CN108712364A - A kind of safety defense system and method for SDN network - Google Patents
A kind of safety defense system and method for SDN network Download PDFInfo
- Publication number
- CN108712364A CN108712364A CN201810242274.XA CN201810242274A CN108712364A CN 108712364 A CN108712364 A CN 108712364A CN 201810242274 A CN201810242274 A CN 201810242274A CN 108712364 A CN108712364 A CN 108712364A
- Authority
- CN
- China
- Prior art keywords
- user
- interchanger
- network
- sdn
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention belongs to technical field of network security, disclose a kind of safety defense system and method for SDN network, and authentication module is authenticated user identity;User accesses network for the first time, and unsecured protocol processing module distributes IP address to user, and the MAC Address of user, IP address and associated interchanger physical interface are recorded in the identifier database of the traffic filtering module;Traffic filtering module is filtered the flow of user by the identifier database;Unsecured protocol processing module handles the unsecured protocol flow of user, and the server that unsecured protocol flow is sent to SDN controllers or mandate is handled, and filters the response from other unauthorized devices.The safety of SDN network has been effectively ensured in the present invention.
Description
Technical field
The invention belongs to the safety defense systems and method of technical field of network security more particularly to a kind of SDN network.
Background technology
Currently, the prior art commonly used in the trade is such:With cloud computing service universal and virtualization technology into
Step, traditional network can no longer provide enough flexibilities, availability and flexibility to build cloud data center network.SDN is that is, soft
Part defines network, has filled up this vacancy just, it is a kind of novel network architecture, passes through the programmable of one concentration of offer
Control plane manages a series of physical equipment, while providing and be widely applied program and corresponding open interface, and will control
Plane processed is decoupled with data plane.OpenFlow is that a kind of mainstream of SDN is realized, is had been deployed in various scenes, from garden
Network is to cloud data center network.Although SDN have the advantages that relative to traditional network it is more flexible, expansible and programmable,
It is also to be faced with some security threats identical or different with traditional network, however the defence method in traditional network and be not suitable for
In SDN network, the reason is that most of network equipments in SDN network only have transfer capability, unlike the network in traditional network
Equipment some defence methods of the deployment of intelligence enough, such as:Dynamic ARP monitors.And due to its global control plane, some
Entire SDN network may be influenced by being confined to the attack of LAN.The patent " one of Jie Dian Information Technology Co., Ltds of Wenzhou City application
Kind network safety system " (application number CN201710982049.5 publication number CN107566408A) discloses a kind of utilization physics hand
The scheme that is on the defensive of section, including outer net, firewall box, behavior monitoring equipment, access control equipment, flow-control equipment and
Inner net computer, it is characterised in that:The outer net and the two-way electric connection of firewall box, the firewall box are supervised with behavior
The two-way electric connection of tube apparatus, the behavior monitoring equipment respectively with access control equipment and flow-control equipment are two-way electrically connects
Connect, the access control equipment and flow-control equipment with the two-way electric connection of inner net computer, the inner net computer with
The two-way electric connection of memory module, the output end of the behavior monitoring equipment unidirectionally electrically connect with the input terminal of anomaly assessment module
Connect, the output end of the anomaly assessment module and the input terminal of circuit breaker are unidirectionally electrically connected, the output end of the circuit breaker with
The input terminal of memory power is unidirectionally electrically connected, and the memory power includes lithium battery, database module and data comparison
The input terminal of device, the memory power is unidirectionally electrically connected with the output end of Fingerprint Identification Unit and sound transducer respectively, institute
The input terminal of the output end and memory module of stating memory power is unidirectionally electrically connected.This method is disadvantageous in that:Pass through
Physical means are on the defensive, although can defend some attacks to a certain extent in this way, the availability of network cannot be protected
Barrier, the reason is that being disconnected power supply by physical means, network can also disconnect therewith, influence the user experience of user.Nanjing science and engineering
Patent " DDOS attack defending against network security system and method based on SDN frameworks " (application number of institute's application
CN201710234826.8 publication number CN107018084A) a kind of DDOS defense schemes based on SDN are disclosed, feature exists
In, including SDN switch and cleaning server, the SDN switch includes packet information extraction module, decision-making treatment mould
Block, packet forwarding module and package informatin database, legitimate ip address database, illegal IP address database, the cleaning service
Device includes that data packet unpacks module, characteristic matching module, similarity factor detection module and global traffic statistical module, data envelope
Packet handing module.This method is disadvantageous in that:DDOS attack can only be targetedly defendd, to other attacks without defence energy
Power, the reason is that this method is the defence method for DDOS attack.
In conclusion problem of the existing technology is:There are the availabilities of network for defence method in traditional network not
It can be protected;DDOS attack can only be targetedly defendd, to other no defence capabilities of attack.Therefore, existing defender
Case cannot provide perfect safety, or cannot provide preferable user experience, or not be suitable for SDN network.
Solve the difficulty and meaning of above-mentioned technical problem:It proposes one kind and being suitable for SDN network, dynamic security is various to attack
Hit, and provide network high availability safety approach to ensure the network security and user experience of user.
Invention content
In view of the problems of the existing technology, the present invention provides a kind of safety defense system of SDN network and methods.
The invention is realized in this way a kind of safety defense method of SDN network, the Prevention-Security side of the SDN network
Method includes:
Step 1, authentication module are authenticated user identity;
Step 2, user access network for the first time, and unsecured protocol processing module distributes IP address to user, and by user's
MAC Address, IP address and associated interchanger physical interface are recorded in the identifier data of the traffic filtering module
In library;
Step 3, traffic filtering module are filtered the flow of user by the identifier database;
Step 4, unsecured protocol processing module handles the unsecured protocol flow of user, by unsecured protocol
Flow is sent to SDN controllers or the server of mandate is handled, and filters the response from other unauthorized devices.
Further, the step 1 specifically includes:
(1a) user by a kind of authentication method, including:EAP-TLS authentication methods of the 802.1x based on certificate, by identity
Information is sent to direct-connected interchanger;
Subscriber identity information is sent to SDN controllers by (1b) direct-connected interchanger;
Subscriber identity information is sent to certificate server by (1c) SDN controllers, including but not limited to:RADIUS service
Device;
(1d) certificate server is authenticated subscriber identity information, if by certification, is sent to the reception of SDN controllers
Message;
(1e) SDN controllers, which receive, receives the interchanger physical interface that message then enables user-association.
Further, the step 5 specifically includes:
(5a) user adds data packet by the encryption key that the key submodule of the crypto module distributes
It is close to be sent to the first jump interchanger;
(5b) first jumps interchanger and user data package is sent to controller or dedicated encryption device, passes through identifier number
It is decrypted using the corresponding encryption key of source IP address according to library, the data packet after decryption returns to the first jump interchanger;
(5c) first jumps interchanger and the data packet after decryption is forwarded a to the last jump interchanger in a network;
(5d) final jump interchanger delivers a packet to controller or dedicated encryption device, passes through identifier data
Library is encrypted using the corresponding encryption key of purpose IP address, and encrypted data packet returns to interchanger;
Encrypted data packet is transmitted to the corresponding user of destination IP by (5e) final jump interchanger.
Another object of the present invention is to provide a kind of safety of the SDN network of the safety defense method of the SDN network
The safety defense system of system of defense, the SDN network includes:
Unsecured protocol processing module, for the unsecured protocol flow of broadcast transmission to be sent to SDN controllers or is awarded
The server of power is handled, and filters the response from other unauthorized devices;
Traffic filtering module, for filtering the flow for carrying illegal identifier;
Authentication module is used for certification user identity, prevents unauthorized user from accessing network;
Crypto module is used for distributing user key, and the flow of encryption user.
Further, the traffic filtering module includes identifier database:For record the MAC Address of user, IP address,
Associated exchange physical port, owner's title of certificate and encryption key, by the identifier database to customer flow
It is filtered.
Further, the authentication module is utilized and is authenticated to the identity and MAC Address of user, including:802.1x
EAP-TLS authentication methods based on certificate.
Further, the crypto module includes key submodule and encryption and decryption submodule:
Key submodule distributes encryption key and password or certificate for the authentication module for user, including:Point
Send out the certificate needed for EAP-TLS authentication methods of the 802.1x based on certificate;
Encryption and decryption submodule, by SDN controllers or dedicated encryption device and a kind of Encryption Algorithm of selection, including:
Advanced Encryption Standard AES256 carries out encryption and decryption to customer flow.
In conclusion advantages of the present invention and good effect are:The present invention includes insecure protocol processing module, and being used for will
The server that the insecure protocol flow of broadcast transmission is sent to mandate is handled, and is filtered from other unauthorized devices
Response;Traffic filtering module, for filtering the flow for carrying illegal identifier;Authentication module is used for certification user identity,
Prevent unauthorized user from accessing network;Crypto module is used for distributing user key, and the flow of encryption user.The present invention has
Effect ensure that the safety of SDN network.Experiment shows that compared with existing scheme, the attack type that can be defendd is more comprehensive, such as
ARP deceptions, DHCP forgery attacks, MAC spoofing attacks, IP spoofing attack, TCAM exhaustion attacks, Denial of Service attack etc., and
The availability performance of network accesses guarantee.
Description of the drawings
Fig. 1 is the safety defense method flow chart of SDN network provided in an embodiment of the present invention.
Fig. 2 is the safety defense method implementation flow chart of SDN network provided in an embodiment of the present invention.
Fig. 3 is the safety defense system structural schematic diagram of SDN network provided in an embodiment of the present invention;
In figure:1, unsecured protocol processing module;2, traffic filtering module;3, authentication module;4, encrypting module.
Specific implementation mode
In order to make the purpose , technical scheme and advantage of the present invention be clearer, with reference to embodiments, to the present invention
It is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not used to
Limit the present invention.
As shown in Figure 1, the safety defense method of SDN network provided in an embodiment of the present invention includes the following steps:
S101:Authentication module is authenticated user identity;
S102:If user accesses network for the first time, unsecured protocol processing module distributes IP address to user, and by user's
MAC Address, IP address and associated interchanger physical interface are recorded in the identifier data of the traffic filtering module
In library;
S103:Traffic filtering module is filtered the flow of user by the identifier database;
S104:Unsecured protocol processing module handles the unsecured protocol flow of user, by unsecured protocol stream
Amount is sent to SDN controllers or the server of mandate is handled, and filters the response from other unauthorized devices.
Step S101 is specifically included:
(1a) user is by a kind of authentication method, including but not limited to:EAP-TLS authenticating parties of the 802.1x based on certificate
Identity information is sent to direct-connected interchanger by method;
Subscriber identity information is sent to SDN controllers by (1b) direct-connected interchanger;
Subscriber identity information is sent to certificate server by (1c) SDN controllers, including but not limited to:RADIUS service
Device;
(1d) certificate server is authenticated subscriber identity information, if by certification, is sent to the reception of SDN controllers
Message;
(1e) SDN controllers, which receive, receives the interchanger physical interface that message then enables user-association;
Step S105 is specifically included:
(5a) user adds data packet by the encryption key that the key submodule of the crypto module distributes
It is close to be sent to the first jump interchanger;
(5b) first jumps interchanger and user data package is sent to controller or dedicated encryption device, passes through identifier number
It is decrypted using the corresponding encryption key of source IP address according to library, the data packet after decryption returns to the first jump interchanger;
(5c) first jumps interchanger and the data packet after decryption is forwarded a to the last jump interchanger in a network;
(5d) final jump interchanger delivers a packet to controller or dedicated encryption device, passes through identifier data
Library is encrypted using the corresponding encryption key of purpose IP address, and encrypted data packet returns to interchanger;
Encrypted data packet is transmitted to the corresponding user of destination IP by (5e) final jump interchanger.
As shown in Fig. 2, the safety defense system of SDN network provided in an embodiment of the present invention includes unsecured protocol processing mould
Block 1, traffic filtering module 2, authentication module 3 and encrypting module 4, wherein:
Unsecured protocol processing module 1, for the unsecured protocol flow of broadcast transmission to be sent to SDN controllers or is awarded
The server of power is handled, and filters the response from other unauthorized devices.For example, the ARP request of user passes through exchange
The proxy arp function that machine is sent to SDN controllers is handled, and filtering comes from the arp response of other equipment;
Traffic filtering module 2, for filtering the flow for carrying illegal identifier.For example, interchanger receives a data
Packet carries illegal MAC Address or IP address, then abandons the data packet;
Authentication module 3 is used for certification user identity, prevents unauthorized user from accessing network;
Crypto module 4 is used for distributing user key, and the flow of encryption user.
The safety defense system of the SDN network is generated by SDN controllers and controls rule i.e. flow table and transfer to exchange
Machine realizes each module.
The safety defense system of the SDN network, the traffic filtering module 2 include identifier database:For recording
MAC Address, IP address, associated exchange physical port, owner's title of certificate and the encryption key of user, passes through the mark
Know symbol database to be filtered customer flow.
The safety defense system of the SDN network, the authentication module 3, using a kind of authentication method to user's
Identity and MAC Address are authenticated, including but not limited to:EAP-TLS authentication methods of the 802.1x based on certificate.
The safety defense system of the SDN network, the crypto module 4, including key submodule and encryption and decryption submodule,
Wherein:
Key submodule distributes encryption key and password or certificate for the authentication module for user, including but
It is not limited to:Distribute the certificate needed for EAP-TLS authentication methods of the 802.1x based on certificate;
Encryption and decryption submodule, by SDN controllers or dedicated encryption device and a kind of Encryption Algorithm of selection, including but
It is not limited to:Advanced Encryption Standard AES256 carries out encryption and decryption to customer flow.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all essences in the present invention
All any modification, equivalent and improvement etc., should all be included in the protection scope of the present invention made by within refreshing and principle.
Claims (7)
1. a kind of safety defense method of SDN network, which is characterized in that the safety defense method of the SDN network includes:
Step 1, authentication module are authenticated user identity;
Step 2, user access network for the first time, and unsecured protocol processing module distributes IP address to user, and by the MAC of user
Address, IP address and associated interchanger physical interface are recorded in the identifier database of the traffic filtering module
In;
Step 3, traffic filtering module are filtered the flow of user by the identifier database;
Step 4, unsecured protocol processing module handle the unsecured protocol flow of user, by unsecured protocol flow
The server for being sent to SDN controllers or mandate is handled, and filters the response from other unauthorized devices.
2. the safety defense method of SDN network as described in claim 1, which is characterized in that the step 1 specifically includes:
(1a) user by a kind of authentication method, including:EAP-TLS authentication methods of the 802.1x based on certificate, by identity information
It is sent to direct-connected interchanger;
Subscriber identity information is sent to SDN controllers by (1b) direct-connected interchanger;
Subscriber identity information is sent to certificate server by (1c) SDN controllers, including but not limited to:Radius server;
(1d) certificate server is authenticated subscriber identity information, if by certification, is sent to the reception of SDN controllers and disappears
Breath;
(1e) SDN controllers, which receive, receives the interchanger physical interface that message then enables user-association.
3. the safety defense method of SDN network as described in claim 1, which is characterized in that the step 5 specifically includes:
Hair is encrypted to data packet by the encryption key that the key submodule of the crypto module distributes in (5a) user
Give the first jump interchanger;
(5b) first jumps interchanger and user data package is sent to controller or dedicated encryption device, passes through identifier database
It is decrypted using the corresponding encryption key of source IP address, the data packet after decryption returns to the first jump interchanger;
(5c) first jumps interchanger and the data packet after decryption is forwarded a to the last jump interchanger in a network;
(5d) final jump interchanger delivers a packet to controller or dedicated encryption device, is made by identifier database
It is encrypted with the corresponding encryption key of purpose IP address, encrypted data packet returns to interchanger;
Encrypted data packet is transmitted to the corresponding user of destination IP by (5e) final jump interchanger.
4. a kind of safety defense system of the SDN network of the safety defense method of SDN network as described in claim 1, feature
It is, the safety defense system of the SDN network includes:
Unsecured protocol processing module, for the unsecured protocol flow of broadcast transmission to be sent to SDN controllers or mandate
Server is handled, and filters the response from other unauthorized devices;
Traffic filtering module, for filtering the flow for carrying illegal identifier;
Authentication module is used for certification user identity, prevents unauthorized user from accessing network;
Crypto module is used for distributing user key, and the flow of encryption user.
5. the safety defense system of SDN network as claimed in claim 4, which is characterized in that the traffic filtering module includes
Identifier database:For recording the MAC Address of user, owner's title of IP address, associated exchange physical port, certificate
And encryption key, customer flow is filtered by the identifier database.
6. the safety defense system of SDN network as claimed in claim 4, which is characterized in that the authentication module utilizes
The identity and MAC Address of user are authenticated, including:EAP-TLS authentication methods of the 802.1x based on certificate.
7. the safety defense system of SDN network as claimed in claim 4, which is characterized in that the crypto module includes key
Submodule and encryption and decryption submodule:
Key submodule distributes encryption key and password or certificate for the authentication module for user, including:Distribution
Certificate needed for EAP-TLS authentication methods of the 802.1x based on certificate;
Encryption and decryption submodule, by SDN controllers or dedicated encryption device and a kind of Encryption Algorithm of selection, including:It is advanced
Encryption Standard AES 256 carries out encryption and decryption to customer flow.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810242274.XA CN108712364B (en) | 2018-03-22 | 2018-03-22 | Security defense system and method for SDN (software defined network) |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810242274.XA CN108712364B (en) | 2018-03-22 | 2018-03-22 | Security defense system and method for SDN (software defined network) |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108712364A true CN108712364A (en) | 2018-10-26 |
| CN108712364B CN108712364B (en) | 2021-01-26 |
Family
ID=63866336
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810242274.XA Active CN108712364B (en) | 2018-03-22 | 2018-03-22 | Security defense system and method for SDN (software defined network) |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108712364B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109088901A (en) * | 2018-10-31 | 2018-12-25 | 杭州默安科技有限公司 | Deception defence method and system based on SDN building dynamic network |
| CN110719301A (en) * | 2019-11-19 | 2020-01-21 | 武汉思普崚技术有限公司 | Attack defense method and system for flow adaptive scheduling |
| CN111211890A (en) * | 2019-12-31 | 2020-05-29 | 江苏省未来网络创新研究院 | SDN-based network security defense system and working method thereof |
| CN112165488A (en) * | 2020-09-28 | 2021-01-01 | 杭州安恒信息安全技术有限公司 | Risk assessment method, device and equipment and readable storage medium |
| CN113132382A (en) * | 2021-04-19 | 2021-07-16 | 何文刚 | Intelligent computer network information safety controller |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100546245C (en) * | 2006-01-11 | 2009-09-30 | 西安电子科技大学 | Stride the network authentication and the method for distributing key of security domain |
| CN103684922A (en) * | 2013-12-23 | 2014-03-26 | 蓝盾信息安全技术股份有限公司 | Outlet information privacy checking detection platform system based on SDN (self-defending network) and detection method |
| CN104468633A (en) * | 2014-12-31 | 2015-03-25 | 蓝盾信息安全技术股份有限公司 | SDN southing security proxy product |
| CN104506507A (en) * | 2014-12-15 | 2015-04-08 | 蓝盾信息安全技术股份有限公司 | Honey net safeguard system and honey net safeguard method for SDN (self-defending network) |
| CN106506534A (en) * | 2016-12-09 | 2017-03-15 | 河南工业大学 | A kind of ARP attack detection methods of SDN |
| CN107018084A (en) * | 2017-04-12 | 2017-08-04 | 南京工程学院 | DDOS attack defending against network security system and method based on SDN frameworks |
| KR20170090161A (en) * | 2016-01-28 | 2017-08-07 | 동서대학교산학협력단 | Mitigating System for DoS Attacks in SDN |
| CN107222433A (en) * | 2017-04-18 | 2017-09-29 | 中国科学院信息工程研究所 | A kind of access control method and system based on SDN path |
| US20170318043A1 (en) * | 2016-04-27 | 2017-11-02 | Korea Advanced Institute Of Science And Technology | Method for detecting network anomaly in distributed software defined networking environment, apparatus therefor, and computer program therefor |
-
2018
- 2018-03-22 CN CN201810242274.XA patent/CN108712364B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100546245C (en) * | 2006-01-11 | 2009-09-30 | 西安电子科技大学 | Stride the network authentication and the method for distributing key of security domain |
| CN103684922A (en) * | 2013-12-23 | 2014-03-26 | 蓝盾信息安全技术股份有限公司 | Outlet information privacy checking detection platform system based on SDN (self-defending network) and detection method |
| CN104506507A (en) * | 2014-12-15 | 2015-04-08 | 蓝盾信息安全技术股份有限公司 | Honey net safeguard system and honey net safeguard method for SDN (self-defending network) |
| CN104468633A (en) * | 2014-12-31 | 2015-03-25 | 蓝盾信息安全技术股份有限公司 | SDN southing security proxy product |
| KR20170090161A (en) * | 2016-01-28 | 2017-08-07 | 동서대학교산학협력단 | Mitigating System for DoS Attacks in SDN |
| US20170318043A1 (en) * | 2016-04-27 | 2017-11-02 | Korea Advanced Institute Of Science And Technology | Method for detecting network anomaly in distributed software defined networking environment, apparatus therefor, and computer program therefor |
| CN106506534A (en) * | 2016-12-09 | 2017-03-15 | 河南工业大学 | A kind of ARP attack detection methods of SDN |
| CN107018084A (en) * | 2017-04-12 | 2017-08-04 | 南京工程学院 | DDOS attack defending against network security system and method based on SDN frameworks |
| CN107222433A (en) * | 2017-04-18 | 2017-09-29 | 中国科学院信息工程研究所 | A kind of access control method and system based on SDN path |
Non-Patent Citations (2)
| Title |
|---|
| MOHAN DHAWAN ET AL: "SPHINX: Detecting Security Attacks in Software-Defined Networks", 《NDSS》 * |
| 张世轩等: "基于 SDN 构架的 DoS/DDoS 攻击检测与防御体系", 《电子技术应用网络与信息安全》 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109088901A (en) * | 2018-10-31 | 2018-12-25 | 杭州默安科技有限公司 | Deception defence method and system based on SDN building dynamic network |
| CN110719301A (en) * | 2019-11-19 | 2020-01-21 | 武汉思普崚技术有限公司 | Attack defense method and system for flow adaptive scheduling |
| CN111211890A (en) * | 2019-12-31 | 2020-05-29 | 江苏省未来网络创新研究院 | SDN-based network security defense system and working method thereof |
| CN112165488A (en) * | 2020-09-28 | 2021-01-01 | 杭州安恒信息安全技术有限公司 | Risk assessment method, device and equipment and readable storage medium |
| CN113132382A (en) * | 2021-04-19 | 2021-07-16 | 何文刚 | Intelligent computer network information safety controller |
| CN113132382B (en) * | 2021-04-19 | 2022-09-02 | 中文出版集团有限公司 | Intelligent computer network information safety controller |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108712364B (en) | 2021-01-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110996318B (en) | Safety communication access system of intelligent inspection robot of transformer substation | |
| WO2020133655A1 (en) | Lightweight authentication method supporting anonymous access of heterogeneous terminal in edge computing scenario | |
| CN108712364A (en) | A kind of safety defense system and method for SDN network | |
| US9912480B2 (en) | Network service packet header security | |
| CN111245862A (en) | System for safely receiving and sending terminal data of Internet of things | |
| CN110999223A (en) | Secure encrypted heartbeat protocol | |
| CN106209883A (en) | Based on link selection and the multi-chain circuit transmission method and system of broken restructuring | |
| CN113872944A (en) | Block chain-oriented zero-trust security architecture and cluster deployment framework thereof | |
| CA2506418C (en) | Systems and apparatuses using identification data in network communication | |
| EP1726112A2 (en) | Methods and apparatus for confidentiality protection for fibre channel common transport | |
| CN104620556A (en) | Method and devices for registering a client to a server | |
| CN101729871A (en) | Method for safe cross-domain access to SIP video monitoring system | |
| CN114172930B (en) | Large-scale Internet of things service domain isolated communication method and device, electronic equipment and storage medium | |
| Touil et al. | Secure and guarantee QoS in a video sequence: a new approach based on TLS protocol to secure data and RTP to ensure real-time exchanges | |
| CN111726346A (en) | Data secure transmission method, device and system | |
| Aissaoui et al. | A survey on cryptographic methods to secure communications for UAV traffic management | |
| Cho et al. | Secure open fronthaul interface for 5G networks | |
| CN113645115B (en) | Virtual private network access method and system | |
| Liyanage et al. | Secure hierarchical VPLS architecture for provider provisioned networks | |
| CN115348118B (en) | Network address and port number hiding method based on cryptographic technology | |
| CN109246124B (en) | Active defense method for encrypted information | |
| CN210839642U (en) | Device for safely receiving and sending terminal data of Internet of things | |
| Aissaoui et al. | UAV Traffic Management: A Survey On Communication Security | |
| Sebbar et al. | BCDS-SDN: Privacy and Trusted Data Sharing Using Blockchain Based on a Software-Defined Network's Edge Computing Architecture | |
| AlAali et al. | Cybersecurity Threats and Solutions of IoT Network Layer |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |