CN108040057B - 适于保障网络安全、网络通信质量的sdn系统的工作方法 - Google Patents
适于保障网络安全、网络通信质量的sdn系统的工作方法 Download PDFInfo
- Publication number
- CN108040057B CN108040057B CN201711362506.7A CN201711362506A CN108040057B CN 108040057 B CN108040057 B CN 108040057B CN 201711362506 A CN201711362506 A CN 201711362506A CN 108040057 B CN108040057 B CN 108040057B
- Authority
- CN
- China
- Prior art keywords
- message
- attack
- network
- ids
- controller
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 41
- 238000004891 communication Methods 0.000 title claims abstract description 14
- 238000012545 processing Methods 0.000 claims abstract description 32
- 238000001914 filtration Methods 0.000 claims abstract description 23
- 238000005457 optimization Methods 0.000 claims abstract description 19
- 238000001514 detection method Methods 0.000 claims description 95
- 230000006399 behavior Effects 0.000 claims description 51
- 230000002159 abnormal effect Effects 0.000 claims description 30
- 206010000117 Abnormal behaviour Diseases 0.000 claims description 24
- 230000005540 biological transmission Effects 0.000 claims description 18
- 238000012544 monitoring process Methods 0.000 claims description 14
- 230000008569 process Effects 0.000 claims description 9
- BCGWQEUPMDMJNV-UHFFFAOYSA-N imipramine Chemical compound C1CC2=CC=CC=C2N(CCCN(C)C)C2=CC=CC=C21 BCGWQEUPMDMJNV-UHFFFAOYSA-N 0.000 claims description 8
- 230000009471 action Effects 0.000 claims description 6
- 230000004044 response Effects 0.000 abstract description 9
- 238000004458 analytical method Methods 0.000 abstract description 5
- 238000004364 calculation method Methods 0.000 abstract description 4
- 238000012360 testing method Methods 0.000 description 9
- 238000010586 diagram Methods 0.000 description 7
- 238000004422 calculation algorithm Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 239000011800 void material Substances 0.000 description 5
- 230000006378 damage Effects 0.000 description 4
- 238000013461 design Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 230000008878 coupling Effects 0.000 description 2
- 238000010168 coupling process Methods 0.000 description 2
- 238000005859 coupling reaction Methods 0.000 description 2
- 230000007123 defense Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000013467 fragmentation Methods 0.000 description 2
- 238000006062 fragmentation reaction Methods 0.000 description 2
- 238000009434 installation Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000008447 perception Effects 0.000 description 2
- 230000002265 prevention Effects 0.000 description 2
- 238000000275 quality assurance Methods 0.000 description 2
- 238000012216 screening Methods 0.000 description 2
- 230000002459 sustained effect Effects 0.000 description 2
- 208000036829 Device dislocation Diseases 0.000 description 1
- 230000005856 abnormality Effects 0.000 description 1
- 238000009825 accumulation Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 238000002156 mixing Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 238000001303 quality assessment method Methods 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/302—Route determination based on requested QoS
Abstract
Description
Host1 | Host2 | Host3 | Host4 | Host5 | Host6 | Host7 | Host8 | …… | Host n |
1 | 2 | 2 | 1 | 100 | 2 | 0 | 0 | …… | 0 |
Host1 | Host2 | Host3 | Host4 | Host5 | Host6 | Host7 | Host8 | …… | Host n |
1 | 2 | 2 | 1 | 100 | 2 | 0 | 0 | …… | 0 |
Host1 | Host2 | Host3 | Host4 | Host5 | Host6 | Host7 | Host8 | …… | Host n |
1 | 1 | 0 | 1 | 100 | 2 | 0 | 0 | …… | 0 |
Host1 | Host2 | Host3 | Host4 | Host5 | Host6 | Host7 | Host8 | …… | Host n |
1 | 1 | 0 | 1 | 100 | 2 | 0 | 0 | …… | 0 |
接口名 | 功能 |
public void deviceAdded(IDevice device) | 主机添加响应 |
public void deviceRemoved(IDevice device) | 主机移除响应 |
public void deviceMoved(IDevice device) | 主机移动响应 |
public void deviceIPV4AddrChanged(IDevice device) | 主机IP地址改变响应 |
public void deviceVlanChanged(IDevice device) | 主机VLAN改变响应 |
包头域 | 计数器 | 动作 |
Claims (1)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711362506.7A CN108040057B (zh) | 2014-12-17 | 2014-12-17 | 适于保障网络安全、网络通信质量的sdn系统的工作方法 |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410786993.XA CN104539594B (zh) | 2014-12-17 | 2014-12-17 | 融合DDoS威胁过滤与路由优化的SDN架构、系统及工作方法 |
CN201711362506.7A CN108040057B (zh) | 2014-12-17 | 2014-12-17 | 适于保障网络安全、网络通信质量的sdn系统的工作方法 |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410786993.XA Division CN104539594B (zh) | 2014-12-17 | 2014-12-17 | 融合DDoS威胁过滤与路由优化的SDN架构、系统及工作方法 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108040057A CN108040057A (zh) | 2018-05-15 |
CN108040057B true CN108040057B (zh) | 2021-08-06 |
Family
ID=52855063
Family Applications (4)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711362506.7A Active CN108040057B (zh) | 2014-12-17 | 2014-12-17 | 适于保障网络安全、网络通信质量的sdn系统的工作方法 |
CN201711362500.XA Withdrawn CN107835199A (zh) | 2014-12-17 | 2014-12-17 | 适于解决网络安全的sdn系统的工作方法 |
CN201711362482.5A Active CN108063765B (zh) | 2014-12-17 | 2014-12-17 | 适于解决网络安全的sdn系统 |
CN201410786993.XA Expired - Fee Related CN104539594B (zh) | 2014-12-17 | 2014-12-17 | 融合DDoS威胁过滤与路由优化的SDN架构、系统及工作方法 |
Family Applications After (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711362500.XA Withdrawn CN107835199A (zh) | 2014-12-17 | 2014-12-17 | 适于解决网络安全的sdn系统的工作方法 |
CN201711362482.5A Active CN108063765B (zh) | 2014-12-17 | 2014-12-17 | 适于解决网络安全的sdn系统 |
CN201410786993.XA Expired - Fee Related CN104539594B (zh) | 2014-12-17 | 2014-12-17 | 融合DDoS威胁过滤与路由优化的SDN架构、系统及工作方法 |
Country Status (1)
Country | Link |
---|---|
CN (4) | CN108040057B (zh) |
Families Citing this family (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104539625B (zh) * | 2015-01-09 | 2017-11-14 | 江苏理工学院 | 一种基于软件定义的网络安全防御系统及其工作方法 |
CN104468636A (zh) * | 2015-01-09 | 2015-03-25 | 李忠 | DDoS威胁过滤与链路重配的SDN架构及工作方法 |
CN106713220A (zh) * | 2015-07-24 | 2017-05-24 | 中兴通讯股份有限公司 | 基于ddos攻击防范方法和装置 |
CN109246128B (zh) * | 2015-08-07 | 2019-09-17 | 杭州数梦工场科技有限公司 | 防止链路型DDoS攻击的实现方法和系统 |
CN108028828B (zh) * | 2015-08-29 | 2020-10-27 | 华为技术有限公司 | 一种分布式拒绝服务DDoS攻击检测方法及相关设备 |
CN105282152B (zh) * | 2015-09-28 | 2018-08-28 | 广东睿江云计算股份有限公司 | 一种异常流量检测的方法 |
CN105391690B (zh) * | 2015-10-19 | 2018-11-13 | 中国科学院信息工程研究所 | 一种基于pof的网络窃听防御方法和系统 |
CN105516129A (zh) * | 2015-12-04 | 2016-04-20 | 重庆邮电大学 | 基于sdn技术实现僵尸网络控制信道阻断的方法和装置 |
CN106936799B (zh) | 2015-12-31 | 2021-05-04 | 阿里巴巴集团控股有限公司 | 报文清洗方法及装置 |
CN106961414B (zh) * | 2016-01-12 | 2020-12-25 | 阿里巴巴集团控股有限公司 | 一种基于蜜罐的数据处理方法、装置及系统 |
CN106131031B (zh) * | 2016-07-19 | 2020-03-10 | 北京兰云科技有限公司 | 一种DDoS流量清洗处理的方法及装置 |
CN106534197A (zh) * | 2016-12-22 | 2017-03-22 | 国家电网公司 | 一种自治域内恶意流量过滤方法及系统 |
CN108289104B (zh) * | 2018-02-05 | 2020-07-17 | 重庆邮电大学 | 一种工业SDN网络DDoS攻击检测与缓解方法 |
CN110213214B (zh) * | 2018-06-06 | 2021-08-31 | 腾讯科技(深圳)有限公司 | 一种攻击防护方法、系统、装置和存储介质 |
WO2020019270A1 (en) | 2018-07-27 | 2020-01-30 | Nokia Solutions And Networks Oy | Method, device, and system for network traffic analysis |
US10880329B1 (en) * | 2019-08-26 | 2020-12-29 | Nanning Fugui Precision Industrial Co., Ltd. | Method for preventing distributed denial of service attack and related equipment |
CN110912869A (zh) * | 2019-10-15 | 2020-03-24 | 合肥科技职业学院 | 一种基于大数据的监控提醒方法 |
CN111277609A (zh) * | 2020-02-24 | 2020-06-12 | 深圳供电局有限公司 | 一种sdn网络监控方法及系统 |
CN111683162B (zh) * | 2020-06-09 | 2022-10-25 | 福建健康之路信息技术有限公司 | 一种基于流量识别的ip地址管理方法 |
WO2022000430A1 (zh) * | 2020-07-02 | 2022-01-06 | 深圳市欢太科技有限公司 | 服务器威胁评定方法及相关产品 |
CN112804242B (zh) * | 2021-01-25 | 2022-09-13 | 蔡世泳 | 一种无感知自动发现的api安全管理系统及方法 |
CN113254989B (zh) * | 2021-04-27 | 2022-02-15 | 支付宝(杭州)信息技术有限公司 | 目标数据的融合方法、装置和服务器 |
CN113271318B (zh) * | 2021-07-19 | 2021-09-21 | 中国科学院信息工程研究所 | 网络威胁感知系统及方法 |
CN114374622B (zh) * | 2021-12-31 | 2023-12-19 | 恒安嘉新(北京)科技股份公司 | 一种基于融合分流设备的分流方法及融合分流设备 |
CN114726602A (zh) * | 2022-03-29 | 2022-07-08 | 中国工程物理研究院计算机应用研究所 | 一种网络零变更条件下的企业内网自适应威胁阻断方法 |
CN116319106B (zh) * | 2023-05-22 | 2023-08-08 | 北京网藤科技有限公司 | 一种用于工控安全中的进程级微隔离的方法及系统 |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1472916A (zh) * | 2003-06-24 | 2004-02-04 | 北京邮电大学 | 大规模分布式入侵检测系统的数据融合机制 |
CN101980506A (zh) * | 2010-10-29 | 2011-02-23 | 北京航空航天大学 | 一种基于流量特征分析的分布式入侵检测方法 |
CN102487339A (zh) * | 2010-12-01 | 2012-06-06 | 中兴通讯股份有限公司 | 一种网络设备攻击防范方法及装置 |
CN103166926A (zh) * | 2011-12-14 | 2013-06-19 | 中国科学院沈阳计算技术研究所有限公司 | 一种SIP DDoS攻击分布式防御系统及其负载均衡方法 |
CN103491095A (zh) * | 2013-09-25 | 2014-01-01 | 中国联合网络通信集团有限公司 | 流量清洗架构、装置及流量牵引、流量回注方法 |
CN103561011A (zh) * | 2013-10-28 | 2014-02-05 | 中国科学院信息工程研究所 | 一种SDN控制器盲DDoS攻击防护方法及系统 |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8347073B2 (en) * | 2008-09-05 | 2013-01-01 | Cisco Technology, Inc. | Inspection and rewriting of cryptographically protected data from group VPNs |
US9392010B2 (en) * | 2011-11-07 | 2016-07-12 | Netflow Logic Corporation | Streaming method and system for processing network metadata |
CN102801738B (zh) * | 2012-08-30 | 2014-11-05 | 中国人民解放军国防科学技术大学 | 基于概要矩阵的分布式拒绝服务攻击检测方法及系统 |
CN103095521B (zh) * | 2012-12-18 | 2016-03-30 | 华为技术有限公司 | 流量检测的控制方法、系统、装置、控制器及检测设备 |
US9300483B2 (en) * | 2013-03-15 | 2016-03-29 | International Business Machines Corporation | Self-routing multicast in a software defined network fabric |
KR101460651B1 (ko) * | 2013-05-14 | 2014-11-14 | 고려대학교 산학협력단 | 클라우드 컴퓨팅 기반 서버 부하 분산 장치 및 방법 |
CN104023034B (zh) * | 2014-06-25 | 2017-05-10 | 武汉大学 | 一种基于软件定义网络的安全防御系统及防御方法 |
CN107888617A (zh) * | 2014-12-17 | 2018-04-06 | 蔡留凤 | 软件定义的网络架构的工作方法 |
-
2014
- 2014-12-17 CN CN201711362506.7A patent/CN108040057B/zh active Active
- 2014-12-17 CN CN201711362500.XA patent/CN107835199A/zh not_active Withdrawn
- 2014-12-17 CN CN201711362482.5A patent/CN108063765B/zh active Active
- 2014-12-17 CN CN201410786993.XA patent/CN104539594B/zh not_active Expired - Fee Related
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1472916A (zh) * | 2003-06-24 | 2004-02-04 | 北京邮电大学 | 大规模分布式入侵检测系统的数据融合机制 |
CN101980506A (zh) * | 2010-10-29 | 2011-02-23 | 北京航空航天大学 | 一种基于流量特征分析的分布式入侵检测方法 |
CN102487339A (zh) * | 2010-12-01 | 2012-06-06 | 中兴通讯股份有限公司 | 一种网络设备攻击防范方法及装置 |
CN103166926A (zh) * | 2011-12-14 | 2013-06-19 | 中国科学院沈阳计算技术研究所有限公司 | 一种SIP DDoS攻击分布式防御系统及其负载均衡方法 |
CN103491095A (zh) * | 2013-09-25 | 2014-01-01 | 中国联合网络通信集团有限公司 | 流量清洗架构、装置及流量牵引、流量回注方法 |
CN103561011A (zh) * | 2013-10-28 | 2014-02-05 | 中国科学院信息工程研究所 | 一种SDN控制器盲DDoS攻击防护方法及系统 |
Non-Patent Citations (2)
Title |
---|
基于分布式IDS的云计算网络防护系统;苏子彬,武斌,王晓浩,王秋城;《第十届中国通信学会学术年会论文集》;第十届中国通信学会学术年会会议;20140905;第194-197页 * |
苏子彬,武斌,王晓浩,王秋城.基于分布式IDS的云计算网络防护系统.《第十届中国通信学会学术年会论文集》.第十届中国通信学会学术年会会议,2014,第194-197页. * |
Also Published As
Publication number | Publication date |
---|---|
CN104539594B (zh) | 2018-02-23 |
CN104539594A (zh) | 2015-04-22 |
CN107835199A (zh) | 2018-03-23 |
CN108063765A (zh) | 2018-05-22 |
CN108063765B (zh) | 2021-07-16 |
CN108040057A (zh) | 2018-05-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108040057B (zh) | 适于保障网络安全、网络通信质量的sdn系统的工作方法 | |
CN101589595B (zh) | 用于潜在被污染端系统的牵制机制 | |
CN104660582B (zh) | DDoS识别、防护和路径优化的软件定义的网络架构 | |
CN104539625B (zh) | 一种基于软件定义的网络安全防御系统及其工作方法 | |
JP2018038062A (ja) | ネットワークシステム、制御装置、通信装置、通信制御方法および通信制御プログラム | |
CN108737447B (zh) | 用户数据报协议流量过滤方法、装置、服务器及存储介质 | |
US20070248084A1 (en) | Symmetric connection detection | |
CN104539595B (zh) | 一种集威胁处理和路由优化于一体的sdn架构及工作方法 | |
WO2002021279A1 (en) | Thwarting source address spoofing-based denial of service attacks | |
WO2002021278A1 (en) | Coordinated thwarting of denial of service attacks | |
WO2002021296A1 (en) | Statistics collection for network traffic | |
WO2002021302A1 (en) | Monitoring network traffic denial of service attacks | |
WO2002021297A1 (en) | Architecture to thwart denial of service attacks | |
WO2002021771A1 (en) | Device to protect victim sites during denial of service attacks | |
Rengaraju et al. | Detection and prevention of DoS attacks in Software-Defined Cloud networks | |
CN104378380A (zh) | 一种基于SDN架构的识别与防护DDoS攻击的系统及方法 | |
CN104468636A (zh) | DDoS威胁过滤与链路重配的SDN架构及工作方法 | |
CN108810008B (zh) | 传输控制协议流量过滤方法、装置、服务器及存储介质 | |
CN105871773A (zh) | 一种基于SDN网络架构的DDoS过滤方法 | |
Jiang et al. | Bsd-guard: a collaborative blockchain-based approach for detection and mitigation of sdn-targeted ddos attacks | |
CN107864110A (zh) | 僵尸网络主控端检测方法和装置 | |
JP5178573B2 (ja) | 通信システムおよび通信方法 | |
US8281400B1 (en) | Systems and methods for identifying sources of network attacks | |
KR100733830B1 (ko) | 광대역 네트워크에서의 분산 서비스 거부 공격 탐지 및대응 방법 | |
CN109547442B (zh) | 一种gtp协议防护方法及装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB03 | Change of inventor or designer information |
Inventor after: Li Lianguo Inventor after: Xu Mengxi Inventor after: Wu Xie Inventor after: Wan Guoyong Inventor after: Huang Lanbo Inventor after: Zhang Jiahua Inventor before: Request for anonymity |
|
CB03 | Change of inventor or designer information | ||
TA01 | Transfer of patent application right | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20210721 Address after: 330000 No.89 Huoju street, high tech Industrial Development Zone, Nanchang City, Jiangxi Province Applicant after: JIANGXI WUDA YANGFAN TECHNOLOGY Co.,Ltd. Address before: 213000 Liaohe Road Changgong Institute, New North District, Changzhou City, Jiangsu Province Applicant before: Zhu Baosheng |
|
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP01 | Change in the name or title of a patent holder |
Address after: 330000 No.89 Huoju street, high tech Industrial Development Zone, Nanchang City, Jiangxi Province Patentee after: China Railway Water Resources Information Technology Co.,Ltd. Address before: 330000 No.89 Huoju street, high tech Industrial Development Zone, Nanchang City, Jiangxi Province Patentee before: JIANGXI WUDA YANGFAN TECHNOLOGY Co.,Ltd. |
|
CP01 | Change in the name or title of a patent holder | ||
EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20180515 Assignee: Lushan City Branch of China Railway Water Resources Information Technology Co.,Ltd. Assignor: China Railway Water Resources Information Technology Co.,Ltd. Contract record no.: X2023980044093 Denomination of invention: The working method of SDN system suitable for ensuring network security and network communication quality Granted publication date: 20210806 License type: Common License Record date: 20231020 |
|
EE01 | Entry into force of recordation of patent licensing contract |