CN110149309A - A kind of router threatens cognitive method and system - Google Patents
A kind of router threatens cognitive method and system Download PDFInfo
- Publication number
- CN110149309A CN110149309A CN201910272300.8A CN201910272300A CN110149309A CN 110149309 A CN110149309 A CN 110149309A CN 201910272300 A CN201910272300 A CN 201910272300A CN 110149309 A CN110149309 A CN 110149309A
- Authority
- CN
- China
- Prior art keywords
- router
- output data
- information
- monitored
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Circuit Arrangement For Electric Light Sources In General (AREA)
Abstract
The present invention provides a kind of router and threatens cognitive method and system.This method comprises: threatening sensory perceptual system and the input of monitored router consistent;The output data of monitored router is sent simultaneously to threat sensory perceptual system;The configuration information of monitored router, which will synchronize, is configured to threat sensory perceptual system;The status information of monitored router will be collected into threat sensory perceptual system in time.The output data of monitored router, state are compared with output data, the state of sensory perceptual system is threatened, if the output data or state of the two there is a situation where inconsistent, then indicate that monitored router there may be threat, needs to issue warning information to management system.Threatening sensory perceptual system includes: input processing unit, function equivalence execution body unit, epidemic situation comparison unit, output comparing unit and analysis Alarm Unit.The present invention can should threaten the problem for carrying out determining that difficulty is larger to router to caused by loophole and attack technology means multiplicity, and can perceive unknown loophole and zero-day attacks.
Description
Technical field
The present invention relates to technical field of network information safety more particularly to a kind of router to threaten cognitive method and system.
Background technique
Basal core element of the router as cyberspace is located at cyberspace bottom, interconnects a variety of heterogeneous networks, leads to
Route querying and data forwarding are crossed, realizes the intercommunication of network end-to-end.It is filled as the core of cyberspace information infrastructure
It is standby, cover the core layer, convergence layer and access layer of entire internet.Due to its complexity and intelligence, network peace is made
One of main target attacked entirely, safety directly affect or even restrict cyberspace safety.In a network due to router
In fundamental position, loophole and back door, which are once utilized, will generate harm difficult to the appraisal, this is not only related to routing
The safety of device itself can also generate large effect to the user that it is covered.Therefore, the security protection of router becomes network
The important content of space safety.
The security breaches of router and attack technology means multiplicity, from attack in itself come to router whether be on the hazard into
Row determines that difficulty is larger.The primary protection direction that current router threatens is the flow cleaning carried out for DDOS attack and makes
Analysis detection is carried out to the flow of router for known bugs with network traffic analysis equipment, and is directed to unknown loophole and zero day
The threat perception means shortcoming of attack.
By to Router Security the study found that being to pass through to a seed type very common in the vulnerability exploit of router
Various modes obtain router control, then carry out some violation operations to router.For example open a new tcp/udp
Port is actively attached outward or receives the connection of attacker passively to carry out information stealth, or passes through change routing table
To change the flow direction of data flow or carry out mirror image etc. to data.
Summary of the invention
To solve the problems, such as to threaten perception means shortcoming for unknown loophole and the router of zero-day attacks, the present invention is provided
A kind of new router threat cognitive method and system, behavior and state after being controlled using router are satisfied the need as judgment basis
It is perceived by the threat of device.
On the one hand, the present invention provides a kind of router threat cognitive method, method includes the following steps:
Step 1, the input data for receiving monitored router, monitored router execute task according to the input data
The first state information and the first output data corresponding with the input data exported in the process;
Step 2 is synchronized according to the configuration information of the monitored router with postponing, according to the input data
It executes the application of equal value with the monitored router feature and exports and executing the second status information in the application process
And the second output data corresponding with the input data;
Step 3, the first state information and second status information;
Step 4, first output data and second output data;
If step 5, the first state information and second status information is inconsistent or first output data and
Second output data is inconsistent, then it is assumed that there may be threats for the monitored router.
Further, this method further include:
If step 6, thinking the monitored router, there may be threats, warning information is issued.
Further, further include after step 1;
Data flow anomaly detection is carried out to the input data.
Further, the first state information and second status information include: that system status information, system are matched
At least one of confidence breath, protocol state information and table information of system maintenance.
Further, first output data and second output data include: data content, link number, chain
Connect at least one of state and message distribution.
On the other hand, the present invention also provides a kind of routers to threaten sensory perceptual system, which includes:
Input processing unit, for receiving the input data of monitored router;
Function equivalence executes body unit, for synchronizing configuration according to the configuration information of the monitored router
Afterwards, it executes the application of equal value with the monitored router feature according to the input data and exports and executing the application
The second status information and the second output data corresponding with the input data in journey;
Epidemic situation comparison unit executes what task exported in the process according to the input data for receiving monitored router
First state information, and the first state information and second status information;
Comparing unit is exported, for receiving the first output number corresponding with the input data of monitored router output
According to, and first output data and second output data;
Alarm Unit is analyzed, the first state information and second status information are inconsistent or described the if knowing
One output data and second output data are inconsistent, then it is assumed that there may be threats for the monitored router.
Further, the analysis Alarm Unit is also used to:
If thinking, there may be threats for the monitored router, issue warning information.
Further, the input processing unit is also used to;
Data flow anomaly detection is carried out to the input data.
Further, it includes multiple execution body subelements, each execution body subelement that the function equivalence, which executes body unit,
Body is executed including at least one.
Further, the first state information and second status information include: that system status information, system are matched
At least one of confidence breath, protocol state information and table information of system maintenance;First output data and described second
Output data includes: at least one of data content, link number, linking status and message distribution.
Beneficial effects of the present invention:
A kind of router provided by the invention threatens cognitive method and system, based on mimicry thought, is supervised with operation
The mode that router feature equivalence executes body is surveyed, the behavior and state of router are monitored and are compared, with this to router
Threat perceived.The present invention, which can cope with, to be come caused by Router Security loophole and attack technology means multiplicity from attack itself
The problem for carrying out determining that difficulty is larger is threatened router, while can realize that the threat to unknown loophole and zero-day attacks perceives.
Detailed description of the invention
Fig. 1 is that router provided in an embodiment of the present invention threatens the logic of sensory perceptual system to dispose block diagram;
Fig. 2 is the flow diagram that a kind of router provided in an embodiment of the present invention threatens cognitive method;
Fig. 3 is that router provided in an embodiment of the present invention threatens sensory perceptual system to access the signal for being monitored router mode
Figure;
Fig. 4 is one of the functional block diagram that a kind of router provided in an embodiment of the present invention threatens sensory perceptual system;
Fig. 5 is one of the work flow diagram that a kind of router provided in an embodiment of the present invention threatens sensory perceptual system;
Fig. 6 is the two of the work flow diagram that a kind of router provided in an embodiment of the present invention threatens sensory perceptual system;
Fig. 7 is the two of the functional block diagram that a kind of router provided in an embodiment of the present invention threatens sensory perceptual system;
Fig. 8 is the three of the functional block diagram that a kind of router provided in an embodiment of the present invention threatens sensory perceptual system.
Specific embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with attached in the embodiment of the present invention
Figure, technical solution in the embodiment of the present invention are explicitly described, it is clear that described embodiment is a part of the invention
Embodiment, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art are not making wound
Every other embodiment obtained under the premise of the property made labour, shall fall within the protection scope of the present invention.
Router provided in an embodiment of the present invention threatens the logic diagram of sensory perceptual system as shown in Figure 1.It is supervised to distinguish
It surveys router and router and threatens sensory perceptual system (call in the following text and threaten sensory perceptual system), the output data of monitored router is known as the
The output data for threatening sensory perceptual system is known as the second output data by one output data;By the status information of monitored router
The status information for threatening sensory perceptual system is known as the second status information by referred to as first state information.It threatens sensory perceptual system and is supervised
The input data for surveying router is consistent.First output data is sent to threat sensory perceptual system;The configuration information of monitored router
It synchronizes and is configured to threat sensory perceptual system;First state information will be collected into threat sensory perceptual system in time.
As shown in Fig. 2, router provided in an embodiment of the present invention threaten cognitive method the following steps are included:
S101, sensory perceptual system is threatened to receive the input data of monitored router, monitored router according to the input
The first state information and the first output data corresponding with the input data exported during data execution task;
Specifically, shown in Figure 3, threaten sensory perceptual system to pass through the incoming line and outlet line in monitored router
On by the way of transversal access, obtain the input data and output data of monitored router.Meanwhile threatening sensory perceptual system logical
Control link is crossed to be communicated with monitored router, obtain after the configuration information of monitored router with monitored router into
The synchronous configuration of row, and obtain the status information of monitored router.
As an embodiment, in this step, sensory perceptual system is threatened also to carry out data flow to input data different
Often detection.
S102, sensory perceptual system is threatened to synchronize according to the configuration information of the monitored router with postponing, according to
The input data executes the application of equal value with the monitored router feature and exports in executing the application process
Second status information and the second output data corresponding with the input data;
Specifically, it threatens sensory perceptual system construct in advance and the application of monitored router feature equivalence, is then based on and quilt
Monitor the consistent input data of router, generate output data after executing the application, and be recorded in execute the application during
Threaten the status information of sensory perceptual system itself.
S103, the sensory perceptual system first state information and second status information are threatened;
Specifically, status information described in the embodiment of the present invention includes various status informations relevant to router operation.
As an embodiment, the first state information and second status information include: system status information, system
At least one of configuration information, protocol state information and the table of system maintenance information.That is, threaten sensory perceptual system than
Compared with itself output status information and monitored router status information when, can from it is above-mentioned it is several in terms of be compared.System
Unite status information can include: cpu use information, memory usage information, progress information, port information, tcp/udp link information,
Interface status information.System configuration information can include: the configuration information of interface, agreement, management of system etc..Protocol state information
Can include: the Routing Protocols such as the basic agreements such as ip/ipv6, icmp status information and rip, ospf, bgp, is-is, mpls
Status information.The table information of system maintenance can include: interface table, ip address table, routing table, arp table, tcp connection table, udp table
Etc. systems list item information.It is understood that first state information and the second status information may also include manufacturer it is customized its
His status information relevant to router operation.
S104, sensory perceptual system first output data and second output data are threatened;
Specifically, output data described in the embodiment of the present invention includes that can embody the various data of data information.As
A kind of embodiment, first output data and second output data include: data content, link number, link
At least one of state and message distribution.That is, threaten sensory perceptual system compare itself output output data and by
Monitor router output data when, can from it is above-mentioned it is several in terms of be compared.
If S105, sensory perceptual system judgement is threatened to know that the first state information and second status information are inconsistent,
Or first output data and second output data it is inconsistent, then it is assumed that there may be prestige for the monitored router
The side of body.
Specifically, false by taking Compare System status information as an example when comparing status information for comparing status information
Be located at CPU use information, port information, memory usage information this three aspect be compared: if CPU use information, port believe
Two aspect of breath, phase recency between the two reaches certain threshold value (such as 90%), memory usage information reach certain threshold value (such as
80%), it is believed that the system status information of the two is consistent;If in CPU use information, port information phase recency between the two
Reach certain threshold value (such as 90%), and the phase recency of memory usage information only have 40% (lower than certain threshold value, such as 50%),
It is considered that the system status information of the two is inconsistent.When any information that status information or output data are included not
Unanimously, then it is assumed that the status information or output data of the two are inconsistent.It is understood that in the state of both judgements
Judgment rule or the threshold value of setting can be according to demand (such as according to application scenarios when perhaps whether output data is consistent for information
Requirement to router safe coefficient) appropriate adjustment is carried out, it but should not be understood as being the qualifications to the embodiment of the present invention.
A kind of router provided in an embodiment of the present invention threatens cognitive method, based on mimicry thought, is supervised with operation
The mode for surveying the application of router feature equivalence, is monitored and compares to the behavior and state of router, with this to router
Threat is perceived.The present invention can cope with caused by Router Security loophole and attack technology means multiplicity from next pair of attack itself
Router threatens the problem for carrying out determining that difficulty is larger, while can realize that the threat to unknown loophole and zero-day attacks perceives.
On the basis of the above embodiments, the present invention provides another embodiment.It is unlike the embodiments above, this hair
Bright embodiment is further comprising the steps of:
If S106, thinking the monitored router, there may be threats, warning information is issued.
It should be noted that router provided by the invention threatens cognitive method that can not only impend for router
Perception also can be applied to the threat perception of other communication equipments similar with router on network.
Fig. 4 is the logic diagram that a kind of router provided in an embodiment of the present invention threatens sensory perceptual system.As shown in figure 4, prestige
Side of body sensory perceptual system includes: input processing unit 401, function equivalence execution body unit 402, epidemic situation comparison unit 403, exports and compare
Unit 404 and analysis Alarm Unit 405.Wherein:
Input processing unit 401 is used to receive the input data of monitored router;Function equivalence executes body unit 402 and uses
It synchronizes according to the configuration information of the monitored router with postponing, is executed and the quilt according to the input data
Monitor router feature application of equal value and export execute the second status information in the application process and with it is described defeated
Enter corresponding second output data of data;Epidemic situation comparison unit 403 is for receiving monitored router according to the input data
The first state information exported during execution task, the first state information and second status information;Output
Comparing unit 404 is used to receive the first output data corresponding with the input data of monitored router output, compares institute
State the first output data and second output data;If analysis Alarm Unit 405 knows the first state information and described
Second status information is inconsistent or first output data and second output data it is inconsistent, then it is assumed that it is described to be supervised
Surveying router, there may be threats.
Specifically, it threatens sensory perceptual system to use and executes body unit building execution with monitored router isomery function equivalence
Body realizes router feature.Threatening the function equivalence in sensory perceptual system to execute body unit 402 and monitored router has equally
Configuration, and with monitored router keep configuration it is synchronous.In conjunction with Fig. 4 and Fig. 5, threaten the workflow of sensory perceptual system specific
It is as follows:
Firstly, sensory perceptual system is threatened to access monitored router in some way, input processing unit 401 obtains and quilt
The identical input data of monitoring router respectively send input data to function equivalence body execution unit 402.Then, function equivalence
Function of the body unit 402 based on input data operation and monitored router equivalence is executed, and output state information is sent to shape
State comparing unit 403 send the output data of generation to output comparing unit 404.Then, epidemic situation comparison unit 403 receives quilt
The status information for monitoring router believes the state that the status information of monitored router and function equivalence execute body unit 402
Breath is compared, and output comparing unit 404 receives the output data of monitored router, by the output data of monitored router
The output data for executing body unit with function equivalence compares.Finally, analysis Alarm Unit 405 is to epidemic situation comparison unit 403
Comparison result, and the comparison result of output comparing unit 404 carries out comprehensive analysis, if the output data that analysis both is learnt
Or status information there is a situation where it is inconsistent, then it is assumed that there may be threats for monitored router.
Wherein, as shown in fig. 6, various ways can be used, such as syslog, SNMP, obtain function equivalence execute body 402 and by
Monitor the status information of router.
Epidemic situation comparison unit 403 compare both status information when, can from system status information, system configuration information,
It is compared in terms of the various embodiment router running state informations such as protocol state information and the table information of system maintenance.Output
Comparing unit 404, can be various from data content, link number, linking status, message distribution etc. when comparing the output data of the two
It is compared in terms of data information can be embodied.
As an embodiment, if analysis Alarm Unit 405 think the monitored router there may be threat,
Then warning information is issued to management system.
As an embodiment, input processing unit 401 can also include the input data to monitored router
The data flow anomaly detection module detected, such as snort realize network intrusion prevention detection function.
As an embodiment, it may include multiple execution bodies that function equivalence, which executes body unit 402,.As shown in fig. 7,
It includes n execution body that function equivalence, which executes body unit 402,.Input processing unit 401 passes through the input data of monitored router
Processing is crossed, duplication is distributed to each execution body;Each execution body operation simultaneously is answered with monitored router isomery function equivalence
With, and the configuration information all with monitored router synchronization;Epidemic situation comparison unit 403 is responsible for each state for executing body
Information is compared with the status information of monitored router, and comparison result is sent to analysis Alarm Unit 405;It exports more single
Member 404 is responsible for for each output data for executing body being compared with the output data of monitored router, and comparison result is sent
To analysis Alarm Unit 405;Analyze the comparison that comparing unit 404 is responsible for epidemic situation comparison unit 403 and is exported to Alarm Unit 405
As a result comprehensive analysis is carried out, threat warning information is provided according to final analysis result.
Router provided in an embodiment of the present invention threatens sensory perceptual system, more by configuring function equivalence execution body unit to
It is a execute body simultaneously run mode, can the threat more accurately to monitored router determine.
As an embodiment, sensory perceptual system is threatened to be configurable to multiple routers while being monitored.Such as
Shown in Fig. 8, only body need to be executed to each monitored router constructing function equivalence in inner part safety pin, to each monitored routing
Device carries out the acquisition of output data and status information respectively and compares.It is monitored by the threat faced to multiple routers,
The threat situation of whole network can be perceived.
It should be noted that it is the stream in order to realize the above method that router provided by the invention, which threatens sensory perceptual system,
Journey specifically refers to above method embodiment, and details are not described herein again.
It is understood that various embodiments provided by the invention can carry out comprehensive use as the case may be, to being supervised
Router is surveyed to impend perception.
Finally, it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although
Present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: it still may be used
To modify the technical solutions described in the foregoing embodiments or equivalent replacement of some of the technical features;
And these are modified or replaceed, technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution spirit and
Range.
Claims (10)
1. a kind of router threatens cognitive method characterized by comprising
Step 1, the input data for receiving monitored router, monitored router execute task process according to the input data
The first state information of middle output and the first output data corresponding with the input data;
Step 2 is synchronized according to the configuration information of the monitored router with postponing, and is executed according to the input data
With the monitored router feature application of equal value and export execute the second status information in the application process and
The second output data corresponding with the input data;
Step 3, the first state information and second status information;
Step 4, first output data and second output data;
If step 5, the first state information and second status information is inconsistent or first output data and described
Second output data is inconsistent, then it is assumed that there may be threats for the monitored router.
2. the method according to claim 1, wherein further include:
If step 6, thinking the monitored router, there may be threats, warning information is issued.
3. method according to claim 1 or 2, which is characterized in that further include after step 1;
Data flow anomaly detection is carried out to the input data.
4. the method according to claim 1, wherein the first state information and second status information are equal
It include: at least one of system status information, system configuration information, protocol state information and the table of system maintenance information.
5. the method according to claim 1, wherein first output data and second output data are equal
It include: at least one of data content, link number, linking status and message distribution.
6. a kind of router threatens sensory perceptual system characterized by comprising
Input processing unit, for receiving the input data of monitored router;
Function equivalence executes body unit, for synchronizing according to the configuration information of the monitored router with postponing, root
The application of equal value with the monitored router feature is executed according to the input data and is exported in executing the application process
The second status information and the second output data corresponding with the input data;
Epidemic situation comparison unit, for receiving monitored router according to first exported during input data execution task
Status information, and the first state information and second status information;
Comparing unit is exported, for receiving the first output data corresponding with the input data of monitored router output,
And first output data and second output data;
Alarm Unit is analyzed, the first state information and second status information are inconsistent or described first defeated if knowing
Data and second output data are inconsistent out, then it is assumed that there may be threats for the monitored router.
7. system according to claim 6, which is characterized in that the analysis Alarm Unit is also used to:
If thinking, there may be threats for the monitored router, issue warning information.
8. system according to claim 6 or 7, which is characterized in that the input processing unit is also used to;
Data flow anomaly detection is carried out to the input data.
9. system according to claim 6, which is characterized in that it includes multiple execution that the function equivalence, which executes body unit,
Body.
10. system according to claim 6, which is characterized in that the first state information and second status information
It include: at least one of system status information, system configuration information, protocol state information and the table of system maintenance information;
First output data and second output data include: in data content, link number, linking status and message distribution
At least one.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910272300.8A CN110149309A (en) | 2019-04-04 | 2019-04-04 | A kind of router threatens cognitive method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910272300.8A CN110149309A (en) | 2019-04-04 | 2019-04-04 | A kind of router threatens cognitive method and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110149309A true CN110149309A (en) | 2019-08-20 |
Family
ID=67589705
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910272300.8A Pending CN110149309A (en) | 2019-04-04 | 2019-04-04 | A kind of router threatens cognitive method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110149309A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111431944A (en) * | 2020-06-10 | 2020-07-17 | 之江实验室 | Mimicry arbitration system and configuration and recovery method thereof |
CN113132351A (en) * | 2021-03-17 | 2021-07-16 | 中国人民解放军战略支援部队信息工程大学 | Method and system for detecting internal state abnormity of mimic router system based on graph convolution network |
CN113132352A (en) * | 2021-03-17 | 2021-07-16 | 中国人民解放军战略支援部队信息工程大学 | Router threat perception method and system based on flow statistical characteristics |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105072036A (en) * | 2015-07-13 | 2015-11-18 | 上海红神信息技术有限公司 | Mimicry routing decision method of multi-instance routing unit |
CN105119836A (en) * | 2015-09-14 | 2015-12-02 | 上海红神信息技术有限公司 | Dynamic operation method of routing protocol component based on state pool |
CN105119820A (en) * | 2015-07-23 | 2015-12-02 | 中国人民解放军信息工程大学 | Routing protocol multi-instance parallel execution system and parallel execution method thereof |
CN105791279A (en) * | 2016-02-29 | 2016-07-20 | 中国人民解放军信息工程大学 | Mimic SDN controller construction method |
CN106506449A (en) * | 2016-09-27 | 2017-03-15 | 国家数字交换系统工程技术研究中心 | A kind of unknown abnormal detection method, device and testing equipment |
CN106656834A (en) * | 2016-11-16 | 2017-05-10 | 上海红阵信息科技有限公司 | IS-IS routing protocol heterogeneous function equivalent body parallel normalization device and method |
CN106713131A (en) * | 2016-11-18 | 2017-05-24 | 上海红阵信息科技有限公司 | Multi-BGP routing instance parallel execution device |
-
2019
- 2019-04-04 CN CN201910272300.8A patent/CN110149309A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105072036A (en) * | 2015-07-13 | 2015-11-18 | 上海红神信息技术有限公司 | Mimicry routing decision method of multi-instance routing unit |
CN105119820A (en) * | 2015-07-23 | 2015-12-02 | 中国人民解放军信息工程大学 | Routing protocol multi-instance parallel execution system and parallel execution method thereof |
CN105119836A (en) * | 2015-09-14 | 2015-12-02 | 上海红神信息技术有限公司 | Dynamic operation method of routing protocol component based on state pool |
CN105791279A (en) * | 2016-02-29 | 2016-07-20 | 中国人民解放军信息工程大学 | Mimic SDN controller construction method |
CN106506449A (en) * | 2016-09-27 | 2017-03-15 | 国家数字交换系统工程技术研究中心 | A kind of unknown abnormal detection method, device and testing equipment |
CN106656834A (en) * | 2016-11-16 | 2017-05-10 | 上海红阵信息科技有限公司 | IS-IS routing protocol heterogeneous function equivalent body parallel normalization device and method |
CN106713131A (en) * | 2016-11-18 | 2017-05-24 | 上海红阵信息科技有限公司 | Multi-BGP routing instance parallel execution device |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111431944A (en) * | 2020-06-10 | 2020-07-17 | 之江实验室 | Mimicry arbitration system and configuration and recovery method thereof |
CN113132351A (en) * | 2021-03-17 | 2021-07-16 | 中国人民解放军战略支援部队信息工程大学 | Method and system for detecting internal state abnormity of mimic router system based on graph convolution network |
CN113132352A (en) * | 2021-03-17 | 2021-07-16 | 中国人民解放军战略支援部队信息工程大学 | Router threat perception method and system based on flow statistical characteristics |
CN113132351B (en) * | 2021-03-17 | 2022-11-01 | 中国人民解放军战略支援部队信息工程大学 | Method and system for detecting internal state abnormity of mimic router system based on graph convolution network |
CN113132352B (en) * | 2021-03-17 | 2023-02-10 | 中国人民解放军战略支援部队信息工程大学 | Router threat perception method and system based on flow statistical characteristics |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3725054B1 (en) | Contextual risk monitoring | |
Chung et al. | NICE: Network intrusion detection and countermeasure selection in virtual network systems | |
CN109922021B (en) | Safety protection system and safety protection method | |
Alsmadi et al. | Security of software defined networks: A survey | |
Xing et al. | Snortflow: A openflow-based intrusion prevention system in cloud environment | |
CN110149309A (en) | A kind of router threatens cognitive method and system | |
KR101615045B1 (en) | Intelligent security networking system | |
Naseer | Implementation of Hybrid Mesh firewall and its future impacts on Enhancement of cyber security | |
US20170134400A1 (en) | Method for detecting malicious activity on an aircraft network | |
Bose et al. | Blockchain as a service for software defined networks: A denial of service attack perspective | |
Atighetchi et al. | Adaptive cyberdefense for survival and intrusion tolerance | |
Neu et al. | Lightweight IPS for port scan in OpenFlow SDN networks | |
Thomas et al. | DDOS detection and denial using third party application in SDN | |
Khan et al. | FML: A novel forensics management layer for software defined networks | |
Modarresi et al. | A framework for improving network resilience using SDN and fog nodes | |
Singh et al. | Prevention mechanism for infrastructure based denial-of-service attack over software defined network | |
CN109743314A (en) | Monitoring method, device, computer equipment and its storage medium of Network Abnormal | |
Jung et al. | Anomaly Detection in Smart Grids based on Software Defined Networks. | |
IL259472A (en) | An anomaly detection system and method | |
Demırcı et al. | Virtual security functions and their placement in software defined networks: A survey | |
Etxezarreta et al. | Software-Defined Networking approaches for intrusion response in Industrial Control Systems: A survey | |
Hershey et al. | Procedure for detection of and response to distributed denial of service cyber attacks on complex enterprise systems | |
US10296744B1 (en) | Escalated inspection of traffic via SDN | |
Gonçalves et al. | IPS architecture for IoT networks overlapped in SDN | |
Lange et al. | Event Prioritization and Correlation based on Pattern Mining Techniques |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190820 |