CN108712427A - A kind of network security method and system of dynamic Initiative Defense - Google Patents
A kind of network security method and system of dynamic Initiative Defense Download PDFInfo
- Publication number
- CN108712427A CN108712427A CN201810498409.9A CN201810498409A CN108712427A CN 108712427 A CN108712427 A CN 108712427A CN 201810498409 A CN201810498409 A CN 201810498409A CN 108712427 A CN108712427 A CN 108712427A
- Authority
- CN
- China
- Prior art keywords
- initiative defense
- network
- module
- service platform
- network equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
Abstract
The present invention is a kind of network security method and system of dynamic Initiative Defense, and universal network safeguard protection at present is still based on strategy and loophole feature is controlled at network boundary, however, advanced directional attack can bypass this Passive Defence mechanism easily.Therefore, obtain a kind of network security method that can realize dynamic Initiative Defense, become the emphasis present invention of this field urgent problem to be solved and research and innovatively carries out Initiative Defense management and control by designing and developing and be loaded into Initiative Defense firmware to network equipment end and SDN switch is included in service platform end, in conjunction with artificial intelligence and information is threatened to carry out Initiative Defense, so that traditional static Border Protection network becomes the dynamic Initiative Defense network that can various network security attacks be made with self elasticity adjustment reply, it can effectively solve the problem that finite boundary present in current network safety prevention, the problems such as passivating and low-response, improve the efficiency and depth of network security protection.
Description
Technical field
The present invention relates to technical field of network security, specifically for, the present invention be a kind of net of dynamic Initiative Defense
Network safety method and system.
Background technology
The increasingly complication and interconnection networking applied with business and user, network attack also increasingly complicates and solid
Change, most enterprises preferentially concentrate on base at network boundary in terms of safeguard protection or based on conventional Passive Defence thinking at present
In the control (such as fire wall and Intrusion Prevention System) of strategy and loophole feature.However, advanced directional attack total energy is light and easy
It lifts ground and bypasses traditional firewall and the prevention mechanism based on loophole feature.All enterprises all should be from it is now appreciated that oneself be in
Lasting risk status, but situation is, enterprise, which tends to the existing network security boundary defensive measure of fanaticism, 100% to play
Effect, they more depend on these traditional human mechanism unduly.As a result, when in face of inevitable injurious act, it is most of to look forward to
Industry only has limited ability to detect and react, and causes business " delay machine " time elongated thereupon, loss becomes larger.
In addition, the technical problem that safety is never simple, enterprise is very difficult by attack to not, this is not only
Defend well-done, internal safety problem itself must also be resolved, and the timely repairing of loophole, the safety standard of O&M are included
Property, the awareness of safety etc. of personnel, this is complicated work, needs good system support that can just accomplish plus professional service.
These problems also tend to result in inefficient and lag of the Passive Defence technology in terms of security response.
Therefore, obtaining one kind can monitor, analyzes, feeds back, predict in real time, form the closed loop of a sustainable self-perfection
System, it is automatic to carry out security protection capability improving, and gradually adapt to various varying environments, to realize dynamic Initiative Defense and automatic
Change the network security method timely responded to, the weight for becoming those skilled in the art's technical problem urgently to be resolved hurrily and studying always
Point
Invention content
The problems such as to solve finite boundary present in existing network security protection, passivating and low-response, the present invention
A kind of dynamic Initiative Defense network security method that can voluntarily adjust and system are provided, by being carried out actively at service platform end
Defend decision, service platform end that Initiative Defense operational order is sent to network equipment end, Initiative Defense is implemented at network equipment end
Etc. modes improve network security defence independence and response speed.
For the technical purpose for realizing above-mentioned, the invention discloses a kind of dynamic Initiative Defense network securitys that can voluntarily adjust
Method, this method comprises the following steps:
Step 1, service platform end are loaded into Initiative Defense model library;
Step 2, sensor side are loaded into analysis model library;
Step 3, network equipment end Initiative Defense firmware are loaded into;
Step 4, sensor side send analysis result to service platform end;
Step 5, service platform end carry out Initiative Defense decision;
Initiative Defense operational order is sent to network equipment end by step 6, service platform end;
Initiative Defense is implemented at step 7, network equipment end.
In order to improve the initiative of cyber-defence, the Initiative Defense firmware of exploitation is innovatively loaded into the network equipment by the present invention
End receives the Initiative Defense operational order of service platform end transmission by network equipment end and implements Initiative Defense accordingly, will analyze
Model library is loaded into sensor side, sends analysis result from sensor side to service platform end, Initiative Defense model library is loaded into and is taken
It is engaged in platform end, carrying out Initiative Defense decision by service platform end and Initiative Defense operational order being sent to network equipment end.Cause
Various network security attacks behaviors actively can be made automatically self elasticity of network dynamic the invention enables network and adjusted by this
Whole reply greatly improves the efficiency and depth of network security protection.
Further, this method further includes following steps,
Step 8, when sensor side detects that the Initiative Defense operational order is invalid, then again according to the information detected
Threat data library is updated, step 4 is then back to.
Further, in step 8, the particularly relevant network that is related to before and after sensor executes the Initiative Defense operational order
Safe condition is compared so that whether decision instruction is effective, if it is determined that in vain, then believing invalid network of relation safe condition
Breath re-starts threat processing, is then back to step 4.
The present invention carries out machine learning to identify and lock to existing system and letter by the information detected to sensor
It ceases with the novel attack threatened, and timely responds to carry out Network active defensive.
In step 8, information data is threatened to impend processing using based on machine learning method combination inside and outside.
The Initiative Defense firmware of exploitation is innovatively loaded into network equipment end by the present invention so that network equipment end becomes dynamic
Initiative Defense node thus allows for automation Initiative Defense and timely elastic response.
Further, in step 3, network equipment end is loaded into the Initiative Defense firmware specially developed so that the network equipment
It can be required according to the Initiative Defense operational order at service platform end, active accommodation dynamically is carried out to be done to network attack to network
Go out elastic reply.
The present invention innovatively designs and develops Initiative Defense model library and is loaded into server end, and server end is made to become one
A intelligentized Initiative Defense decision-making platform.
Further, in step 1, service platform end is loaded into Initiative Defense model library so that service platform end being capable of basis
Various models carry out Initiative Defense decision to the analysis result of sensor and generate Initiative Defense operational order.
The present invention will innovatively support that the SDN network equipment of OpenFlow agreements is combined with service platform end so that these
SDN network equipment becomes the Initiative Defense network equipment managed by service platform end pipe.
Further, the network equipment for receiving Active Networks defence described in step 6 includes supporting OpenFlow agreements
SDN switch.
Another goal of the invention of the present invention is that a kind of network safety system of dynamic Initiative Defense, the system include clothes
Network equipment end after business platform end, sensor side and reconstruct Initiative Defense firmware;The service platform end include sending module,
Receiving module, AI modules, analysis module, builds library module and threatens module at processing module, Initiative Defense network equipment end packet
It includes receiving module, matching module, processing module and insmods, the sensor side includes acquisition module, detection module and hair
Send module;
Each functions of modules in service platform end is as follows:
The sending module, for the Initiative Defense operational order of generation to be sent to Initiative Defense network equipment end and branch
Hold the SDN switch of OpenFlow agreements;
The receiving module, the analysis result sent for receiving sensor end;
The processing module, the analysis result for sending sensor side are further processed;
The AI modules, for carrying out depth machine learning to data;
The analysis module refers to for combining artificial intelligence and information being threatened to carry out Initiative Defense decision with operation is generated
It enables;
It is described to build library module, for generating and safeguarding Initiative Defense model library.
Each functions of modules in Initiative Defense network equipment end is as follows:
The receiving module, for receiving the Initiative Defense operational order sent at service platform end;
The matching module, for matching Initiative Defense operational order and the target object of operation will be implemented;
It is described to insmod, for being loaded into Initiative Defense firmware at network equipment end;
The processing module, for implementing Initiative Defense operation at network equipment end.
Each functions of modules of sensor side is as follows:
The acquisition module needs the relevant information analyzed for acquiring various Initiative Defenses in network;
The detection module tentatively examines collected information in network for the analysis model library based on preloaded
It surveys;
The sending module, for sending the result after Preliminary detection analysis to service platform end.
Beneficial effects of the present invention are:The present invention is innovatively loaded into Initiative Defense firmware by exploitation and to network equipment end
The SDN switch of OpenFlow agreements is supported to be included in service platform end and carry out Initiative Defense management and control with by support, in conjunction with artificial intelligence
Information can and be threatened to carry out Initiative Defense decision and generate operational order and implement so that traditional static Border Protection network becomes
A kind of elastification dynamic Initiative Defense network that can voluntarily adjust, can effectively solve the problem that has present in current network safety prevention
The problems such as limiting boundary, passivating and low-response improves independence, automation and the response speed of network security defence.
Description of the drawings
Fig. 1 is the flow chart of the network security method of dynamic Initiative Defense in embodiment one.
Fig. 2 is the composition figure of the network safety system of dynamic Initiative Defense in embodiment one.
Fig. 3 is the flow chart of the network security method of dynamic Initiative Defense in embodiment two.
Fig. 4 is the composition figure of the network safety system of dynamic Initiative Defense in embodiment two.
Fig. 5 is the composition figure of the network safety system of dynamic Initiative Defense in embodiment three.
Specific implementation mode
The network security method to a kind of dynamic Initiative Defense of the present invention and system carry out detailed with reference to the accompanying drawings of the specification
Thin explanation and illustration.
Embodiment one:
As shown in Figure 1, 2, the invention discloses a kind of network security method of dynamic Initiative Defense, this method specifically includes
Following steps.
Step 1, exploitation cope with the Initiative Defense model of various exceptions and attack and establish corresponding model library, filled
It is loaded into service platform end and Initiative Defense decision use is carried out with ancillary service platform;
Step 2, point of the exploitation for the malicious codes such as various attacks, abnormal behaviour and wooden horse back door in network flow
Analysis model and constantly accumulation, which update, establishes corresponding model library, is loaded into sensor;
Step 3, exploitation can receive the Initiative Defense firmware of service platform end operational order, be loaded into network and set
In standby so that the network equipment, can be flat according to the service received while continuing to provide its legacy network routing and switching function
The Initiative Defense instruction that end is sent out, timely block attacks behavior or flexibility adjustment network route switching framework will be infected
The localized network isolation captured or vectored attack flow are adjusted in honey jar network, and becoming one can be after under attack
The dynamic Initiative Defense network node of active elastic automation response is carried out to network;
Step 4, sensor side sent to service platform end through based on analysis model library preliminary analysis treated result and
Network flow metadata after processing;
Step 5 is combining Initiative Defense model library and is carrying out abnormal behaviour big data engineering to network flow metadata
On the basis of habit, service platform end carries out Initiative Defense decision and generates corresponding Initiative Defense operational order;
Initiative Defense operational order is sent to network equipment end by step 6, service platform end;
Step 7, load Initiative Defense firmware and network equipment end and support the SDN switches of OpenFlow agreements according to
It receives the Initiative Defense instruction sent at service platform end and carries out implementation response.
The network security method of corresponding above-mentioned dynamic Initiative Defense, the invention also discloses a kind of nets of dynamic Initiative Defense
Network security system, the system include the network equipment end after service platform end, sensor side and reconstruct Initiative Defense firmware;Service
Platform end includes sending module, receiving module, processing module, AI modules, analysis module, builds library module and threaten module, actively
Defending against network equipment end includes receiving module, matching module, processing module and insmods, sensor side include acquisition module,
Detection module and sending module;
Each functions of modules in service platform end is as follows:
Sending module, for the Initiative Defense operational order of generation to be sent to Initiative Defense network equipment end and support
The SDN switch of OpenFlow agreements;
Receiving module, the analysis result sent for receiving sensor end;
Processing module, the analysis result for sending sensor side are further processed;
AI modules, for carrying out depth machine learning to data;
Analysis module, for combining artificial intelligence and threatening information to carry out Initiative Defense decision and generate operational order;
Library module is built, for generating and safeguarding Initiative Defense model library.
Each functions of modules in Initiative Defense network equipment end is as follows:
Receiving module, for receiving the Initiative Defense operational order sent at service platform end;
Matching module, for matching Initiative Defense operational order and the target object of operation will be implemented;
It insmods, for being loaded into Initiative Defense firmware at network equipment end;
Processing module, for implementing Initiative Defense operation at network equipment end.
Each functions of modules of sensor side is as follows:
Acquisition module needs the relevant information analyzed for acquiring various Initiative Defenses in network;
Detection module carries out Preliminary detection for the analysis model library based on preloaded to collected information in network;
Sending module, for sending the result after Preliminary detection analysis to service platform end.
In the present embodiment, in order to improve the dynamic Initiative Defense ability of network, what the present invention innovated prevents the active of exploitation
Imperial firmware is loaded into the network equipment so that the network equipment has in the case where the Initiative Defense analysis and decision at service platform end is supported
Elasticity automation and dynamic Initiative Defense ability, and the weakness of traditional network finite boundary protection is overcome, have the whole network
Three-dimensional defence capability.The present invention innovatively to the big data of sensor Preliminary detection analysis result and network flow metadata into
Row machine learning can effectively identify various abnormal behaviours and APT attacks.
Embodiment two:
As shown in Figure 3,4, the present embodiment and embodiment one are essentially identical, difference lies in:The present embodiment is stated on the implementation
Further include following steps after step 1 to step 7:Step 8, network equipment end is grasped according to the Initiative Defense that service platform end is sent
Make whether it effective to be detected by sensor to Initiative Defense effect after instruction execution, if it is, this time Initiative Defense
Operation terminates;Processing module is threatened to be handled if it is not, then being gone to, return to step 4 is sent to service platform end again
Analysis result.
The present invention is re-started invalid operation at threat by the inspection to each Initiative Defense operating result validity
Reason then goes to service platform end and carries out cycle analysis and processing, meets and continues uninterruptedly to what invalid Initiative Defense operated
Recycle tracking processing.
Corresponding to the network security method of above-mentioned dynamic Initiative Defense, the net for the dynamic Initiative Defense that the present embodiment is related to
The service platform end of network security system further includes threatening module, at the threat for Initiative Defense operating result to be carried out to cycleization
Reason.
Embodiment three:
As shown in figure 5, the present embodiment and embodiment two are essentially identical, difference lies in:The present embodiment and embodiment two-phase
Information processing is threatened than threat processing is extended for inside and outside.Other than the threat detected to internal sensor, additionally it is possible to whole
Splice grafting enters external third-parties and information is threatened to be based on OpenIOC and STIX construction inside and outside threat information management platform, with branch
It holds service platform end and carries out specific aim prediction and initiative defence analysis decision.
The above is merely preferred embodiments of the present invention, it is not intended to restrict the invention, it is all in substantive content of the present invention
Modification, equivalent replacement and simple modifications etc., should all be included in the protection scope of the present invention made by upper.
Claims (9)
1. a kind of network security method and system of dynamic Initiative Defense, it is characterised in that:This method comprises the following steps,
Step 1, service platform end are loaded into Initiative Defense model library;
Step 2, sensor side are loaded into analysis model library;
Step 3, network equipment end Initiative Defense firmware are loaded into;
Step 4, sensor side send analysis result to service platform end;
Step 5, service platform end carry out Initiative Defense decision;
Initiative Defense operational order is sent to network equipment end by step 6, service platform end;
Initiative Defense is implemented at step 7, network equipment end.
2. the network security method and system of dynamic Initiative Defense according to claim 1, it is characterised in that:This method is also
Include the following steps,
Step 8, it when sensor side detects that the Initiative Defense operational order is invalid, is then updated again according to the information detected
Threat data library, is then back to step 4.
3. the network security method and system of the dynamic Initiative Defense according to arbitrary claim in claim 1 to 2,
It is characterized in that:In step 8, the particularly relevant network safe state that is related to before and after sensor executes the Initiative Defense operational order
Compared so that whether decision instruction effective, if it is determined that in vain, then by invalid network of relation safety state information again into
Row threat is handled, and is then back to step 4.
4. the network security method and system of dynamic Initiative Defense according to claim 3, it is characterised in that:In step 8,
Information data is threatened to impend processing using based on machine learning method combination inside and outside.
5. the network security method and system of the dynamic Initiative Defense according to any claim in claims 1 or 2,
It is characterized in that:In step 3, network equipment end is loaded into the Initiative Defense firmware specially developed so that the network equipment can be according to
The Initiative Defense operational order requirement at service platform end dynamically carries out active accommodation to network and is answered with making elasticity to network attack
It is right.
6. the network security method and system of the dynamic Initiative Defense according to any claim in claim 1 to 5,
It is characterized in that:In step 1, service platform end is loaded into Initiative Defense model library so that service platform end can be according to various models
Initiative Defense decision is carried out to the analysis result of sensor and generates Initiative Defense operational order.
7. the network security method of the dynamic Initiative Defense according to any claim in claim 1,2,4,5 to 6 and
System, it is characterised in that:The network equipment for receiving Active Networks defence described in step 6 includes supporting OpenFlow agreements
SDN switch.
8. a kind of network security method and system of dynamic Initiative Defense, it is characterised in that:The system includes service platform end, passes
Network equipment end behind sensor end and reconstruct Initiative Defense firmware;The service platform end includes sending module, receiving module, place
Reason module, AI modules, analysis module, build library module and threaten module, Initiative Defense network equipment end include receiving module,
It matching module, processing module and insmods, the sensor side includes acquisition module, detection module and sending module;
Each functions of modules in service platform end is as follows:
The sending module, for the Initiative Defense operational order of generation to be sent to Initiative Defense network equipment end and support
The SDN switch of OpenFlow agreements;
The receiving module, the analysis result sent for receiving sensor end;
The processing module, the analysis result for sending sensor side are further processed;
The AI modules, for carrying out depth machine learning to data;
The analysis module, for combining artificial intelligence and threatening information to carry out Initiative Defense decision and generate operational order;
It is described to build library module, for generating and safeguarding Initiative Defense model library.
Each functions of modules in Initiative Defense network equipment end is as follows:
The receiving module, for receiving the Initiative Defense operational order sent at service platform end;
The matching module, for matching Initiative Defense operational order and the target object of operation will be implemented;
It is described to insmod, for being loaded into Initiative Defense firmware at network equipment end;
The processing module, for implementing Initiative Defense operation at network equipment end.
Each functions of modules of sensor side is as follows:
The acquisition module needs the relevant information analyzed for acquiring various Initiative Defenses in network;
The detection module carries out Preliminary detection for the analysis model library based on preloaded to collected information in network;
The sending module, for sending the result after Preliminary detection analysis to service platform end.
9. the network security method and system of dynamic Initiative Defense according to claim 8, it is characterised in that:The service
Platform end further includes threatening module, and the inside and outside for being built based on OpenIOC and STIX threatens information management platform.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810498409.9A CN108712427A (en) | 2018-05-23 | 2018-05-23 | A kind of network security method and system of dynamic Initiative Defense |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810498409.9A CN108712427A (en) | 2018-05-23 | 2018-05-23 | A kind of network security method and system of dynamic Initiative Defense |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108712427A true CN108712427A (en) | 2018-10-26 |
Family
ID=63868439
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810498409.9A Pending CN108712427A (en) | 2018-05-23 | 2018-05-23 | A kind of network security method and system of dynamic Initiative Defense |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108712427A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113395694A (en) * | 2021-06-23 | 2021-09-14 | 深圳市凯莱特科技股份有限公司 | Intelligent security defense system and defense method based on 5G and local area base station |
| CN115051836A (en) * | 2022-05-18 | 2022-09-13 | 中国人民解放军战略支援部队信息工程大学 | APT attack dynamic defense method and system based on SDN |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101286986A (en) * | 2008-05-15 | 2008-10-15 | 华为技术有限公司 | Active defense method, device and system |
| CN103561011A (en) * | 2013-10-28 | 2014-02-05 | 中国科学院信息工程研究所 | Method and system for preventing blind DDoS attacks on SDN controllers |
| US20160308898A1 (en) * | 2015-04-20 | 2016-10-20 | Phirelight Security Solutions Inc. | Systems and methods for tracking, analyzing and mitigating security threats in networks via a network traffic analysis platform |
| CN106209870A (en) * | 2016-07-18 | 2016-12-07 | 北京科技大学 | A kind of Network Intrusion Detection System for distributed industrial control system |
| CN106411943A (en) * | 2016-11-25 | 2017-02-15 | 中国人民解放军信息工程大学 | Probability delay-based SDN active defense system and method |
| US20170099305A1 (en) * | 2015-10-02 | 2017-04-06 | General Electric Company | Management and distribution of virtual cyber sensors |
| CN106778253A (en) * | 2016-11-24 | 2017-05-31 | 国家电网公司 | Threat context aware information security Initiative Defense model based on big data |
| CN206332695U (en) * | 2016-12-29 | 2017-07-14 | 杭州世平信息科技有限公司 | A kind of adaptive security guard system based on user behavior and data mode |
| CN107277039A (en) * | 2017-07-18 | 2017-10-20 | 河北省科学院应用数学研究所 | A kind of network attack data analysis and intelligent processing method |
| CN107770174A (en) * | 2017-10-23 | 2018-03-06 | 上海微波技术研究所(中国电子科技集团公司第五十研究所) | A kind of intrusion prevention system and method towards SDN |
-
2018
- 2018-05-23 CN CN201810498409.9A patent/CN108712427A/en active Pending
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101286986A (en) * | 2008-05-15 | 2008-10-15 | 华为技术有限公司 | Active defense method, device and system |
| CN103561011A (en) * | 2013-10-28 | 2014-02-05 | 中国科学院信息工程研究所 | Method and system for preventing blind DDoS attacks on SDN controllers |
| US20160308898A1 (en) * | 2015-04-20 | 2016-10-20 | Phirelight Security Solutions Inc. | Systems and methods for tracking, analyzing and mitigating security threats in networks via a network traffic analysis platform |
| US20170099305A1 (en) * | 2015-10-02 | 2017-04-06 | General Electric Company | Management and distribution of virtual cyber sensors |
| CN106209870A (en) * | 2016-07-18 | 2016-12-07 | 北京科技大学 | A kind of Network Intrusion Detection System for distributed industrial control system |
| CN106778253A (en) * | 2016-11-24 | 2017-05-31 | 国家电网公司 | Threat context aware information security Initiative Defense model based on big data |
| CN106411943A (en) * | 2016-11-25 | 2017-02-15 | 中国人民解放军信息工程大学 | Probability delay-based SDN active defense system and method |
| CN206332695U (en) * | 2016-12-29 | 2017-07-14 | 杭州世平信息科技有限公司 | A kind of adaptive security guard system based on user behavior and data mode |
| CN107277039A (en) * | 2017-07-18 | 2017-10-20 | 河北省科学院应用数学研究所 | A kind of network attack data analysis and intelligent processing method |
| CN107770174A (en) * | 2017-10-23 | 2018-03-06 | 上海微波技术研究所(中国电子科技集团公司第五十研究所) | A kind of intrusion prevention system and method towards SDN |
Non-Patent Citations (2)
| Title |
|---|
| NATHANIEL SOULE: ""Enabling defensive deception in distributed system environments"", 《2016 RESILIENCE WEEK (RWS)》 * |
| 陈彬: """互联网+"时代主动安全防御系统构建研究"", 《网络空间安全》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113395694A (en) * | 2021-06-23 | 2021-09-14 | 深圳市凯莱特科技股份有限公司 | Intelligent security defense system and defense method based on 5G and local area base station |
| CN115051836A (en) * | 2022-05-18 | 2022-09-13 | 中国人民解放军战略支援部队信息工程大学 | APT attack dynamic defense method and system based on SDN |
| CN115051836B (en) * | 2022-05-18 | 2023-08-04 | 中国人民解放军战略支援部队信息工程大学 | SDN-based APT attack dynamic defense method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Rasool et al. | Cyberpulse: A machine learning based link flooding attack mitigation system for software defined networks | |
| Anirudh et al. | Use of honeypots for mitigating DoS attacks targeted on IoT networks | |
| Vidal et al. | Adaptive artificial immune networks for mitigating DoS flooding attacks | |
| Ou | Host-based intrusion detection systems adapted from agent-based artificial immune systems | |
| Shen et al. | Adaptive Markov game theoretic data fusion approach for cyber network defense | |
| CN112073411A (en) | Network security deduction method, device, equipment and storage medium | |
| CN111385288B (en) | Mobile target defense opportunity selection method and device based on hidden countermeasures | |
| Barabosch et al. | Automatic extraction of domain name generation algorithms from current malware | |
| La et al. | A game theoretic model for enabling honeypots in IoT networks | |
| CN114499982B (en) | Honey net dynamic configuration strategy generation method, configuration method and storage medium | |
| Shen et al. | A markov game theoretic data fusion approach for cyber situational awareness | |
| Dantu et al. | Fast worm containment using feedback control | |
| CN108712427A (en) | A kind of network security method and system of dynamic Initiative Defense | |
| Rubio et al. | Tracking apts in industrial ecosystems: A proof of concept | |
| Canzani et al. | Cyber epidemics: Modeling attacker-defender dynamics in critical infrastructure systems | |
| Yurekten et al. | Citadel: Cyber threat intelligence assisted defense system for software-defined networks | |
| Yungaicela-Naula et al. | Sdn/nfv-based framework for autonomous defense against slow-rate ddos attacks by using reinforcement learning | |
| Mosqueira-Rey et al. | A misuse detection agent for intrusion detection in a multi-agent architecture | |
| Ou | Multiagent-based computer virus detection systems: abstraction from dendritic cell algorithm with danger theory | |
| Qamar | Gradient Techniques to Predict Distributed Denial-Of-Service Attack | |
| Barika et al. | Agent IDS based on misuse approach | |
| Saranya et al. | Integrated quantum flow and hidden Markov chain approach for resisting DDoS attack and C-Worm | |
| Anastasiadis et al. | A Novel High-Interaction Honeypot Network for Internet of Vehicles | |
| Shen et al. | An adaptive Markov game model for cyber threat intent inference | |
| Lu et al. | A secure control plane for SDN based on Bayesian stackelberg games |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20181026 |
|
| WD01 | Invention patent application deemed withdrawn after publication |