CN108183864A - IDS feedback-based software-defined network flow sampling method and system - Google Patents
IDS feedback-based software-defined network flow sampling method and system Download PDFInfo
- Publication number
- CN108183864A CN108183864A CN201810083594.5A CN201810083594A CN108183864A CN 108183864 A CN108183864 A CN 108183864A CN 201810083594 A CN201810083594 A CN 201810083594A CN 108183864 A CN108183864 A CN 108183864A
- Authority
- CN
- China
- Prior art keywords
- time
- ids
- sampling
- flow
- stream
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a software-defined network flow sampling method and system based on IDS feedback, which are characterized in that the flow is temporarily sampled and sent to an IDS for preliminary detection by means of the centralized control capability of an SDN controller on the network flow, and whether the flow is continuously sampled or not is determined according to the detection result of the IDS, so that the sampling accuracy is improved, the flow with high threat is selected as far as possible to be detected under the condition of limited bandwidth, and the utilization rate of sampling bandwidth and the detection precision are improved. The method is simple to implement and high in feedback speed, sampling is implemented by using the independent sampling table, normal services are not influenced by sampling, and the method has the capability of deploying in an actual system, particularly a cloud data center.
Description
Technical field
The present invention relates to network data processing field, particularly a kind of software defined network stream sampling based on IDS feedbacks
Method and system.
Background technology
Software defined network (SDN) is built using the thought that control plane is detached with data plane, is greatly enhanced
For the overall control ability of network.Again because of its programmable feature so that network control has flexibility, can be abundant
Northbound interface based on its offer develops abundant network application.These features cause software defined network to be highly suitable for Yun Huan
In border, because dynamic characteristic and virtualized nature that cloud has in itself cause network boundary to obscure, network topology constantly changes, pass
The network managing mode inefficiency of system and easily error.
The huge East and West direction traffic monitoring of cloud data center is always the problem of network security management, on the one hand due to cloud sheet
The obscurity boundary of body, the tenant of logic isolation may share the traditional boundaries security tool such as identical physical hardware resources, IDS
Dispose difficulties.On the other hand more and more data and application move to come among cloud so that the East and West direction stream inside cloud
Measure it is huge, in cloud attack increase, the network flow for only monitoring cloud boundary is inadequate.And the flow inside cloud is all pulled out
Very big bandwidth can be consumed to be detected to IDS, the business of cloud in itself is caused to be affected, therefore, it is necessary to use sampling
Method.
Current traffic sampling method is divided into two kinds of stream sampling and packet sampling.Packet sampling has very much in terms of network performance monitoring
Effect, but detection result then can greatly be influenced for intrusion detection.This is because malicious attack flow and non-uniform Distribution, and
Traditional packet sampling technique uses fixed sample rate and sample objects.In contrast, stream sampling significantly more efficient can ensure
Sampling flow keeps the feature of original flow.Currently used widest stream sampling technique is stochastic flow sampling, its main feature is that simple
It is single, easily operated.However, stochastic flow sampling often omits more attack stream, especially certain existence due to being lack of pertinence
Time is very long but repeated very low stream.Therefore it should be instructed, be improved with reference to known threat information convection current sampling as far as possible
The accuracy of sampling.
Invention content
The technical problems to be solved by the invention are, in view of the shortcomings of the prior art, providing a kind of software based on IDS feedbacks
The network flow method of sampling and system are defined, improves the accuracy of sampling, selection has height as far as possible in the case where bandwidth is limited
The flow of Threat is detected, and improves the utilization rate of sampling bandwidth and the precision of detection.
In order to solve the above technical problems, the technical solution adopted in the present invention is:A kind of software definition based on IDS feedbacks
The network flow method of sampling, includes the following steps:
1) module is created in SDN controllers, for handling packet_in message, while safeguards one
Hash table, for storing the addition time of temporary sample stream, when receiving new packet_in message, first in Hash table
It is middle to search corresponding sample streams and whether there is, it is less than T3 if there is and apart from the time intervals of last time addition sample streams, then neglects
Slightly;Otherwise a temporary sample stream is added, and hard time-out time is set for T1, while Hash table is recorded in the temporary sample stream
In.
2) flow is guided to IDS and is detected by temporary sample stream, one monitoring process of IDS terminal maintenances, for real-time
Detect the variation of IDS daily records;
3) it after monitoring process detects IDS journal changes, is sent and asked to SDN controllers by api interface, installation corresponds to
Sample streams, it is T2 to set idle time-out, while safeguards a sample streams installation record sheet, the time of record sample streams installation,
When there is same stream in next time, time of first query history record with current time the time difference, when the time difference being more than threshold value T4 more
New sample streams;If new record is then mounted directly sample streams;When occurring the sample streams again, SDN switch forwards flow
IDS interfaces are mirrored to while to destination, so as to fulfill the lasting detection to suspicious flow;
4) non-suspicious flow does not obtain the feedback auto-timeout failure of IDS after time T1, and suspicious flow is in its free time
It also fails during more than T2, when corresponding discharge reappears, return to step 1), to realize the update of state.
The definition of the sample streams to be determined by openflow matching fields, for TCP flow for in_port, eth_src,
Eth_type, ip_proto, ipv4_src, ipv4_dst, tcp_src, tcp_dst }, that is, input physical port number, source ether
Net address, purpose ethernet address, IP protocol number, source IP address, purpose IP address, TCP source port, TCP destination interfaces;For
UDP flow is { in_port, eth_src, eth_type, ip_proto, ipv4_src, ipv4_dst, udp_src, udp_dst },
Input physical port number, source ethernet address, purpose ethernet address, IP protocol number, source IP address, purpose IP address, UDP
Source port, UDP destination interfaces;For ICMP stream for in_port, eth_src, eth_type, ip_proto, ipv4_src,
Ipv4_dst }, that is, input physical port number, source ethernet address, purpose ethernet address, IP protocol number, source IP address, purpose
IP address.
The key definition of the Hash table is to flow matching field, value to be defined as the time that stream adds, i.e.,<match,time>.
The temporary sample stream and sample streams are installed in the individual sampling table of interchanger, and sampling table and interchanger are realized
The forwarding table of node normal traffic communication carries out individually management;Pass through openflowGOTO_TABLE between forwarding table and sampling table
Cascade is realized in instruction, i.e. flow first passes through forwarding table matching, then matched by sampling table.
In the present invention, the api interface includes JSP, soap, RESTful.
Correspondingly, the present invention also provides a kind of software defined network stream sampling system based on IDS feedbacks, including:
SDN controllers:For creating a module handled packet_in message, while safeguard a Hash
Table for storing the addition time of temporary sample stream, when receiving new packet_in message, is looked into Hash table first
Corresponding sample streams is looked for whether there is, if there is and apart from last time addition sample streams time interval be less than T3, then ignore;It is no
A temporary sample stream is then added, and hard time-out time is set for T1, while the temporary sample stream is recorded in Hash table.
IDS terminals:For when flow is guided to IDS terminals and is detected by temporary sample stream, safeguard one monitor into
Journey detects the variation of IDS daily records in real time;
Monitoring process:For after IDS journal changes are measured, being sent and being asked to SDN controllers by api interface, installation
Corresponding sample streams, it is T2 to set idle time-out, while safeguards a sample streams installation record sheet, record sample streams installation when
Between, when same sample streams occurs in next time, the time of first query history record is more than threshold value with the time difference of current time when the time difference
Sample streams are updated during T4;If new record is then mounted directly sample streams;When occurring the sample streams again, SDN switch will flow
Amount is mirrored to IDS interfaces while being forwarded to destination, so as to fulfill the lasting detection to suspicious flow;
SDN switch:For preserving forwarding table and sampling table, and data packet is matched and forwarded, while by super
When setting ensure that non-suspicious flow does not obtain the feedback auto-timeout failure of IDS after time T1, suspicious flow is in its free time
Also fail during more than T2, when corresponding discharge reappears, inform SDN controllers, repeat SDN controllers, IDS terminals and
The operation of monitoring process, to realize the update of state.
Above-mentioned SDN controllers include:
Processing module:For handling packet_in message, while safeguard a Hash table;
Hash table:For storing the addition time of temporary sample stream, when receiving new packet_in message, first
Corresponding sample streams are searched in Hash table to whether there is, and if there is no a temporary sample stream is then added, hard time-out is set
Time is T1, while the temporary sample stream is recorded in Hash table;If there is and this addition time interval was small with last time
In T3, then ignore;Otherwise a temporary sample stream is added, and hard time-out time is set for T1, while the temporary sample stream is remembered
It records in Hash table.
Compared with prior art, the advantageous effect of present invention is that:The present invention is by SDN controllers for network flow
The centralized Control ability of amount gives flow elder generation temporary sample IDS and carries out Preliminary detection, and the result decision detected according to IDS is
No to continue to sample the stream, so as to improve the accuracy of sampling, in the case where bandwidth is limited, selection has height as far as possible
The flow of Threat is detected, and improves the utilization rate of sampling bandwidth and the precision of detection.The present invention implements simple, feedback speed
Soon, implement sampling using independent sampling table, sampling does not influence regular traffic, has in real system, especially cloud data
The ability that the heart is disposed.
Description of the drawings
Fig. 1 is one embodiment of the invention method schematic.
Specific embodiment
The invention discloses a kind of software defined network stream method of samplings based on IDS feedbacks, it is intended to be software defined network
Intruding detection system in network provides accurate data source, while save sampling bandwidth.Participate in workflow signal shown in FIG. 1
Figure, the method for the present invention step include:
Step 1:Temporary sample stream is installed
There is no matched new stream for interchanger, SDN switch can notify SDN to control in a manner of packet_in message
Device, the module of SDN controllers in itself can carry out corresponding route querying first and establish forwarding flow.The sampling module of the present invention is then
The matching field wrapped in extraction packet_in message, and search with the presence or absence of the matching field in historical record Hash table, if
It is not mounted directly corresponding temporary sample stream then;If any corresponding timestamp value is then obtained, if time interval is more than centainly
Threshold value T3, then temporary sample stream is installed, otherwise any processing is not carried out to the packet_in message.Temporary sample stream it is hard
Time-out time is set as T1, and the value of T1 is smaller, primarily to the message information that IDS gets the stream is allowed to be prejudged, later
Then decide whether to continue to sample according to IDS feedbacks.It will be saved in historical record Hash table after the installation of temporary sample stream,
Facilitate judged when there is identical packet_in message next time, if the interval of packet_in message identical twice is small
Temporary sample is then no longer carried out in T3, so as to which non-suspicious flow be avoided to generate temporary sample stream repeatedly, occupies sampling bandwidth.
Step 2:Implement temporary sample
The implementation of temporary sample, the implementation including being sampled in step 4 flow to individual sampling table using installation sampling
Mode, and the cascade realized with forwarding table is instructed by GOTO_TABLE.GOTO_TABLE instruction be openflow1.1 and more than
Version designs to support multithread table, can allow the multiple flow tables of the matching of packet sequence by the instruction, realize multiple
Forwarding and control.For this purpose, the present invention has modified the generating process of original forwarding flow, in the case where keeping primitive logic constant,
Add " goto_table:The action of sample-table-id " is referred to while destination is forwarded to using GOTO_TABLE
Matched message is issued sampling table and matched by order.Original normal communication can be both influenced to avoid sampling in this way, is also convenient for
Sampling is managed collectively.The action of flow table item is " output in sampling table:Flow is output to by ids-port "
Physical switch where IDS, this is suitable for the situation that IDS is connected directly between current SWITCH.For IDS not current
The situation of interchanger needs that the address that purpose physical address is IDS is packaged or changed by way of tunnel, accordingly
It acts as " set_eth_dst=ids_eth ".
Step 3:Monitor IDS journal changes
In order to obtain the feedback of IDS in time, the present invention needs to monitor the variation of IDS daily records in real time, and feel according to the variation
It obtains and whether respective streams is further sampled.There are many output formats of IDS daily records, and the present invention is with IDS systems snort outputs of increasing income
Csv forms daily record for illustrate.The field of daily record output can be configured, including timestamp, sig
generator、sig id、sig rev、msg、proto、src、srcport、dst、dstport、ethsrc、ethdst、
ethlen、tcpflags、tcpseq、tcpack、tcplen、tcpwindow、ttl、tos、id、dgmlen、iplen、
Icmptype, icmpcode, icmpid, icmpseq etc..In order to be matched with SDN streams, we select proto, src,
Srcport, dst, dstport five-tuple as stream identification and matched field, i.e., protocol number, source IP, source port, destination IP,
Destination interface.Newly-increased IDS can be obtained in real time by linux orders " tail-f log.csv " to alert.
Step 4:Sample streams are installed according to IDS journal changes
IDS nodes safeguard a sampling Hash table simultaneously, for preserving the sample streams installed.Obtain newly-increased IDS alarms
Afterwards, it first searches the Hash table and judges whether installed before matched stream.If installed and last time installation when
Between interval be less than T4, then no longer sampled, otherwise just pass through controller provide api interface installation sample streams.Controller carries
The api interface of confession may be there are many type, and such as JSP, soap, RESTful, the present invention is provided with the controller Floodlight that increases income
RESTful api interfaces illustrate.The free time of the matching field of stream, the ID of sampling table, stream is specified when sample streams are installed
Time-out time and the action of sampling.Idle timeout T2 is primarily to avoid being identified as the stream threatened by IDS at the beginning
It is taken as that stream is threatened to be sampled always.The regulation of sampling action is as temporary sample stream in step 2.
Step 5:It is set according to time-out and updates sampling table
The sample streams that the temporary sample stream and step 4 that step 2 is installed are installed have overtime setting, and temporary sample stream is in T1
Between after force failure, regardless of whether also matched flow is transmitting, this is to reduce sampling bandwidth consumption, ensure that band can be used
It is wide.Sampling is then really continuously obtained due to the installation of sample streams by the IDS flows for being identified as threatening, but there are a kind of feelings
Condition, its load carried may be from maliciously becoming normal in different periods for same stream, therefore cannot be simply because IDS most starts to know
It Wei not threaten with regard to being sampled always to the stream, otherwise may occupy valuable sampling bandwidth.Setting T2 purpose be exactly in this way,
When sample streams are more than certain time not have any matched flow, which ceases to be in force automatically, when corresponding flow reappears,
The whole flow process that step 1 restarts temporary sample, IDS is detected, IDS is fed back is returned to, so as to fulfill the update of sampling table.
Claims (7)
1. a kind of software defined network stream method of sampling based on IDS feedbacks, which is characterized in that include the following steps:
1) module is created in SDN controllers, for handling packet_in message, while safeguards a Hash
Table for storing the addition time of temporary sample stream, when receiving new packet_in message, is looked into Hash table first
Corresponding sample streams is looked for whether there is, if there is and apart from last time addition sample streams time interval be less than T3, then ignore;It is no
A temporary sample stream is then added, and hard time-out time is set for T1, while the temporary sample stream is recorded in Hash table;
2) flow is guided to IDS terminals and is detected by temporary sample stream, one monitoring process of IDS terminal maintenances, for real-time
Detect the variation of IDS daily records;
3) it after monitoring process detects IDS journal changes, is sent and asked to SDN controllers by api interface, installation is corresponding to adopt
Sample stream, it is T2 to set idle time-out, while safeguards a sample streams installation record sheet, the time of record sample streams installation, next time
When there are same sample streams, time of first query history record with current time the time difference, when the time difference being more than threshold value T4 more
New sample streams;If new record is then mounted directly sample streams;When occurring the sample streams again, SDN switch forwards flow
IDS interfaces are mirrored to while to destination, so as to fulfill the lasting detection to suspicious flow;
4) non-suspicious flow does not obtain the feedback auto-timeout failure of IDS after time T1, and suspicious flow is more than in its free time
It also fails during T2, when corresponding discharge reappears, return to step 1), to realize the update of state.
2. the software defined network stream method of sampling according to claim 1 based on IDS feedbacks, which is characterized in that described
The definition of sample streams is determined by openflow matching fields, is { in_port, eth_src, eth_type, ip_ for TCP flow
Proto, ipv4_src, ipv4_dst, tcp_src, tcp_dst }, that is, input physical port number, source ethernet address, purpose with
Too net address, IP protocol number, source IP address, purpose IP address, TCP source port, TCP destination interfaces;It is { in_ for UDP flow
Port, eth_src, eth_type, ip_proto, ipv4_src, ipv4_dst, udp_src, udp_dst }, that is, input physics
Port numbers, source ethernet address, purpose ethernet address, IP protocol number, source IP address, purpose IP address, UDP source ports, UDP
Destination interface;It is { in_port, eth_src, eth_type, ip_proto, ipv4_src, ipv4_dst } for ICMP streams, i.e.,
Input physical port number, source ethernet address, purpose ethernet address, IP protocol number, source IP address, purpose IP address.
3. the software defined network stream method of sampling according to claim 1 based on IDS feedbacks, which is characterized in that described
The key definition of Hash table is to flow matching field, value to be defined as the time that stream adds, i.e.,<match,time>.
4. the software defined network stream method of sampling according to claim 1 based on IDS feedbacks, which is characterized in that described
Temporary sample stream and sample streams are installed in the individual sampling table of interchanger, and sampling table and interchanger realize node regular traffic
The forwarding table of communication carries out individually management;It is instructed between forwarding table and sampling table by openflow GOTO_TABLE and realizes grade
Connection, i.e. flow first pass through forwarding table matching, are then matched by sampling table.
5. the software defined network stream method of sampling according to claim 1 based on IDS feedbacks, which is characterized in that described
Api interface includes JSP, soap, RESTful.
6. a kind of software defined network stream sampling system based on IDS feedbacks, which is characterized in that including:
SDN controllers:It for creating a module handled packet_in message, while safeguards a Hash table, uses
In the addition time of storage temporary sample stream, when receiving new packet_in message, search and correspond to first in Hash table
Sample streams whether there is, if there is and apart from last time addition sample streams time interval be less than T3, then ignore;Otherwise it adds
One temporary sample stream, and hard time-out time is set for T1, while the temporary sample stream is recorded in Hash table.
IDS terminals:It is real for when flow is guided to IDS terminals and is detected by temporary sample stream, safeguarding a monitoring process
When detect IDS daily records variation;
Monitoring process:For after IDS journal changes are measured, being sent and being asked to SDN controllers by api interface, installation corresponds to
Sample streams, it is T2 to set idle time-out, while safeguards a sample streams installation record sheet, the time of record sample streams installation,
When same sample streams occurs in next time, the time of first query history record is more than threshold value T4 with the time difference of current time when the time difference
Shi Gengxin sample streams;If new record is then mounted directly sample streams;When occurring the sample streams again, SDN switch is by flow
IDS interfaces are mirrored to while being forwarded to destination, so as to fulfill the lasting detection to suspicious flow;
SDN switch:For preserving forwarding table and sampling table, and data packet is matched and forwarded, while set by time-out
The feedback auto-timeout failure for ensureing that non-suspicious flow does not obtain IDS after time T1 is put, suspicious flow is more than in its free time
It also fails during T2, when corresponding discharge reappears, informs SDN controllers, repeat SDN controllers, IDS terminals and monitoring
The operation of process, to realize the update of state.
7. the software defined network stream sampling system according to claim 6 based on IDS feedbacks, which is characterized in that described
SDN controllers include:
Processing module:For handling packet_in message, while safeguard a Hash table;
Hash table:For storing the addition time of temporary sample stream, when receiving new packet_in message, breathing out first
Corresponding sample streams are searched in uncommon table to whether there is, and are less than T3 if there is and apart from the time intervals of last time addition sample streams,
Then ignore;Otherwise a temporary sample stream is added, and hard time-out time is set for T1, while Kazakhstan is recorded in the temporary sample stream
In uncommon table.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810083594.5A CN108183864B (en) | 2018-01-29 | 2018-01-29 | IDS feedback-based software-defined network flow sampling method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810083594.5A CN108183864B (en) | 2018-01-29 | 2018-01-29 | IDS feedback-based software-defined network flow sampling method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108183864A true CN108183864A (en) | 2018-06-19 |
| CN108183864B CN108183864B (en) | 2020-12-04 |
Family
ID=62551538
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810083594.5A Active CN108183864B (en) | 2018-01-29 | 2018-01-29 | IDS feedback-based software-defined network flow sampling method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108183864B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111641591A (en) * | 2020-04-30 | 2020-09-08 | 杭州博联智能科技股份有限公司 | Cloud service security defense method, device, equipment and medium |
| CN111740858A (en) * | 2020-06-08 | 2020-10-02 | 中国电信集团工会上海市委员会 | Operation monitoring system and method of software defined network controller |
| CN113726591A (en) * | 2021-07-28 | 2021-11-30 | 中盈优创资讯科技有限公司 | Secondary sampling method suitable for NetFlow message distribution |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104539625A (en) * | 2015-01-09 | 2015-04-22 | 江苏理工学院 | Network security defense system based on software definition and working method thereof |
| CN104580173A (en) * | 2014-12-25 | 2015-04-29 | 广东顺德中山大学卡内基梅隆大学国际联合研究院 | SDN (self-defending network) anomaly detection and interception method and system |
| CN105429950A (en) * | 2015-10-29 | 2016-03-23 | 国家计算机网络与信息安全管理中心 | Network flow identification system and method based on dynamic data packet sampling |
| US20160182541A1 (en) * | 2014-12-18 | 2016-06-23 | Gwangju Institute Of Science And Technology | Method for detecting intrusion in network |
| CN106341418A (en) * | 2016-10-08 | 2017-01-18 | 中国科学院信息工程研究所 | Domain name system (DNS) distributed reflection denial of service attack (DRDoS) detection and defense methods and systems |
-
2018
- 2018-01-29 CN CN201810083594.5A patent/CN108183864B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160182541A1 (en) * | 2014-12-18 | 2016-06-23 | Gwangju Institute Of Science And Technology | Method for detecting intrusion in network |
| CN104580173A (en) * | 2014-12-25 | 2015-04-29 | 广东顺德中山大学卡内基梅隆大学国际联合研究院 | SDN (self-defending network) anomaly detection and interception method and system |
| CN104539625A (en) * | 2015-01-09 | 2015-04-22 | 江苏理工学院 | Network security defense system based on software definition and working method thereof |
| CN105429950A (en) * | 2015-10-29 | 2016-03-23 | 国家计算机网络与信息安全管理中心 | Network flow identification system and method based on dynamic data packet sampling |
| CN106341418A (en) * | 2016-10-08 | 2017-01-18 | 中国科学院信息工程研究所 | Domain name system (DNS) distributed reflection denial of service attack (DRDoS) detection and defense methods and systems |
Non-Patent Citations (2)
| Title |
|---|
| 施江勇等: "An SDN-based Sampling System for Cloud P2P Bots Detection", 《JOURNAL OF INFORMATION SCIENCE AND ENGINEERING》 * |
| 施江勇等: "基于SDN的云安全应用研究综述", 《网络与信息安全学报》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111641591A (en) * | 2020-04-30 | 2020-09-08 | 杭州博联智能科技股份有限公司 | Cloud service security defense method, device, equipment and medium |
| CN111740858A (en) * | 2020-06-08 | 2020-10-02 | 中国电信集团工会上海市委员会 | Operation monitoring system and method of software defined network controller |
| CN111740858B (en) * | 2020-06-08 | 2023-05-16 | 中国电信集团工会上海市委员会 | Operation monitoring system and method of software defined network controller |
| CN113726591A (en) * | 2021-07-28 | 2021-11-30 | 中盈优创资讯科技有限公司 | Secondary sampling method suitable for NetFlow message distribution |
| CN113726591B (en) * | 2021-07-28 | 2023-02-21 | 中盈优创资讯科技有限公司 | Secondary sampling method suitable for NetFlow message distribution |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108183864B (en) | 2020-12-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Van Tu et al. | Towards ONOS-based SDN monitoring using in-band network telemetry | |
| CN106100999B (en) | Image network flow control methods in a kind of virtualized network environment | |
| Van Tu et al. | Intcollector: A high-performance collector for in-band network telemetry | |
| CN106059821B (en) | A kind of data center traffic QoS guarantee method based on SDN | |
| US9270560B2 (en) | Session layer for monitoring utility application traffic | |
| US10771363B2 (en) | Devices for analyzing and mitigating dropped packets | |
| US11637787B2 (en) | Preventing duplication of packets in a network | |
| Hyun et al. | Knowledge-defined networking using in-band network telemetry | |
| CN108777646A (en) | Flux monitoring method and device | |
| Hyun et al. | Real‐time and fine‐grained network monitoring using in‐band network telemetry | |
| KR20140106235A (en) | Open-flow switch and packet manageing method thereof | |
| CN108183864A (en) | IDS feedback-based software-defined network flow sampling method and system | |
| CN108737221B (en) | Packet loss detection method and communication link system | |
| EP3979577B1 (en) | Queue congestion control method, device and storage medium | |
| US20160028589A1 (en) | Data loop detection | |
| US10129899B2 (en) | Network apparatus | |
| Jung et al. | Anomaly Detection in Smart Grids based on Software Defined Networks. | |
| Xu et al. | Partial flow statistics collection for load-balanced routing in software defined networks | |
| JP2009016987A (en) | Remote traffic monitoring method | |
| Wang et al. | A bandwidth-efficient int system for tracking the rules matched by the packets of a flow | |
| Xu et al. | IARA: An intelligent application-aware VNF for network resource allocation with deep learning | |
| Tang et al. | Elephant Flow Detection Mechanism in SDN‐Based Data Center Networks | |
| Alvarez‐Horcajo et al. | New cooperative mechanisms for software defined networks based on hybrid switches | |
| CN105791113B (en) | A kind of multilink delay equalization method and system based on SDN | |
| Phan et al. | Adaptive and distributed monitoring mechanism in software-defined networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |