CN107682342B - Method and system for DDoS (distributed denial of service) flow traction based on openflow - Google Patents
Method and system for DDoS (distributed denial of service) flow traction based on openflow Download PDFInfo
- Publication number
- CN107682342B CN107682342B CN201710967131.0A CN201710967131A CN107682342B CN 107682342 B CN107682342 B CN 107682342B CN 201710967131 A CN201710967131 A CN 201710967131A CN 107682342 B CN107682342 B CN 107682342B
- Authority
- CN
- China
- Prior art keywords
- port
- openflow
- flow
- virtual port
- ddos
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/20—Support for services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/25—Routing or path finding in a switch fabric
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a DDoS flow traction method based on OpenFlow, which comprises the following steps: creating a virtual port on an OpenFlow switch; a Group table with the type of Fast-Failover is established in an OpenFlow controller, the Group table comprises at least two action instruction buckets, a monitoring port of a first action instruction bucket is a virtual port, an outlet is a port of a protected network and/or equipment, and a monitoring port and an outlet of a second action instruction bucket are flow cleaning equipment ports; configuring a Flow table with the highest priority and matching and entering a protected network and/or equipment message by using an action instruction bucket in a Group table in an OpenFlow controller; the OpenFlow controller realizes the traction of flow by controlling the opening or closing of the virtual port, and reduces the harm brought by DDoS attack.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a DDoS flow traction method and system based on OpenFlow.
Background
DDoS (Distributed Denial of Service) attacks refer to the joint use of a plurality of computers as an attack platform by means of a client/server technology, and launch DDoS attacks on one or more targets, thereby exponentially improving the power of Denial of Service attacks.
When DDoS attack occurs, traffic traction is needed to reduce the load of the attacked target. As shown in fig. 1, by deploying a DDoS protector beside a router, the DDoS protector and the router are connected by a BGP (Border gateway protocol); in a network area close to a protected object, devices such as a DDoS detector or IDS (Intrusion Detection Systems) Intrusion Detection, or traffic monitoring are deployed for discovering whether a DDoS attack exists.
When the DDoS detector finds that DDoS attack occurs and confirms the address or the network segment of the attacked object, the DDoS detector sends alarm information to the DDoS protector, and the DDoS protector determines the IP address or the network segment of the attacked object according to the alarm information. The DDoS protector automatically starts protection, broadcasts a BGP route related to the attacked network segment to the router, and sets the next hop address as the address of the DDoS protector. Since the priority of BGP route is higher than IGP route such as OSPF/ISIS, the route of attacked network segment in router changes, and the next hop is not the original next hop address but the address of DDoS protector (flow direction indicated by dotted line in figure). Traffic pulling cannot be achieved for devices that do not support the BGP protocol.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provide a DDoS flow traction method and system based on OpenFlow, and the flow traction can be realized without supporting a complex BGP routing protocol by equipment.
In order to achieve the purpose, the invention provides the following technical scheme: a DDoS flow traction method based on OpenFlow comprises the following steps:
step S1, creating a virtual port on the OpenFlow switch;
step S2, a Group table with the type of Fast-Failover is established in an OpenFlow controller, the Group table comprises at least two action instruction buckets, a monitoring port of a first action instruction bucket is a virtual port, an outlet is a port of a protected network and/or equipment, and a monitoring port and an outlet of a second action instruction bucket are flow cleaning equipment ports;
step S3, configuring a Flow table in the OpenFlow controller, where the Flow table is configured to: the priority is highest, and the message entering the protected network/equipment is matched by applying the action instruction bucket in the Group table;
step S4, when a DDoS attack occurs, the OpenFlow controller controls the virtual port to be closed, and the flow is forwarded to the flow cleaning equipment;
and when the flow rate is reduced to be below the threshold value, the OpenFlow controller controls the virtual port to be opened, so that the flow rate is forwarded to the protected network and/or the protected device.
Preferably, in step S1, the virtual port default state is an open state.
Preferably, in step S3, the OpenFlow controller controls the virtual port to be opened or closed by sending an OpenFlow protocol packet.
Preferably, in step S3, when the OpenFlow protocol packet is a Port Modification Message and OFPPC _ Port _ DOWN in the Port Modification Message is set to 1, the virtual Port is closed; when the value is set to 0, the virtual port is opened.
Preferably, the flow cleaning apparatus comprises a DDoS protector.
DDoS flow traction system based on OpenFlow, include
Virtual port creation module, OpenFlow controller, OpenFlow switch to and flow cleaning equipment, wherein:
the OpenFlow switch is used for forwarding the message;
the virtual creation port module is used for creating a virtual port in the OpenFlow switch;
the OpenFlow controller comprises a Group table creating module, a Flow table creating module and a port control module; wherein the content of the first and second substances,
the Group table creating module is used for creating a Group table of Fast-Failover type, the Group table comprises at least two action instruction buckets, and the first action instruction bucket is configured to: the monitoring port is a virtual port, and the outlet is a protected network/equipment port; the second action instruction bucket is configured to: the monitoring port and the outlet are both flow cleaning equipment ports;
the Flow table creating module is used for creating a Flow table, and the Flow table is configured to: the priority is highest, and the message entering the protected network/equipment is matched by applying the action instruction bucket in the Group table;
the port control module is used for controlling the virtual port to be closed when DDoS attack occurs, so that the flow is forwarded to the flow cleaning equipment; controlling the virtual port to open when the flow rate falls below a threshold value, so that the flow rate is forwarded to the protected network and/or equipment;
the flow cleaning equipment is used for processing the attack flow.
Preferably, the default state of the virtual port is an open state.
Preferably, the port control module controls the virtual port to be opened or closed by sending an OpenFlow protocol message.
Preferably, the OpenFlow protocol packet is a Port Modification Message, and when an OFPPC _ Port _ DOWN in the Port Modification Message is set to 1, the virtual Port is closed; when the value is set to 0, the virtual port is opened.
Preferably, the flow cleaning apparatus comprises a DDoS protector.
The invention has the beneficial effects that:
according to the DDoS flow traction method and system based on the OpenFlow, the device does not need to support a complex BGP protocol, only the virtual port needs to be set, and the opening or closing of the virtual port is controlled through a simple OpenFlow protocol message, so that flow traction is realized, and harm caused by DDoS attack is reduced.
Drawings
FIG. 1 is a schematic diagram of a prior art network topology;
FIG. 2 is a schematic flow diagram of the method of the present invention;
FIG. 3 is a block diagram of the system architecture of the present invention;
fig. 4 is a block diagram of the OpenFlow controller in fig. 3.
Detailed Description
The technical solution of the embodiment of the present invention will be clearly and completely described below with reference to the accompanying drawings of the present invention.
The DDoS flow traction method and system based on the OpenFlow disclosed by the invention can realize the traction of the DDoS flow without supporting BGP (Border gateway protocol) by equipment, thereby reducing the harm brought by DDoS attack.
In this embodiment, a virtual switch is taken as an example to describe in detail a DDoS traffic pulling method based on OpenFlow. Of course, the virtual switch in the present embodiment is not limited thereto, and may be a real switch.
With reference to fig. 2 and fig. 3, a DDoS traffic pulling method based on OpenFlow includes the following steps:
step 1, creating a virtual port on an OpenFlow switch;
specifically, the virtual port is used as a monitor port (watch _ port) of the first motion instruction bucket, and the state of the virtual port is associated with whether the first motion instruction bucket is available. When the virtual port is in an open state, the first action instruction bucket is available, and all messages passing through the OpenFlow switch execute actions in the first action instruction bucket; and when the first virtual port is in a closed state, the first action instruction bucket is unavailable, and all messages passing through the OpenFlow switch execute the next action instruction bucket in an available state.
In this embodiment, the default state of the virtual port is an open state, so that when a packet enters an OpenFlow switch, an action of a first action instruction bucket is executed first (the priority of the first action instruction bucket is highest). In this embodiment, a virtual port (loopback0) is created and added to the database of the virtual switch, and a port number, such as port number 300, is configured for it. It should be noted that the virtual port is only used as a monitoring port, and is not used as a traffic forwarding port.
Step S2, a Group table with the type of Fast-Failover is created in the OpenFlow controller, and the Group table at least comprises two action instruction buckets, wherein a monitoring port of a first action instruction bucket is a virtual port, an outlet is a port of a protected network and/or equipment, and a monitoring port and an outlet of a second action instruction bucket are both flow cleaning equipment ports.
Specifically, in a Group table of Fast-Failover type, each action instruction bucket includes a monitor port (watch _ port) and an output port (output _ port), the state of the monitor port is related to whether the action instruction bucket is available, and according to the configuration sequence of the action instruction buckets in the Group table, a message can only be forwarded from the output in a first action instruction bucket when the first action instruction bucket is available, and the message is forwarded from the output in the next available action instruction bucket when the first action instruction bucket is unavailable. In this embodiment, after the monitoring port of the first action instruction bucket is closed, that is, after the virtual port is closed, the forwarding of the packet executes the action in the second action instruction bucket. And when the monitoring port of the first action instruction bucket is recovered, executing the action in the first action instruction bucket.
As shown in fig. 3, the monitoring port of the first action instruction bucket is the virtual port set as above, and the outlet is a port of the protected network/device, which is a server in this embodiment; the monitoring port and the outlet of the second action instruction barrel are both flow cleaning equipment ports, and in the embodiment, a DDoS protector is adopted. Of course, a traffic purge switch or the like may also be employed.
The configuration instruction of the Group table in the OpenFlow controller is as follows:
ovs-pictl add-group br0-O openflow13"group _ id, type ff, bucket _ port: a, output: b, bucket ═ watch _ port: c, output: and C', wherein A is the virtual port number, B is the port number of the protected network/equipment, and C is the port number of the traffic cleansing equipment.
Step S3, configuring a Flow table in the OpenFlow controller, where the Flow table is configured to: the priority is highest, and the messages entering the protected network and/or the equipment are matched by applying the action instruction bucket in the Group table.
Specifically, when messages are matched, matching is performed in sequence according to the Flow tables, and the Flow table with the higher priority is easier to use. In this embodiment, the Flow table is configured to match the messages of the server, that is, all the messages arriving at the server need to use the Flow table. The action attribute of the Flow table is configured to be an action bucket in the application G roup table, namely when the virtual port is in an open state, the message is normally forwarded to the server; when the virtual port is closed, the message is forwarded to the flow cleaning equipment, so that flow traction is realized, and the attack of the flow to the server is reduced.
The configuration instructions of the Flow table in the OpenFlow controller are as follows:
ovs-foctl add-flow br0-O openflow13"priority is E, IP, nw _ dst is F, action is group:1", where E is priority and F is IP address of protected network/device.
Step S4, when a DDoS attack occurs, the OpenFlow controller controls the virtual port to be closed, and the flow is forwarded to the flow cleaning equipment;
when the flow rate falls below the threshold value, the OpenFlow controller controls the virtual port to be opened, and the flow rate is forwarded to the protected network and/or the protected device.
Specifically, as shown in fig. 3, when a DDoS attack occurs, the OpenFlow controller sends an O penFlow protocol packet to the OpenFlow switch, and the OpenFlow switch analyzes the received OpenFlow protocol packet and determines whether the OpenFlow protocol packet is a command to close a virtual port. If yes, the virtual port is closed, and at the moment, the first action instruction barrel is in an unavailable state. When the first action command is in the unavailable state, the second action command bucket is automatically switched to. The second action instruction bucket executes the flow forwarding to the DDoS protector; the DDoS protector processes, e.g., discards, the attack traffic. In this embodiment, a link, where the OpenFlow switch is directly connected to the server, is still in an open state, the OpenFlow protocol packet is a PortModification Message, and setting OFPPC _ Port _ DOWN in a Port Mo configuration Message to 1 indicates that the virtual Port is closed, and when the OFPPC _ Port _ DOWN is set to 0, indicates that the virtual Port is opened.
When the flow rate is reduced to be below the threshold value, the OpenFlow controller sends an OpenFlow protocol message to the OpenFlow switch, the OpenFlow switch analyzes the received OpenFlow protocol message, whether the message is a port opening instruction is judged, if yes, the virtual port is opened, and at the moment, the first action instruction barrel is in an available state. When the first action instruction bucket is in an available state, the traffic is normally forwarded to the server, and traffic pulling is finished.
Further, when a plurality of data flows enter the switch, a plurality of virtual ports are created in the Op enFlow switch according to the number of the data flows, a plurality of Group tables and Flow tables are configured in the OpenFlow controller, and the Flow tables are matched with messages of each data Flow by using action instruction buckets in the Group tables. In each Group table, the monitoring port of the first action instruction bucket is a virtual port, the outlet is a port of a protected network and/or equipment, the monitoring port and the outlet of the second action instruction bucket are both ports of flow cleaning equipment, and the virtual ports in each Group table are different. And when the DDoS attack does not occur, the message in each data flow is normally forwarded to the protected network and/or equipment. When a DDoS attack occurs to a certain data Flow, the OpenFlow controller controls a monitoring port of a first action instruction bucket in a Group table applied by a Flow table matched with the data Flow to be closed, so that a message in the data Flow is forwarded to Flow cleaning equipment, and message forwarding in other data flows is not affected. If the monitoring ports of the first action instruction bucket in the Group table applied by the Flow table matched with each data Flow are all the same virtual port, when a DDoS attack occurs to a certain data Flow, the OpenFlow controller controls the virtual port to be closed, and then all messages in other data flows are forwarded to the Flow cleaning equipment, so that the burden of the Flow cleaning equipment is increased.
With reference to fig. 3 and 4, an OpenFlow-based DDoS traffic pulling system includes a virtual port creation module, an OpenFlow controller, an OpenFlow switch, and a traffic cleansing device, where,
the OpenFlow switch is used for forwarding the message;
the virtual creation port module is used for creating a virtual port in the OpenFlow switch;
the OpenFlow controller comprises a Group table creating module, a Flow table creating module and a port control module; wherein the content of the first and second substances,
the Group table creating module is used for creating a Group table of Fast-Failover type, the Group table comprises at least two action instruction buckets, and the first action instruction bucket is configured to: the monitoring port is a virtual port, and the outlet is a protected network/equipment port; the second action instruction bucket is configured to: the monitoring port and the outlet are both flow cleaning equipment ports;
the Flow table creating module is used for creating a Flow, and the Flow table is configured to: matching messages entering a protected network and/or equipment by using the action instruction bucket in the Group table;
the port control module is used for controlling the virtual port to be closed when DDoS attack occurs, so that the flow is forwarded to the flow cleaning equipment;
controlling the virtual port to open when the traffic falls below a threshold causes the traffic to be forwarded to the protected network/device.
The flow cleaning equipment is used for processing the attack flow.
Specifically, the virtual port creating module creates a virtual port in the OpenFlow switch, and assigns a port number, and the default state of the virtual port is always an open state.
The Group table includes at least two action instruction buckets, where a first action instruction bucket is available or not is associated with a virtual port and the egress is directed to a protected network/device and the egress of a second action instruction bucket is directed to a traffic cleansing device.
And when the messages are matched, the messages are sequentially matched according to the Flow tables, and the Flow table with higher priority is easier to use. The Flow table is configured to apply the action instruction buckets in the Group table to match the messages of the server. That is, when the virtual port is in the open state, the first action instruction bucket is available, and the packet is forwarded to the protected network/device, that is, to the server. When the virtual port is in a closed state, the first action instruction bucket is unavailable, the second action instruction bucket is available, and the message is forwarded to the flow cleaning equipment, namely the flow cleaning equipment, so that flow traction is realized, and the attack of the flow to the protected network/equipment is reduced.
And the port control module controls the opening or closing of the virtual port by sending an OpenFlow protocol message to the OpenFlow switch. In this embodiment, the OpenFlow protocol Message is a Port modification Message, and when OFPPC _ Port _ DOWN in the Port modification Message is set to 1, the virtual Port is closed; when the value is set to 0, the virtual port is opened.
The flow cleaning equipment processes the attack flow forwarded to the flow cleaning equipment, such as discarding and the like, so that the harm caused by the D DoS is reduced.
The invention creates a Group table with the type of Fast-Failover and a Flow table in an OpenFlow controller, and whether a first action instruction bucket in the Group table is available and associated with a virtual port, the Flow table is configured to apply the action instruction bucket in the Group table to match messages entering a protected network and/or device. The OpenFlow controller realizes the traction of flow by controlling the opening or closing of the virtual port, and reduces the harm brought by DDoS attack.
Therefore, the scope of the present invention should not be limited to the disclosure of the embodiments, but includes various alternatives and modifications without departing from the scope of the present invention, which is defined by the claims of the present patent application.
Claims (10)
1. A DDoS flow traction method based on OpenFlow is characterized by comprising the following steps:
step S1, creating a virtual port on the OpenFlow switch;
step S2, a Group table with the type of Fast-Failover is established in an OpenFlow controller, the Group table comprises at least two action instruction buckets, a monitoring port of a first action instruction bucket is a virtual port, an outlet is a port of a protected network and/or equipment, and a monitoring port and an outlet of a second action instruction bucket are flow cleaning equipment ports;
step S3, configuring a Flow table in the OpenFlow controller, and the Flow table is configured to: the priority is highest, and the messages entering the protected network and/or equipment are matched by applying the action instruction bucket in the Group table;
step S4, when a DDoS attack occurs, the OpenFlow controller controls the virtual port to be closed, and the flow is forwarded to the flow cleaning equipment;
and when the flow rate is reduced to be below the threshold value, the OpenFlow controller controls the virtual port to be opened, so that the flow rate is forwarded to the protected network and/or the protected device.
2. A DDoS traffic pulling method based on OpenFlow according to claim 1, wherein in step S1, the default state of the virtual port is an open state.
3. A DDoS traffic pulling method based on OpenFlow according to claim 1, wherein in step S3, the OpenFlow controller controls a virtual port to be opened or closed by sending an OpenFlow protocol message.
4. A DDoS traffic pulling method based on OpenFlow according to claim 3, wherein in step S3, the OpenFlow protocol packet is a Port Modification Message, and when an OFPPC _ Port _ DOWN in the Port Modification Message is set to 1, the virtual Port is closed; when the value is set to 0, the virtual port is opened.
5. The OpenFlow-based DDoS traffic pulling method according to claim 1, wherein the traffic cleaning device comprises a DDoS protector.
6. A DDoS flow traction system based on OpenFlow is characterized by comprising
Virtual port creation module, OpenFlow controller, OpenFlow switch to and flow cleaning equipment, wherein:
the OpenFlow switch is used for forwarding the message;
the virtual port creating module is used for creating a virtual port in the OpenFlow switch;
the OpenFlow controller comprises a Group table creating module, a Flow table creating module and a port control module; wherein the content of the first and second substances,
the Group table creating module is used for creating a Group table of Fast-Failover type, the Group table comprises at least two action instruction buckets, and the first action instruction bucket is configured to: the monitoring port is a virtual port, and the outlet is a protected network and/or equipment port; the second action instruction bucket is configured to: the monitoring port and the outlet are both flow cleaning equipment ports;
the Flow table creating module is used for creating a Flow table, and the Flow table is configured to: the priority is highest, and the messages entering the protected network and/or equipment are matched by applying the action instruction bucket in the Group table;
the port control module is used for controlling the virtual port to be closed when DDoS attack occurs, so that the flow is forwarded to the flow cleaning equipment; controlling the virtual port to open when the flow rate falls below a threshold value, so that the flow rate is forwarded to the protected network and/or equipment;
the flow cleaning equipment is used for processing the attack flow.
7. The OpenFlow-based DDoS traffic pulling system of claim 6, wherein the default state of the virtual port is an on state.
8. The OpenFlow-based DDoS traffic traction system according to claim 6, wherein the port control module controls a virtual port to be opened or closed by sending an OpenFlow protocol message.
9. The OpenFlow-based DDoS traffic pulling system according to claim 8, wherein the OpenFlow protocol packet is a Port Modification Message, and when an OFPPC _ Port _ DOWN in the Port Modification Message is set to 1, the virtual Port is closed; when the value is set to 0, the virtual port is opened.
10. The OpenFlow-based DDoS traffic pulling system of claim 6, wherein the traffic cleaning device comprises a DDoS protector.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710967131.0A CN107682342B (en) | 2017-10-17 | 2017-10-17 | Method and system for DDoS (distributed denial of service) flow traction based on openflow |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710967131.0A CN107682342B (en) | 2017-10-17 | 2017-10-17 | Method and system for DDoS (distributed denial of service) flow traction based on openflow |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107682342A CN107682342A (en) | 2018-02-09 |
| CN107682342B true CN107682342B (en) | 2020-03-10 |
Family
ID=61139725
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710967131.0A Active CN107682342B (en) | 2017-10-17 | 2017-10-17 | Method and system for DDoS (distributed denial of service) flow traction based on openflow |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107682342B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110290098B (en) * | 2018-03-19 | 2020-12-25 | 华为技术有限公司 | Method and device for defending network attack |
| CN111147478B (en) * | 2019-12-24 | 2022-08-12 | 北京网太科技发展有限公司 | Safety protection method, device and storage medium |
| CN112637244B (en) * | 2021-01-08 | 2023-07-07 | 江苏天翼安全技术有限公司 | Threat detection method for common and industrial control protocols and ports |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103491095A (en) * | 2013-09-25 | 2014-01-01 | 中国联合网络通信集团有限公司 | Flow cleaning framework and device and flow lead and reinjection method |
| CN104601482A (en) * | 2013-10-30 | 2015-05-06 | 中兴通讯股份有限公司 | Traffic cleaning method and device |
| CN104639464A (en) * | 2015-01-09 | 2015-05-20 | 盛科网络(苏州)有限公司 | System and method for realizing cross-interchanger link aggregation on OpenFlow interchanger |
| CN104767762A (en) * | 2015-04-28 | 2015-07-08 | 亚信科技(南京)有限公司 | Safety protection system |
| CN105553728A (en) * | 2015-12-18 | 2016-05-04 | 南京大学 | Network disaster tolerance recovery system and method based on software defined network technique |
| CN106411787A (en) * | 2016-08-30 | 2017-02-15 | 广州西麦科技股份有限公司 | Virtual port establishment method and network system |
| CN106487683A (en) * | 2015-08-27 | 2017-03-08 | 中兴通讯股份有限公司 | A kind of processing method and processing device of message |
| CN106789630A (en) * | 2016-12-30 | 2017-05-31 | 瑞斯康达科技发展股份有限公司 | A kind of network protection method and system, controller, equipment |
| CN106921666A (en) * | 2017-03-06 | 2017-07-04 | 中山大学 | A kind of ddos attack system of defense and method based on Synergy |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130159487A1 (en) * | 2011-12-14 | 2013-06-20 | Microsoft Corporation | Migration of Virtual IP Addresses in a Failover Cluster |
| US20160212048A1 (en) * | 2015-01-15 | 2016-07-21 | Hewlett Packard Enterprise Development Lp | Openflow service chain data packet routing using tables |
-
2017
- 2017-10-17 CN CN201710967131.0A patent/CN107682342B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103491095A (en) * | 2013-09-25 | 2014-01-01 | 中国联合网络通信集团有限公司 | Flow cleaning framework and device and flow lead and reinjection method |
| CN104601482A (en) * | 2013-10-30 | 2015-05-06 | 中兴通讯股份有限公司 | Traffic cleaning method and device |
| CN104639464A (en) * | 2015-01-09 | 2015-05-20 | 盛科网络(苏州)有限公司 | System and method for realizing cross-interchanger link aggregation on OpenFlow interchanger |
| CN104767762A (en) * | 2015-04-28 | 2015-07-08 | 亚信科技(南京)有限公司 | Safety protection system |
| CN106487683A (en) * | 2015-08-27 | 2017-03-08 | 中兴通讯股份有限公司 | A kind of processing method and processing device of message |
| CN105553728A (en) * | 2015-12-18 | 2016-05-04 | 南京大学 | Network disaster tolerance recovery system and method based on software defined network technique |
| CN106411787A (en) * | 2016-08-30 | 2017-02-15 | 广州西麦科技股份有限公司 | Virtual port establishment method and network system |
| CN106789630A (en) * | 2016-12-30 | 2017-05-31 | 瑞斯康达科技发展股份有限公司 | A kind of network protection method and system, controller, equipment |
| CN106921666A (en) * | 2017-03-06 | 2017-07-04 | 中山大学 | A kind of ddos attack system of defense and method based on Synergy |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107682342A (en) | 2018-02-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101907752B1 (en) | SDN capable of detection DDoS attacks using artificial intelligence and controller including the same | |
| US10785266B2 (en) | Methods and systems for protecting a secured network | |
| KR101900154B1 (en) | SDN capable of detection DDoS attacks and switch including the same | |
| US9055006B2 (en) | Techniques for traffic diversion in software defined networks for mitigating denial of service attacks | |
| EP2882162B1 (en) | Data stream security processing method and apparatus | |
| CN108353068B (en) | SDN controller assisted intrusion prevention system | |
| EP3140769A1 (en) | System and methods for reducing impact of malicious activity on operations of a wide area network | |
| CN107682342B (en) | Method and system for DDoS (distributed denial of service) flow traction based on openflow | |
| CN104683333A (en) | Method for implementing abnormal traffic interception based on SDN | |
| WO2004070535A2 (en) | Mitigating denial of service attacks | |
| CN104618379A (en) | IDC service scene-oriented security service arranging method and network structure | |
| CN109995714B (en) | Method, device and system for handling traffic | |
| CN111163062B (en) | Multi-network address hopping security defense method for cross fire attack | |
| EP2977910A1 (en) | Selective diversion and injection of communication traffic | |
| KR101629089B1 (en) | Hybrid openFlow method for combining legacy switch protocol function and SDN function | |
| US9036647B2 (en) | Method and apparatus for network security | |
| KR101914831B1 (en) | SDN to prevent an attack on the host tracking service and controller including the same | |
| Veena et al. | Detection and mitigation of security attacks using real time SDN analytics | |
| CN110519273B (en) | Intrusion prevention method and device | |
| CN112866031B (en) | Route configuration method, device, equipment and computer readable storage medium | |
| Hu et al. | A framework for security on demand | |
| Nisa et al. | Conceptual review of DoS attacks in software defined networks | |
| KR101948984B1 (en) | SDN for detecting switch damage and controller including the same | |
| KR20180041977A (en) | SDN for supporting authentication for link discovery service and controller including the same | |
| US20230028892A1 (en) | Protection against malicious data traffic |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 215101 unit 13 / 16, 4th floor, building B, No. 5, Xinghan street, Suzhou Industrial Park, Jiangsu Province Patentee after: Suzhou Shengke Communication Co.,Ltd. Address before: 215000 unit 13 / 16, floor 4, building B, No. 5, Xinghan street, Suzhou Industrial Park, Suzhou City, Jiangsu Province Patentee before: CENTEC NETWORKS (SU ZHOU) Co.,Ltd. |