electric quantity is higher than EbahIn time, the node has sufficient electric quantity, and the starting cost is assumed to be a fixed value Conh. When the remaining capacity is at EbalAnd EbdhIn the past, qualitative analysis is firstly carried out, when the electric quantity is large, the consideration of the node on the electric quantity is less, and the loss caused by the consumption of electricity is not too much concerned.
The battery power is a dynamic change process, and the influence of the battery power on the node is a development and change process. Logistic regression equations are often used to predict the development processes similar to biology that an object exhibits during its development, the basic form being:
Figure BDA0001274697690000061
where k is the saturation level and ρ and σ are normal numbers, which can be determined by initial conditions.
Since the logistic regression equation is a curve used to describe the process of things growing, the node startup cost is a curve that decreases with battery charge. On the other hand, since the logistic regression curve is not a curve that increases from 0, while the value of the argument ranges from 0 to positive infinity. Based on the above two points, in this embodiment, it is considered to intercept a reversed logistic curve to approximate as a starting cost curve.
Corresponding to the specific problem, the saturation level k ═ Conh
Assuming the electric quantity is EbalAt a starting cost of approximately ConlValue C ofonl-, where is an arbitrarily small number; the electric quantity is EbahWhen the starting cost is Conh+。
The expression of the curve equation is as follows:
Figure BDA0001274697690000062
wherein E isbaiIs the electric quantity of the node i; the values of a and b in the curve equation are:
Figure BDA0001274697690000063
in conclusion, for the relationship between the node electric quantity and the starting cost, the method adopts the deformation of the logistic equation; and adjusting the logistic regression equation to obtain a function equation approximately same as the trend of the qualitative schematic curve.
In the three costs described above, the selected node should be a node with a higher security class cost and a lower node class cost; thus, the resulting cost value is:
Cost(i)=α*(Con(i)/(Cself(i)+β*Cdang(i)))
where α is a constant used to adjust the Cost order.
And S3, selecting temporary detection nodes from the common nodes according to the cost values of the common nodes obtained by calculation in the step S2 and the distribution of the suspicious nodes. Each node has a corresponding degree of commonalities Deg(i). The specific temporary detection node selection algorithm is shown in fig. 7, and comprises the following steps:
b1, counting the number of suspicious nodes;
b2 degree of normality Deg(x)Deleting the suspicious node x which is 0, and updating the number of the suspicious nodes;
b3 degree of normality Deg(y)Placing the suspicious node y of 1 into the first sequence;
b4 degree of normality Deg(z)Suspicious nodes z larger than 1 are placed into the second sequence, and the suspicious nodes in the second sequence are sorted from small to large according to the common degree;
b5, processing the suspicious node in the first sequence, specifically: deleting the suspicious node y and deleting the common node Nei which is only adjacent to the suspicious node y(y)And deleting the common node Nei(y)Subtracting the deleted suspicious nodes from other adjacent suspicious nodes to obtain the updated suspicious node number, and updating the second sequence; y represents the sequence number of the suspect node in the first sequence;
b6, repeating the step B5 until the number of the nodes of the first sequence is 0;
b7, processing the suspicious node in the second sequence, specifically: sorting the suspicious nodes in the second sequence from small to large according to the common degree; deleting the current first suspicious node z in the second sequence, and searching a common node which is adjacent to the z and has the minimum cost value as a temporary detection node of the z; z represents the sequence number of the suspect node in the second sequence;
deleting the first suspicious node z, the temporary detection node z and other suspicious nodes covered by the temporary detection node z, and updating the second sequence;
then subtracting the deleted suspicious nodes to obtain the updated number of the suspicious nodes;
b8, repeating the step B7 until the number of suspicious nodes is 0.
It will be appreciated by those of ordinary skill in the art that the embodiments described herein are intended to assist the reader in understanding the principles of the invention and are to be construed as being without limitation to such specifically recited embodiments and examples. Various modifications and alterations to this invention will become apparent to those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the scope of the claims of the present invention.

Claims (4)

1. A low-overhead dynamic deployment method for security detection nodes is characterized by comprising the following steps:
s1, monitoring the node behavior in the network by the SDN controller, and if the detection state is safe, determining the node is a common node; otherwise, the node is a suspicious node;
s2, calculating the cost value of each common node; the step S2 specifically includes the following steps:
a1, determining self cost, wherein the self cost is the priority of the node;
a2, determining a hazard cost, wherein the hazard cost is the popularity of the node; the degree of the common node is the degree of the common node adjacent to the node;
a3, determining a starting cost, wherein the starting cost is the battery power and the degree of influence of the node starting temporary detection function on the node; when the normal node is a wired node, the starting cost of the step A3 is a fixed value Con_wiredExpressed as: con(i)=Con_wired
When the normal node is a wireless node, the starting cost expression in step a3 is:
Figure FDA0002683347240000011
wherein, Con(i)Represents the startup cost of the ith ordinary node, ConlIndicating that the node battery capacity is below EbalStarting cost value of time, EbalIndicating a low battery threshold, ConhTo representNode electric quantity is higher than EbdhStarting cost value of time, EbdhRepresents a high charge threshold; a and b are normal numbers, Eba(i)Representing the electric quantity of the ith common node;
a4, calculating the cost value of each common node according to the cost, the harm cost and the starting cost;
and S3, selecting temporary detection nodes from the common nodes according to the cost values of the common nodes obtained by calculation in the step S2 and the distribution of the suspicious nodes.
2. The dynamic deployment method of low-overhead security detection nodes according to claim 1, wherein step S1 is further implemented by the SDN controller collecting node information, where the node information includes: node priority, node popularity, current battery power, high power threshold, low power threshold.
3. The dynamic deployment method of low-overhead security detection nodes according to claim 2, wherein the cost value of each common node in step a4 is expressed as follows:
Cost(i)=α*(Con(i)/(Cself(i)+β*Cdang(i)))
among them, Cost(i)Is the cost value of the ith normal node, Cself(i)Is the cost of the ith ordinary node, Cdang(i)And the hazard cost of the ith common node is alpha which is a constant, and beta is a proportionality coefficient of the hazard cost and the cost of the ith common node.
4. The dynamic deployment method of low-overhead security detection nodes according to claim 3, wherein the step S3 specifically includes the following sub-steps:
b1, counting the number of suspicious nodes;
b2 degree of normality Deg(x)Deleting the suspicious node x which is 0, and updating the number of the suspicious nodes;
b3 degree of normality Deg(y)Placing the suspicious node y of 1 into the first sequence;
b4 degree of normality Deg(z)>1, placing the suspicious node z into a second sequence;
b5, processing the suspicious node in the first sequence, specifically: deleting the suspicious node y and deleting the common node Nei which is only adjacent to the suspicious node y(y)And deleting the common node Nei(y)Subtracting the deleted suspicious nodes from other adjacent suspicious nodes to obtain the updated number of the suspicious nodes, and updating the first sequence and the second sequence;
b6, repeating the step B5 until the number of the nodes of the first sequence is 0;
b7, processing the suspicious node in the second sequence, specifically: sorting the suspicious nodes in the second sequence from small to large according to the common degree; deleting the current first suspicious node z in the second sequence, and searching a common node which is adjacent to the z and has the minimum cost value as a temporary detection node of the z;
deleting the suspicious node z, the temporary detection node z and other suspicious nodes covered by the temporary detection node z, and then updating the second sequence;
subtracting the deleted suspicious nodes to obtain the updated number of the suspicious nodes;
b8, repeating the step B7 until the number of suspicious nodes is 0.
CN201710260811.9A 2017-04-20 2017-04-20 Low-overhead dynamic deployment method for security detection nodes Expired - Fee Related CN107425999B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710260811.9A CN107425999B (en) 2017-04-20 2017-04-20 Low-overhead dynamic deployment method for security detection nodes

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710260811.9A CN107425999B (en) 2017-04-20 2017-04-20 Low-overhead dynamic deployment method for security detection nodes

Publications (2)

Publication Number Publication Date
CN107425999A CN107425999A (en) 2017-12-01
CN107425999B true CN107425999B (en) 2020-11-10

Family

ID=60424030

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710260811.9A Expired - Fee Related CN107425999B (en) 2017-04-20 2017-04-20 Low-overhead dynamic deployment method for security detection nodes

Country Status (1)

Country Link
CN (1) CN107425999B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108616394B (en) * 2018-04-25 2021-03-02 电子科技大学 Virtual network function backup and deployment method
CN108881324B (en) * 2018-09-21 2020-04-14 电子科技大学 DoS attack distributed detection and defense method for SDN network
CN113242266B (en) * 2021-07-12 2021-11-30 深圳市永达电子信息股份有限公司 NFV-based dynamic intrusion detection method and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102006586A (en) * 2010-11-30 2011-04-06 上海交通大学 Wireless Mesh network intrusion detection system and detection method thereof
CN102572991A (en) * 2010-12-31 2012-07-11 中国人民解放军总参谋部第六十一研究所 Transmission method with low power consumption based on trust control
CN103327592A (en) * 2013-05-23 2013-09-25 南京邮电大学 Wireless sensor network power control method based on node degrees
CN105873065A (en) * 2016-03-28 2016-08-17 南京邮电大学 Safe positioning method of wireless sensor network based on trust level evaluation
CN106612289A (en) * 2017-01-18 2017-05-03 中山大学 Network collaborative abnormality detection method based on SDN

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9369744B2 (en) * 2014-10-15 2016-06-14 Fortinet, Inc. Optimizing multimedia streaming in WLANs (wireless local access networks)

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102006586A (en) * 2010-11-30 2011-04-06 上海交通大学 Wireless Mesh network intrusion detection system and detection method thereof
CN102572991A (en) * 2010-12-31 2012-07-11 中国人民解放军总参谋部第六十一研究所 Transmission method with low power consumption based on trust control
CN103327592A (en) * 2013-05-23 2013-09-25 南京邮电大学 Wireless sensor network power control method based on node degrees
CN105873065A (en) * 2016-03-28 2016-08-17 南京邮电大学 Safe positioning method of wireless sensor network based on trust level evaluation
CN106612289A (en) * 2017-01-18 2017-05-03 中山大学 Network collaborative abnormality detection method based on SDN

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
基于OpenFlow的SDN网络仿真平台设计与DoS攻击检测;杨梦婷;《中国硕士学位论文全文数据库信息科技辑》;20150110;第32-53页,参见文中第4章及图4-8 *
基于节点信誉的无线传感器网络安全关键技术研究;欧阳熹;《中国博士学位论文全文数据库信息科技辑》;20140115;第63页-第114页,参见文中第4章-第6章,及图5-1 *

Also Published As

Publication number Publication date
CN107425999A (en) 2017-12-01

Similar Documents

Publication Publication Date Title
US11902120B2 (en) Synthetic data for determining health of a network security system
EP3304858B1 (en) System for monitoring and managing datacenters
CN107425999B (en) Low-overhead dynamic deployment method for security detection nodes
CN110378103A (en) A kind of micro- isolating and protecting method and system based on OpenFlow agreement
US7836195B2 (en) Preserving packet order when migrating network flows between cores
US20090044272A1 (en) Resource-reordered remediation of malware threats
US20200092306A1 (en) Automated creation of lightweight behavioral indicators of compromise (iocs)
CN112511517B (en) Mail detection method, device, equipment and medium
CN101013461A (en) Method of computer protection based on program behavior analysis
CN112437037B (en) Sketch-based DDoS flooding attack detection method and device
CN105516177A (en) 5G network multistage attack mitigation method based on software defined network (SDN) and network function virtualization (NFV)
CN109983735B (en) Method, device and storage device for monitoring network topology
Li et al. On reliability analysis of smart grids under topology attacks: A stochastic petri net approach
CN106055976A (en) Document detection method and sandbox controller
CN105407096A (en) Message data detection method based on stream management
JP2017142744A (en) Information processing apparatus, virus detection method, and program
CN105589772A (en) Method and apparatus for detecting logic crash of FPGA chip
CN105791286A (en) Abnormity detection and processing method of cloud virtual environment
CN102469098B (en) Information safety protection host machine
CN116305129B (en) Document detection method, device, equipment and medium based on VSTO
US11805142B2 (en) Communication system and communication method
Wang Research of intrusion detection based on an improved K-means algorithm
US7607051B2 (en) Device and method for program correction by kernel-level hardware monitoring and correlating hardware trouble to a user program correction
KR20150029483A (en) Apparatus and method for detecting attacks using data mining
CN109472147A (en) A kind of safety detection method and device of virtual platform

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20201110

Termination date: 20210420

CF01 Termination of patent right due to non-payment of annual fee