CN110247893A - A kind of data transmission method and SDN controller - Google Patents
A kind of data transmission method and SDN controller Download PDFInfo
- Publication number
- CN110247893A CN110247893A CN201910390899.5A CN201910390899A CN110247893A CN 110247893 A CN110247893 A CN 110247893A CN 201910390899 A CN201910390899 A CN 201910390899A CN 110247893 A CN110247893 A CN 110247893A
- Authority
- CN
- China
- Prior art keywords
- forwarding device
- connection
- sdn controller
- flow
- historical data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment provides a kind of data transmission methods and SDN controller, it is related to field of communication technology, it solves and exists in the prior art since attacker gets the mark ID of some forwarding device, the relevant informations such as source IP address, purpose IP address, to carry out DoS attack to SDN controller level, the network paralysis for leading to large area, the problem of influencing the experience of user.This method includes that SDN controller obtains the historical data that the forwarding device of connection has been established;Wherein, to include forwarding device send first number of request to SDN controller to historical data and SDN controller sends second number of message to forwarding device or historical data includes Connection Time that forwarding device establishes connection with SDN controller for the last time;SDN controller is determined when meeting preset condition, generates warning information and disconnect the connection with forwarding device, and re-establish the connection with forwarding device according to mark ID according to historical data.
Description
Technical field
The present invention relates to field of communication technology more particularly to a kind of data transmission methods and SDN controller.
Background technique
Refusal service (denial of service, DoS) is a kind of simple but effectively offensive pattern, main needle
The validity of network service is destroyed, prevent aggrieved computer or network be from receiving and processing extraneous request in time, or
Extraneous request can not be timely responded to, so that the network service of legitimate user is not normally functioning, causes the experience of user bad.
In the prior art, for software defined network (software defined network, SDN) controller and forwarding
When equipment connects, it is necessary first to carry out authentication, SDN controller will record in mark ID deposit flow table, each forwarding device
A corresponding independent mark ID;Wherein, mark ID is disposable generates and identical with forwarding device life cycle.If attacker
The mark ID of some forwarding device is got, the relevant informations such as source IP address, purpose IP address, attacker, which can forge, at this time is somebody's turn to do
The solicited message of forwarding device carries out DoS attack to SDN controller level, so that the network equipment of SDN controller level is unequal to
Load and paralysing or stopping providing normal network service influences the experience of user so as to cause the network paralysis of large area.
It can be seen from the above, exist in the prior art since attacker gets the mark ID of some forwarding device, source IP
The relevant informations such as location, purpose IP address lead to the network paralysis of large area to carry out DoS attack to SDN controller level,
The problem of influencing the experience of user.
Summary of the invention
The embodiment of the present invention provides a kind of data transmission method and SDN controller, solve exist in the prior art by
The mark ID of some forwarding device, the relevant informations such as source IP address, purpose IP address are got in attacker, to control to SDN
Device level processed carries out DoS attack, the problem of leading to the network paralysis of large area, influence the experience of user.
In order to achieve the above objectives, the embodiment of the present invention adopts the following technical scheme that
In a first aspect, the embodiment of the present invention provides a kind of data transmission method, comprising: the acquisition of SDN controller has been established
The historical data of the forwarding device of connection;Wherein, historical data includes the first time that forwarding device sends request to SDN controller
It is several with SDN controller send second number of message to forwarding device or historical data include forwarding device last time with
SDN controller establishes the Connection Time of connection;SDN controller determines that generation alerts when meeting preset condition according to historical data
The connection of information and disconnection and forwarding device, and the connection with forwarding device is re-established according to mark ID;Wherein, each SDN
Controller establishes that the mark ID of connection is different, and warning information is used to indicate forwarding device, and there are dos attacks from forwarding device.
By above scheme it is found that the historical data of the forwarding device of connection has been established by obtaining for the embodiment of the present invention,
So as to according to historical data, differentiate the forwarding device with the presence or absence of DoS attack, when according to historical data, determining satisfaction is pre-
If when condition, generating warning information and disconnecting the connection with forwarding device, so as to prevent the attack to SDN controller;Together
When, after disconnecting the connection with forwarding device in order to prevent, other users are initiated to request by the forwarding device to SDN controller,
To re-establish the connection with forwarding device according to mark ID after disconnecting the connection with forwarding device;At this point, passing through setting
It is different that each SDN controller and forwarding device establish the mark ID of connection, so as to prevent attacker from utilizing the forwarding again
The mark ID of equipment, the relevant informations such as source IP address, purpose IP address forge solicited message and carry out DoS to SDN controller level
Attack, ensure that the normal operation of SDN controller;It solves to exist in the prior art and be set since attacker gets some forwarding
Standby mark ID, the relevant informations such as source IP address, purpose IP address cause to carry out DoS attack to SDN controller level
The network paralysis of large area, the problem of influencing the experience of user.
Second aspect, the embodiment of the present invention provide a kind of SDN controller, comprising: acquiring unit has been established for obtaining
The historical data of the forwarding device of connection;Wherein, historical data includes the first time that forwarding device sends request to SDN controller
It is several with SDN controller send second number of message to forwarding device or historical data include forwarding device last time with
SDN controller establishes the Connection Time of connection;Processing unit, the historical data for being obtained according to acquiring unit determine and meet
When preset condition, generate warning information and disconnect with the connection of forwarding device, and re-established according to mark ID and forwarding device
Connection;Wherein, each SDN controller establishes that the mark ID of connection is different, and warning information is used to indicate forwarding from forwarding device
There are dos attacks for equipment.
The third aspect, the embodiment of the present invention provide a kind of SDN controller, comprising: communication interface, processor, memory,
Bus;For storing computer executed instructions, processor is connect with memory by bus memory, when SDN controller is run
When, processor executes the computer executed instructions of memory storage, so that SDN controller is executed as above-mentioned first aspect provides
Method.
Fourth aspect, the embodiment of the present invention provide a kind of computer storage medium, including instruction, when its on computers
When operation, so that computer executes the method provided such as above-mentioned first aspect.
It is corresponded to it is to be appreciated that any SDN controller of above-mentioned offer is used to execute first aspect presented above
Method, therefore, attainable beneficial effect can refer to the method and following detailed description of first aspect above
In corresponding scheme beneficial effect, details are not described herein again.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
It obtains other drawings based on these drawings.
Fig. 1 is the schematic diagram of DoS attack mode in the prior art;
Fig. 2 is in the prior art for the schematic diagram of the DoS attack mode of management plane;
Fig. 3 is schematic diagram of the management plane to the DoS attack mode of Forwarding plane equipment in the prior art;
Fig. 4 is the schematic diagram of the DoS attack mode of Forwarding plane equipment room in the prior art;
Fig. 5 is the network architecture diagram for the SDN that the embodiment of the present invention provides;
Fig. 6 is one of the flow diagram of data transmission method that the embodiment of the present invention provides;
Fig. 7 is the two of the flow diagram for the data transmission method that the embodiment of the present invention provides;
Fig. 8 is the structural schematic diagram of the mark ID for the data transmission method that the embodiment of the present invention provides;
Fig. 9 is the three of the flow diagram for the data transmission method that the embodiment of the present invention provides;
Figure 10 is the four of the flow diagram for the data transmission method that the embodiment of the present invention provides;
Figure 11 is the five of the flow diagram for the data transmission method that the embodiment of the present invention provides;
Figure 12 is the six of the flow diagram for the data transmission method that the embodiment of the present invention provides;
Figure 13 is that the three-dimensional vector for the data transmission method that the embodiment of the present invention provides analyzes schematic diagram;
Figure 14 is the schematic diagram of 3 forwarding devices being connected;
Figure 15 is the seven of the flow diagram for the data transmission method that the embodiment of the present invention provides;
Figure 16 is the eight of the flow diagram for the data transmission method that the embodiment of the present invention provides;
Figure 17 is that the bivector for the data transmission method that the embodiment of the present invention provides analyzes schematic diagram;
Figure 18 is one of the structural schematic diagram for the SDN controller that the embodiment of the present invention provides;
Figure 19 is the second structural representation for the SDN controller that the embodiment of the present invention provides.
Appended drawing reference:
SDN controller -10;
Acquiring unit -101;Processing unit -102.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
For the ease of clearly describing the technical solution of the embodiment of the present invention, in an embodiment of the present invention, use " the
One ", the printed words such as " second " distinguish function and the essentially identical identical entry of effect or similar item, and those skilled in the art can
To understand that the printed words such as " first ", " second " are not to be defined to quantity and execution order.
In embodiments of the present invention, " illustrative " or " such as " etc. words for indicate make example, illustration or explanation.This
Be described as in inventive embodiments " illustrative " or " such as " any embodiment or design scheme be not necessarily to be construed as comparing
Other embodiments or design scheme more preferably or more advantage.Specifically, use " illustrative " or " such as " etc. words purport
Related notion is being presented in specific ways.
In the description of the embodiment of the present invention, unless otherwise indicated, the meaning of " plurality " is refer to two or more.Example
Such as, multiple networks refer to two or more networks.
The terms "and/or", only a kind of incidence relation for describing affiliated partner, indicates that there may be three kinds of passes
System, for example, A and/or B, can indicate: individualism A exists simultaneously A and B, these three situations of individualism B.Symbol herein
Number "/" indicates that affiliated partner is that relationship such as A/B perhaps indicates A or B.
SDN is a kind of new network of Emulex network innovation framework, by separating network equipment control plane with data surface, thus real
The flexible control for having showed network flow allows network to become a kind of resource that can flexibly deploy, while attacker is to using SDN framework
Network DoS attack it is also more and more.Wherein, most basic DoS attack is exactly to be full of network server in a short time
A large amount of information for requiring to reply, rapid consumption network bandwidth and system resource, cause network or system to be sinkd beneath one's burden and paralyse or
Stop providing normal network service;As shown in Figure 1, attacker attacks victim host using one-to-one form;This
When, if the performance indicators such as the processor performance of victim host, memory size, network bandwidth are not high, it will cause at this time aggrieved
Host sinks beneath one's burden and paralyses or stop providing normal network service.
Fig. 2 gives the schematic diagram that attacker carries out DoS attack to the management plane of the network using SDN framework;Wherein,
For attacker by forging the data flow that is largely not present and being sent to forwarding device 2, forwarding device 2 can not be in oneself stream after receiving
The forward rule of these data flows is inquired in table, therefore can send a large amount of inquiry requests to SDN controller, at this time SDN controller
Resource be used to respond the request of forwarding device 2, if other users are by forwarding device 1 to the SDN controller application stream simultaneously
The inquiry of table information is then unable to get normal response, is just had occurred at this time for the network-based control device management using SDN framework
Plane carries out DoS attack.
Fig. 3 gives signal of the attacker to the management plane of the network using SDN framework to the DoS attack of Forwarding plane
Figure;Wherein, if attacker forges a large amount of useless inquiry requests, but source address extends this as the address of forwarding device 1, then SDN
After controller receives inquiry request, a large amount of flow tables are issued to forwarding device 1 according to source address information, since SDN controller issues
Flow table, forwarding device needs are handled it, if it exceeds the processing capacity of forwarding device 1 itself, then forwarding device 1 can not at this time
The access request for responding other users, just has occurred management plane to the DoS attack of Forwarding plane equipment at this time.
Fig. 4 gives attacker to the schematic diagram of the DoS attack the Forwarding plane using the network of SDN framework;Wherein,
If attacker forges a large amount of identical information and is transmitted directly to forwarding device 2, forwarding device 2 turns flow according to flow table information
Forwarding device 1 is issued, if having exceeded the processing capacity of forwarding device 1 itself, user issues request letter to forwarding device 1 at this time
Breath or SDN controller are to when photos and sending messages, forwarding device 1 can not be responded thereto, and just be turned at this time under forwarding device 1
Send out the DoS attack between planar device.
In view of the above-mentioned problems, the data transmission method that the embodiment of the present invention provides, provides use as shown in Figure 5
The network architecture diagram of SDN framework, including application plane, management plane and Forwarding plane;Wherein, the SDN control in management plane
Device is except having the functions such as Topology Management, resource management, performance management, service management, we are added to security module again, wherein pacifying
Full module includes authentication function, flow analysis function, alarming processing function, to can effectively be detected by security module
Attacker carries out DoS attack, attacker to the network using SDN framework to the management plane of the network using SDN framework out
Management plane attacks the DoS attack of Forwarding plane and attacker between the DoS the Forwarding plane using the network of SDN framework
It hits, carries out alarming processing, guarantee that the normal operation of the network using SDN framework, concrete implementation mode are as follows:
Embodiment one
The embodiment of the present invention provides a kind of data transmission method, includes: as shown in Figure 6 and Figure 7
S101, SDN controller obtain the historical data that the forwarding device of connection has been established;Wherein, historical data includes turning
It sends out equipment and sends second number of first number of request with SDN controller to forwarding device transmission message to SDN controller, or
Person's historical data includes the Connection Time that forwarding device last time establishes connection with SDN controller.
S102, SDN controller determine that generation warning information simultaneously disconnects and turns when meeting preset condition according to historical data
The connection of equipment is sent out, and re-establishes the connection with forwarding device according to identity identification number (identity, ID);Its
In, establish that the mark ID of connection is different, and warning information is used to indicate forwarding device, and there are dos attacks from forwarding device every time.
It should be noted that in actual application, the authentication function in security module include: SDN controller and
When forwarding device establishes connection, it is necessary first to carry out authentication, SDN controller can according to the id information of forwarding device itself,
Mark ID is generated in conjunction with the storage rule of SDN controller, SDN controller will record in mark ID deposit flow table, and by the mark
ID is sent to corresponding forwarding device, to send SDN controller when forwarding device and SDN controller carry out authentication
Mark ID be sent to SDN controller, to mark ID that SDN controller is sent according to the forwarding device and be stored in the flow table
The mark ID of the correspondence forwarding device compare, when two mark ID are consistent, the mirror of the forwarding device and SDN controller
Power authenticates successfully, so that SDN controller establishes the connection with the forwarding device;Wherein, the corresponding independence of each forwarding device
Mark ID, while can generate some data cookie being stored on user local terminal for flow table use.
Illustratively, using forwarding device as interchanger, SDN controller establishes the mark ID of connection not with forwarding device every time
Together, comprising:
For an interchanger, itself has an id information, usually uses media access control address (Media
Access Control Address, MAC) it is identified;Illustratively, MAC Address can occupy 6 bytes, using 16
System compiles the MAC Address.
When SDN controller receives the id information of interchanger, id information (MAC of the SDN controller in the interchanger
Location) on 3 bytes of addition ((wherein, for indicating the last Connection Time, 1 byte identifies 2 bytes for indicating interaction times
The structure of ID is as shown in Figure 8) so that the mark ID generated every time is different;Illustratively, newly added 3 bytes use
Hexadecimal is compiled.
But in traditional SDN definition, when SDN controller and forwarding device establish connection, mark ID is disposable life
At and with forwarding device life cycle it is identical.If attacker gets the ID of some forwarding device, Internet protocol (internet
Protocol, IP) relevant informations such as address, attacker can forge the forwarding device to controller level or Forwarding plane
Other network equipments are attacked.So first step is exactly to increase authentication in security module, if information transmitting every time
When all carry out authentication, this method is comparatively safe, but in this case SDN controller can be allowed to increase additional calculating generation
Valence and storage resource in order to ensure the certification validity of forwarding device to a certain extent, and do not allow SDN controller to be paid
More calculating costs, we store the connection of SDN controller and each equipment by authentication module, and according to information
The number of transmitting and the length (such as S1020 and S1021) for establishing connection judge that forwarding device with the presence or absence of DoS attack, works as forwarding
There are when Dos attack, the alarming processing function in security module just will start equipment, after generating warning information, with the forwarding
Equipment re-connects, since each SDN controller is established from forwarding device, the mark ID of connection is different, and attacker exists
SDN controller and forwarding device are established after connection due to the mark ID new without the forwarding device, to can not control again to SDN
Device processed initiates DoS attack, improves the experience that SDN controller secure has ensured user.
Optionally, historical data includes first several and second number;SDN controller determines and meets according to historical data
When preset condition, generate warning information and disconnect with the connection of forwarding device, and re-established according to mark ID and forwarding device
Connection, include: as shown in figures 7 and 9
S1020, SDN controller determine first number and second in designated time period according to first several and second number
When the sum of number is greater than or equal to first threshold, generates warning information and disconnect the connection with forwarding device, and according to mark ID
Re-establish the connection with forwarding device.
Optionally, historical data includes the Connection Time;SDN controller is according to historical data, when determination meets preset condition,
It generates warning information and disconnects the connection with forwarding device, and the connection with forwarding device, such as Fig. 7 are re-established according to mark ID
Include: with shown in Figure 10
S1021, SDN controller are according to the Connection Time, when determining that the difference of current time and Connection Time are greater than or equal to
Between threshold value when, generate warning information and disconnect with the connection of forwarding device, and re-established and forwarding device according to mark ID
Connection.
It should be noted that in actual application, when SDN controller and forwarding device establish connection, SDN controller meeting
Corresponding flow table is generated, as shown in table 1.
Table 1
current_time | switch_ID | connection_time | interval | count |
Wherein, current_time indicates current time, and switch_ID indicates the mark ID number of forwarding device,
Connection_time indicates the last Connection Time, and interval indicates defined interval time (unit hour),
Count indicates that (each SDN controller issues data or the forwarding device to SDN controller to the forwarding device to interaction times
Request data, interaction times all+1).
When current_time and connection_time difference >=interval (time threshold can also be become) or
When count value reaches defined numerical value (such as first threshold), SDN controller needs to carry out authentication with the forwarding device again,
Connection_time becomes current time after being authenticated, and count number is since 0.
Wherein, according to historical data, setting one re-authenticates the interval time of certification, avoids frequently re-establishing connection
Authentication consumes resource;According to historical data, the information interaction of SDN controller and forwarding device whithin a period of time is counted
Secondary interaction times may thereby determine that the first threshold in time rating, if being more than the of setting within time rating
One threshold value, then it is assumed that be to have abnormal flow data consumption of network resources within time rating, to disconnect SDN controller at this time and turn
The connection between equipment is sent out, authentication is re-started.
By above scheme it is found that the data transmission method that the embodiment of the present invention provides compared with prior art can be effective
The DoS attack (the DoS attack type of Fig. 2) for preventing forwarding plane from carrying out to management plane, between SDN controller and forwarding device
It is unalterable for establishing connection not, but will not re-establish connection frequently to consume the computing resource of controller, according to
Time threshold and first threshold can effectively protect management plane and Forwarding plane, and control forwarding device and SDN are controlled
The connection authentication relationship of device processed.
Optionally, the second flow that historical data further includes the first flow of arrival forwarding device, flows out from forwarding device
And flow through the third flow of forwarding device, this method as shown in Fig. 7, Figure 11 and Figure 12 further include:
S103, SDN controller are according to historical data, when determination is unsatisfactory for preset condition, determine that first flow is greater than first
Flow threshold generates alarm when perhaps second flow is greater than second flow threshold value or third flow and is greater than third flow threshold
The connection of information and disconnection and forwarding device, and the connection with forwarding device is re-established according to mark ID.
Wherein, S103, SDN controller determine that first flow is greater than when determination is unsatisfactory for preset condition according to historical data
First flow threshold value generates when perhaps second flow is greater than second flow threshold value or third flow and is greater than third flow threshold
The connection of warning information and disconnection and forwarding device, and the connection with forwarding device is re-established according to mark ID, comprising:
S1030, SDN controller determine that being unsatisfactory for interaction times in designated time period is greater than or equal to according to historical data
When first threshold, determine that perhaps second flow is greater than second flow threshold value or third to first flow greater than first flow threshold value
When flow is greater than third flow threshold, generates warning information and disconnect the connection with forwarding device, and built again according to mark ID
The vertical connection with forwarding device.
Alternatively,
S1031, SDN controller according to historical data, determine be unsatisfactory for current time and the difference of Connection Time be greater than or
When equal to time threshold, determine first flow be greater than first flow threshold value perhaps second flow be greater than second flow threshold value or
When third flow is greater than third flow threshold, generates warning information and disconnect the connection with forwarding device, and according to mark ID weight
The new connection established with forwarding device.
Specifically, passing through first flow, second flow, third flow, first flow threshold value, in actual application
(wherein, first flow threshold value can reach the first flow of forwarding device according to history for two flow thresholds and third flow threshold
It determines, second flow threshold value can determine that third flow threshold can be according to stream according to the second flow flowed out from forwarding device
Third flow through forwarding device determines) it can establish three-dimensional cartesian coordinate system as shown in fig. 13 that;Wherein, PACoordinate bePANCoordinate be (PN-X, PN-Y, PN-Z), PN-XEqual to first
Flow threshold, PN-YEqual to second flow threshold value, PN-ZEqual to third flow threshold, IAIndicate first flow, OAIndicate second
Amount, TAIndicate third flow.
As point PAFall in PAN(first is equivalent to when except the enclosure space formed with X/Y plane, XZ plane and YZ plane
Flow is greater than first flow threshold value, and perhaps second flow is greater than second flow threshold value or third flow is greater than third flow threshold
Value), illustrate there are abnormal conditions at this time;And as point PAFall in PANThe closing formed with X/Y plane, XZ plane and YZ plane is empty
Between within when (be equivalent to first flow less than or equal to first flow threshold value, and second flow is less than or equal to second flow
Threshold value, and third flow is less than or equal to third flow threshold), illustrate that there is no abnormal conditions at this time, so as to more
It is intuitive to differentiate currently with the presence or absence of the above flow.
It should be noted that the flow analysis function in security module is to establish connection with the SDN controller to each
Forwarding device carry out flow analysis, pass through reach inflow flow, flow out outflow flow, flow out throughflow flow
This 3 parameters are compared, and analyze the abnormal flow between forwarding device.
Illustratively, there are 3 forwarding devices (respectively forwarding device A, forwarding device B and forwarding by taking Figure 14 as an example, in figure
Equipment C), the flow table information issued according to SDN controller, wherein comprising source (source, src) IP, purpose (destination,
Des) IP information shows that a flow is to go to another forwarding device from a forwarding device.
This flow is outflow flow for the forwarding device of srcIP;Forwarding device for desIP is inflow
Flow;According to routing iinformation, the forwarding device of approach is all denoted as its troughflow flow.Such as SDN controller issues one
Flow srcIP is the IP of forwarding device A, and desIP is the IP of forwarding device C, then is outflow for this flow of forwarding device A
Flow is inflow flow for this flow of forwarding device C, is throughflow flow for this flow of forwarding device B.
Wherein, each forwarding device has the function of traffic statistics, certain time, and SDN controller is obtained from each equipment
Data on flows is taken, and is recorded in the traffic conditions in designated time period, these data are compared with previous data on flows,
To analyse whether that there are abnormal conditions.
By taking forwarding device A as an example, the flow that forwarding device A can be counted into forwarding device A is flowed out with from forwarding device A
Flow, according to flow table information, it is understood that from the flow of forwarding device A, i.e. outflow flow reaches forwarding device A
Flow, i.e. inflow flow;According to the flow of the slave forwarding device A outflow of equipment itself statistics, our available processes
The flow of forwarding device A, i.e. troughflow flow.
Our available forwarding device A at the appointed time traffic conditions in section, so as to determine point PACoordinateBy determining point PAAnd PANWith X/Y plane, XZ plane and YZ
The positional relationship for the enclosure space that plane is formed, so as to identify the DoS attack such as Fig. 3 or Fig. 4.
Specifically, determining point P for the sake of convenience of calculationACoordinate when, can directly use first flow, second flow
Point P is indicated with third flowACoordinate, i.e. point PACoordinate be (IA, OA, TA)。
Optionally, this method as shown in Fig. 7, Figure 15 and Figure 16 further include:
S104, SDN controller are according to historical data, when determination is unsatisfactory for preset condition, determine that first number is greater than second
When threshold value or second number are greater than third threshold value, generate warning information and disconnect the connection with forwarding device, and according to mark
ID re-establishes the connection with forwarding device.
Wherein, S104, SDN controller determine that first number is greater than when determination is unsatisfactory for preset condition according to historical data
When second threshold or second number are greater than third threshold value, generate warning information and disconnect the connection with forwarding device, and according to
Mark ID re-establishes the connection with forwarding device, comprising:
S1040, SDN controller determine that being unsatisfactory for interaction times in designated time period is greater than or equal to according to historical data
When first threshold, when determining that first number is greater than second threshold or second number greater than third threshold value, warning information is generated simultaneously
The connection with forwarding device is disconnected, and the connection with forwarding device is re-established according to mark ID.
Alternatively,
S1041, SDN controller according to historical data, determine be unsatisfactory for current time and the difference of Connection Time be greater than or
When equal to time threshold, when determining that first number is greater than second threshold or second number greater than third threshold value, alarm letter is generated
The connection with forwarding device is ceased and disconnected, and the connection with forwarding device is re-established according to mark ID.
Specifically, can be built in actual application by first number, second number, second threshold and third threshold value
Rectangular coordinate system shown in Liru Figure 17;Wherein, point PSACoordinate bePSNCoordinate be
(PNA-X, PNA-Y), PSN-XEqual to first threshold, PSN-YEqual to second threshold, ISAIndicate first number, OSAIndicate second number.
As point PSAFall in PSNWhen except the enclosure space formed with X-axis and Y-axis (first number is equivalent to greater than the second threshold
Value or second number are greater than third threshold value), illustrate there are abnormal conditions at this time;As point PSAFall in PSNIt is formed with X-axis and Y-axis
Enclosure space within when (be equivalent to first number less than or equal to second threshold, and second number is less than or equal to third
Threshold value), illustrate that there is no abnormal conditions at this time, currently whether there is the above flow so as to more intuitive differentiation.
It should be noted that for SDN controller, it does not flow through flow in actual application, so to it
Only analysis inflow flow and outflow flow.
When wherein, for SDN controller, Outflow flow refers to that SDN controller sends forwarding flow table i.e. to forwarding device
Second number of sending down service command request, inflow flow refer to that forwarding device sends service inquiry or resource tune to controller
First number of request is spent, we need to analyze the request flow of SDN controller and every forwarding device, in this way can be more preferable
When an abnormal situation occurs, found the abnormal situation rapidly is occurred in which platform equipment room.
Similarly, we can determine point P according to first number and second number in designated time periodSACoordinate beBy determining point PSAAnd PSNThe positional relationship ratio of the enclosure space formed with X-axis and Y-axis,
So as to identify the DoS attack of Fig. 2.
Specifically, determining point P for the sake of convenience of calculationSACoordinate when, can directly several with first time and third number
Indicate point PSACoordinate, i.e. point PSACoordinate be (ISA, OSA)。
Specifically, as shown in fig. 7, forwarding device A networking, needs and SDN controller carries out authentication (SDN controller
Initial marking ID is distributed for forwarding device A), so that SDN controller can be normally carried out service interaction with forwarding device A;Then
SDN controller carries out traffic monitoring to forwarding device A, analyzes its flow PASituation, if current_time with
Connection_time >=interval or monitor count value be more than (expression is greater than or equal to) first threshold when, need
It generates warning information and re-starts the authentication of SDN controller and equipment, then recycling is reciprocal;If current_
Time and connection_time < interval or count value < first threshold, and monitor flow PA>=flow threshold
Value issues alarm, and disconnects the connection of SDN controller Yu forwarding device A, and is re-established and forwarding device according to mark ID
Connection;Work as PSA(illustrate that there may be DoS attacks for SDN controller at this time) when >=second threshold, SDN controller need to be disconnected and owns
Forwarding device, and attack is handled, make SDN controller and forwarding device A again again after detection SDN controller is normal
It is attached.
A kind of SDN network for coping with DoS attack that this patent elaborates detects and precautionary scheme, by proposing that SDN management is flat
The authentication method and management plane and Forwarding plane flow analysis method of face and Forwarding plane, can efficiently identify out needle
Alarming processing is made for the DoS attack of management plane or Forwarding plane, and according to attack, the primary object of this patent is to mention
The authentication method and management plane of a kind of management plane and Forwarding plane and Forwarding plane flow analysis method out, to the greatest extent may be used
Can guarantee under the premise of network availability rapidly and efficiently identify and handle abnormal conditions.
By above scheme it is found that the historical data of the forwarding device of connection has been established by obtaining for the embodiment of the present invention,
So as to according to historical data, differentiate the forwarding device with the presence or absence of DoS attack, when according to historical data, determining satisfaction is pre-
If when condition, generating warning information and disconnecting the connection with forwarding device, so as to prevent the attack to SDN controller;Together
When, after disconnecting the connection with forwarding device in order to prevent, other users are initiated to request by the forwarding device to SDN controller,
To re-establish the connection with forwarding device according to mark ID after disconnecting the connection with forwarding device;At this point, passing through setting
It is different that each SDN controller and forwarding device establish the mark ID of connection, so as to prevent attacker from utilizing the forwarding again
The mark ID of equipment, the relevant informations such as source IP address, purpose IP address forge solicited message and carry out DoS to SDN controller level
Attack, ensure that the normal operation of SDN controller;It solves to exist in the prior art and be set since attacker gets some forwarding
Standby mark ID, the relevant informations such as source IP address, purpose IP address cause to carry out DoS attack to SDN controller level
The network paralysis of large area, the problem of influencing the experience of user.
Embodiment two
The embodiment of the present invention provides a kind of SDN controller 10, includes: as shown in figure 18
Acquiring unit 101, for obtaining the historical data that the forwarding device of connection has been established;Wherein, historical data includes
Forwarding device sends second number of first number of request with SDN controller to forwarding device transmission message to SDN controller,
Or historical data includes the Connection Time that forwarding device last time establishes connection with SDN controller.
Processing unit 102, the historical data for being obtained according to acquiring unit 101 when determination meets preset condition, generate
The connection of warning information and disconnection and forwarding device, and the connection with forwarding device is re-established according to mark ID;Wherein, every time
Establish that the mark ID of connection is different, and warning information is used to indicate forwarding device, and there are dos attacks from forwarding device.
Optionally, historical data includes first several and second number;Processing unit 102 is specifically used for single according to obtaining
Second number that first number and acquiring unit 101 that member 101 obtains obtain, determines first number and second in designated time period
When the sum of number is greater than or equal to first threshold, generates warning information and disconnect the connection with forwarding device, and according to mark ID
Re-establish the connection with forwarding device;Wherein, establish that the mark ID of connection is different, and warning information is used for from forwarding device every time
Indicate that there are dos attacks for forwarding device.
Optionally, historical data includes the Connection Time;Processing unit 102, specifically for what is obtained according to acquiring unit 101
Connection Time when determining that current time and the difference of Connection Time are greater than or equal to time threshold, generates warning information and disconnects
With the connection of forwarding device, and according to mark ID re-establish the connection with forwarding device.
Optionally, the second flow that historical data further includes the first flow of arrival forwarding device, flows out from forwarding device
And flow through the third flow of forwarding device;Processing unit 102 is also used to the historical data obtained according to acquiring unit 101, really
When being unsatisfactory for preset condition surely, determine that the first flow that acquiring unit 101 obtains is greater than first flow threshold value or acquiring unit
101 second flows obtained are greater than the third flow that second flow threshold value or acquiring unit 101 obtain and are greater than third flow threshold
When value, generates warning information and disconnect the connection with forwarding device, and the connection with forwarding device is re-established according to mark ID.
Optionally, processing unit 102, are also used to the historical data obtained according to acquiring unit 101, and determination is unsatisfactory for presetting
When condition, determine that first number of the acquisition of acquiring unit 101 is greater than second of second threshold or the acquisition of acquiring unit 101
When number is greater than third threshold value, generates warning information and disconnect the connection with forwarding device, and re-establish and turn according to mark ID
Send out the connection of equipment.
Wherein, all related contents for each step that above method embodiment is related to can quote corresponding function module
Function description, effect details are not described herein.
SDN controller 10 includes: storage unit, processing unit and acquiring unit the case where using integrated module.
Processing unit is for carrying out control management to the movement of SDN controller, for example, processing unit is for supporting SDN controller to execute
Process S101 and S102 in Fig. 6;Acquiring unit is used to support the information exchange of SDN controller and other equipment.Storage unit,
For storing the program code and data of SDN controller.
Wherein, using processing unit as processor, storage unit is memory, and acquiring unit is for communication interface.Wherein,
SDN controller is referring to Fig.1 shown in 9, including communication interface 501, processor 502, memory 503 and bus 504, communication interface
501, processor 502 is connected by bus 504 with memory 503.
Processor 502 can be a general central processor (Central Processing Unit, CPU), micro process
Device, application-specific integrated circuit (Application-Specific Integrated Circuit, ASIC) or one or more
A integrated circuit executed for controlling application scheme program.
Memory 503 can be read-only memory (Read-Only Memory, ROM) or can store static information and instruction
Other kinds of static storage device, random access memory (Random Access Memory, RAM) or letter can be stored
The other kinds of dynamic memory of breath and instruction, is also possible to Electrically Erasable Programmable Read-Only Memory (Electrically
Erasable Programmable Read-only Memory, EEPROM), CD-ROM (Compact Disc Read-
Only Memory, CD-ROM) or other optical disc storages, optical disc storage (including compression optical disc, laser disc, optical disc, digital universal
Optical disc, Blu-ray Disc etc.), magnetic disk storage medium or other magnetic storage apparatus or can be used in carrying or store to have referring to
Enable or data structure form desired program code and can by any other medium of computer access, but not limited to this.
Memory, which can be, to be individually present, and is connected by bus with processor.Memory can also be integrated with processor.
Wherein, memory 503 is used to store the application code for executing application scheme, and is controlled by processor 502
System executes.Communication interface 501 is used to carry out information exchange, such as the information exchange with remote controler with other equipment.Processor 502
For executing the application code stored in memory 503, to realize method described in the embodiment of the present application.
In addition, a kind of calculating storage media (or medium) is also provided, including carrying out in above-described embodiment when executed
The instruction for the method operation that SDN controller executes.In addition, also providing a kind of computer program product, including above-mentioned calculating storage
Media (or medium).
It should be understood that in various embodiments of the present invention, magnitude of the sequence numbers of the above procedures are not meant to execute suitable
Sequence it is successive, the execution of each process sequence should be determined by its function and internal logic, the implementation without coping with the embodiment of the present invention
Process constitutes any restriction.
Those of ordinary skill in the art may be aware that list described in conjunction with the examples disclosed in the embodiments of the present disclosure
Member and algorithm steps can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually
It is implemented in hardware or software, the specific application and design constraint depending on technical solution.Professional technician
Each specific application can be used different methods to achieve the described function, but this realization is it is not considered that exceed
The scope of the present invention.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments provided herein, it should be understood that disclosed system, apparatus and method, it can be with
It realizes by another way.For example, apparatus embodiments described above are merely indicative, for example, the unit
It divides, only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components
It can be combined or can be integrated into another system, or some features can be ignored or not executed.Another point, it is shown or
The mutual coupling, direct-coupling or communication connection discussed can be through some interfaces, the indirect coupling of equipment or unit
It closes or communicates to connect, can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product
It is stored in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially in other words
The part of the part that contributes to existing technology or the technical solution can be embodied in the form of software products, the meter
Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be a
People's computer, server or network equipment etc.) it performs all or part of the steps of the method described in the various embodiments of the present invention.
And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (full name in English: read-only memory, English letter
Claim: ROM), random access memory (full name in English: random access memory, English abbreviation: RAM), magnetic disk or light
The various media that can store program code such as disk.
It is corresponded to it is to be appreciated that any SDN controller of above-mentioned offer is used to execute embodiment one presented above
Method, therefore, attainable beneficial effect can refer to the method and following detailed description of foregoing embodiments one
In corresponding scheme beneficial effect, details are not described herein again.
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any
Those familiar with the art in the technical scope disclosed by the present invention, can easily think of the change or the replacement, and should all contain
Lid is within protection scope of the present invention.Therefore, protection scope of the present invention should be based on the protection scope of the described claims.
Claims (12)
1. a kind of data transmission method characterized by comprising
SDN controller obtains the historical data that the forwarding device of connection has been established;Wherein, the historical data includes the forwarding
Equipment sends message to the forwarding device with the SDN controller to first number that the SDN controller sends request
Second number or the historical data include the company that the forwarding device last time establishes connection with the SDN controller
Connect the time;
The SDN controller determines when meeting preset condition according to the historical data, generate warning information and disconnect with it is described
The connection of forwarding device, and the connection with the forwarding device is re-established according to mark ID;Wherein, the SDN control every time
Device establishes that the mark ID of connection is different, and the warning information is used to indicate the forwarding device, and there are DOS from the forwarding device
Attack.
2. data transmission method according to claim 1, which is characterized in that the historical data includes first number
With second number;
The SDN controller determines when meeting preset condition according to the historical data, generate warning information and disconnect with it is described
The connection of forwarding device, and the connection with the forwarding device is re-established according to mark ID, comprising:
The SDN controller determines first number in designated time period according to first number and second number
When being greater than or equal to first threshold with the sum of second number, generates warning information and disconnect the company with the forwarding device
It connects, and the connection with the forwarding device is re-established according to mark ID.
3. data transmission method according to claim 1, which is characterized in that when the historical data includes the connection
Between;
The SDN controller determines when meeting preset condition according to the historical data, generate warning information and disconnect with it is described
The connection of forwarding device, and the connection with the forwarding device is re-established according to mark ID, comprising:
The SDN controller determines that current time and the difference of the Connection Time are greater than or equal to according to the Connection Time
When time threshold, generate warning information and disconnect with the connection of the forwarding device, and according to mark ID re-establish with it is described
The connection of forwarding device.
4. data transmission method according to claim 1, which is characterized in that the historical data further includes reaching described turn
The first flow for sending out equipment, the second flow flowed out from the forwarding device and the third flow for flowing through the forwarding device;
The method also includes:
The SDN controller determines when being unsatisfactory for preset condition according to the historical data, determines that the first flow is greater than the
Perhaps the second flow is greater than second flow threshold value to one flow threshold or the third flow is greater than third flow threshold
When, it generates warning information and disconnects the connection with the forwarding device, and re-established and the forwarding device according to mark ID
Connection.
5. data transmission method according to claim 1, which is characterized in that the method also includes:
The SDN controller determines when being unsatisfactory for preset condition according to the historical data, determines first number greater than the
When two threshold values or second number are greater than third threshold value, generate warning information and disconnects the connection with the forwarding device,
And the connection with the forwarding device is re-established according to mark ID.
6. a kind of SDN controller characterized by comprising
Acquiring unit, for obtaining the historical data that the forwarding device of connection has been established;Wherein, the historical data includes described
Forwarding device disappears with the SDN controller to forwarding device transmission to first number that the SDN controller sends request
Second number or the historical data of breath include that the forwarding device establishes connection with the SDN controller for the last time
Connection Time;
Processing unit, the historical data for being obtained according to the acquiring unit determine that generation is accused when meeting preset condition
The connection of alert information and disconnection and the forwarding device, and the connection with the forwarding device is re-established according to mark ID;Its
In, each SDN controller establishes that the mark ID of connection is different, and the warning information is used to indicate institute from the forwarding device
Stating forwarding device, there are dos attacks.
7. SDN controller according to claim 6, which is characterized in that the historical data include first number and
Second number;
The processing unit is obtained specifically for first number obtained according to the acquiring unit and the acquiring unit
Second number, determine in designated time period that the sum of first number and second number are greater than or equal to the first threshold
When value, generates warning information and disconnect the connection with the forwarding device, and re-established according to mark ID and set with the forwarding
Standby connection.
8. SDN controller according to claim 6, which is characterized in that the historical data includes the Connection Time;
The processing unit determines current time and institute specifically for the Connection Time obtained according to the acquiring unit
When stating the difference of Connection Time more than or equal to time threshold, generates warning information and disconnects the connection with the forwarding device,
And the connection with the forwarding device is re-established according to mark ID.
9. SDN controller according to claim 6, which is characterized in that the historical data further includes reaching the forwarding
The first flow of equipment, the second flow flowed out from the forwarding device and the third flow for flowing through the forwarding device;
The processing unit, is also used to the historical data obtained according to the acquiring unit, and determination is unsatisfactory for preset condition
When, determine what the first flow of the acquiring unit acquisition was obtained greater than first flow threshold value or the acquiring unit
The second flow is greater than the third flow that second flow threshold value or the acquiring unit obtain and is greater than third flow threshold
When value, generates warning information and disconnect the connection with the forwarding device, and re-established according to mark ID and set with the forwarding
Standby connection.
10. SDN controller according to claim 6, which is characterized in that the processing unit is also used to obtain according to
The historical data for taking unit to obtain when determination is unsatisfactory for preset condition, determines the acquiring unit obtains described first
When number is greater than second number of second threshold or acquiring unit acquisition greater than third threshold value, alarm letter is generated
The connection with the forwarding device is ceased and disconnected, and the connection with the forwarding device is re-established according to mark ID.
11. a kind of computer storage medium, which is characterized in that including instruction, when run on a computer, so that computer
Execute the data transmission method as described in the claims any one of 1-5.
12. a kind of SDN controller characterized by comprising communication interface, processor, memory, bus;Memory is for depositing
Computer executed instructions are stored up, processor is connect with memory by bus, and when the operation of SDN controller, processor executes storage
The computer executed instructions of device storage, so that SDN controller is executed such as the described in any item data transmission of the claims 1-5
Method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910390899.5A CN110247893B (en) | 2019-05-10 | 2019-05-10 | Data transmission method and SDN controller |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910390899.5A CN110247893B (en) | 2019-05-10 | 2019-05-10 | Data transmission method and SDN controller |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110247893A true CN110247893A (en) | 2019-09-17 |
CN110247893B CN110247893B (en) | 2021-07-13 |
Family
ID=67884248
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910390899.5A Active CN110247893B (en) | 2019-05-10 | 2019-05-10 | Data transmission method and SDN controller |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110247893B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110943979A (en) * | 2019-11-19 | 2020-03-31 | 普联技术有限公司 | SDN network attack detection method, device, equipment and system |
CN111343206A (en) * | 2020-05-19 | 2020-06-26 | 上海飞旗网络技术股份有限公司 | Active defense method and device for data flow attack |
CN113938312A (en) * | 2021-11-12 | 2022-01-14 | 北京天融信网络安全技术有限公司 | Detection method and device for brute force cracking flow |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103561011A (en) * | 2013-10-28 | 2014-02-05 | 中国科学院信息工程研究所 | Method and system for preventing blind DDoS attacks on SDN controllers |
CN104158800A (en) * | 2014-07-21 | 2014-11-19 | 南京邮电大学 | Detection method of DDoS (Distributed Denial of Service) attack for software defined network (SDN) |
CN105282169A (en) * | 2015-11-04 | 2016-01-27 | 中国电子科技集团公司第四十一研究所 | DDoS attack warning method and system based on SDN controller threshold |
CN106034105A (en) * | 2015-03-09 | 2016-10-19 | 国家计算机网络与信息安全管理中心 | OpenFlow switch and method for processing DDoS attack |
CN106534133A (en) * | 2016-11-17 | 2017-03-22 | 浙江工商大学 | Deep learning based DDOS defensive device and method in SDN |
CN106561016A (en) * | 2015-11-19 | 2017-04-12 | 国网智能电网研究院 | DDoS attack detection device and method for SDN controller based on entropy |
CN107438074A (en) * | 2017-08-08 | 2017-12-05 | 北京神州绿盟信息安全科技股份有限公司 | The means of defence and device of a kind of ddos attack |
CN107509128A (en) * | 2017-08-16 | 2017-12-22 | 中国联合网络通信集团有限公司 | A kind of method and system of core network access |
WO2018076949A1 (en) * | 2016-10-31 | 2018-05-03 | 腾讯科技(深圳)有限公司 | Traffic attack protection method and system, controller, router, and storage medium |
CN108282497A (en) * | 2018-04-28 | 2018-07-13 | 电子科技大学 | For the ddos attack detection method of SDN control planes |
US20190097931A1 (en) * | 2017-09-28 | 2019-03-28 | Argela Yazilim ve Bilisim Teknolojileri San. ve Tic. A.S. | System and method for control traffic reduction between sdn controller and switch |
-
2019
- 2019-05-10 CN CN201910390899.5A patent/CN110247893B/en active Active
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103561011A (en) * | 2013-10-28 | 2014-02-05 | 中国科学院信息工程研究所 | Method and system for preventing blind DDoS attacks on SDN controllers |
CN104158800A (en) * | 2014-07-21 | 2014-11-19 | 南京邮电大学 | Detection method of DDoS (Distributed Denial of Service) attack for software defined network (SDN) |
CN106034105A (en) * | 2015-03-09 | 2016-10-19 | 国家计算机网络与信息安全管理中心 | OpenFlow switch and method for processing DDoS attack |
CN105282169A (en) * | 2015-11-04 | 2016-01-27 | 中国电子科技集团公司第四十一研究所 | DDoS attack warning method and system based on SDN controller threshold |
CN106561016A (en) * | 2015-11-19 | 2017-04-12 | 国网智能电网研究院 | DDoS attack detection device and method for SDN controller based on entropy |
WO2018076949A1 (en) * | 2016-10-31 | 2018-05-03 | 腾讯科技(深圳)有限公司 | Traffic attack protection method and system, controller, router, and storage medium |
CN106534133A (en) * | 2016-11-17 | 2017-03-22 | 浙江工商大学 | Deep learning based DDOS defensive device and method in SDN |
CN107438074A (en) * | 2017-08-08 | 2017-12-05 | 北京神州绿盟信息安全科技股份有限公司 | The means of defence and device of a kind of ddos attack |
CN107509128A (en) * | 2017-08-16 | 2017-12-22 | 中国联合网络通信集团有限公司 | A kind of method and system of core network access |
US20190097931A1 (en) * | 2017-09-28 | 2019-03-28 | Argela Yazilim ve Bilisim Teknolojileri San. ve Tic. A.S. | System and method for control traffic reduction between sdn controller and switch |
CN108282497A (en) * | 2018-04-28 | 2018-07-13 | 电子科技大学 | For the ddos attack detection method of SDN control planes |
Non-Patent Citations (3)
Title |
---|
NHU-NGOC DAO, JOONGHEON KIM, MINHO PARK , SUNGRAE CHO: "Adaptive Suspicious Prevention for Defending DoS Attacks", 《PLOS ONE》 * |
孙凤木: "面向SDN网络的DDoS攻击检测与缓解技术研究", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
毛明 陈庶樵,崔世建: "SDN控制器部署中的可靠性优化研究", 《电子技术应用》 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110943979A (en) * | 2019-11-19 | 2020-03-31 | 普联技术有限公司 | SDN network attack detection method, device, equipment and system |
CN111343206A (en) * | 2020-05-19 | 2020-06-26 | 上海飞旗网络技术股份有限公司 | Active defense method and device for data flow attack |
CN111343206B (en) * | 2020-05-19 | 2020-08-21 | 上海飞旗网络技术股份有限公司 | Active defense method and device for data flow attack |
CN113938312A (en) * | 2021-11-12 | 2022-01-14 | 北京天融信网络安全技术有限公司 | Detection method and device for brute force cracking flow |
CN113938312B (en) * | 2021-11-12 | 2024-01-26 | 北京天融信网络安全技术有限公司 | Method and device for detecting violent cracking flow |
Also Published As
Publication number | Publication date |
---|---|
CN110247893B (en) | 2021-07-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR101977731B1 (en) | Apparatus and method for detecting anomaly in a controller system | |
EP2933954B1 (en) | Network anomaly notification method and apparatus | |
CN110247893A (en) | A kind of data transmission method and SDN controller | |
EP3343838B1 (en) | Utilizing management network for secured configuration and platform management | |
US11252196B2 (en) | Method for managing data traffic within a network | |
WO2015077377A1 (en) | Methods, systems, and computer readable media for a network function virtualization information concentrator | |
JP2017507572A (en) | Method, system, and computer-readable medium for cloud-based virtual orchestrator | |
JP2007006054A (en) | Packet repeater and packet repeating system | |
CN109787827B (en) | CDN network monitoring method and device | |
CN108028828B (en) | Distributed denial of service (DDoS) attack detection method and related equipment | |
JP2017152852A (en) | Communication system, communication apparatus, and communication control method for communication system | |
CN105959282A (en) | Protection method and device for DHCP attack | |
JP2016111664A (en) | Computer packaging system, and secure path selection method utilizing network evaluation | |
CN102130792A (en) | Communication amount monitoring system | |
US8370897B1 (en) | Configurable redundant security device failover | |
JP6927155B2 (en) | Anomaly detection device, anomaly detection method and anomaly detection program | |
CN108737344A (en) | A kind of network attack protection method and device | |
CN111935085A (en) | Method and system for detecting and protecting abnormal network behaviors of industrial control network | |
EP3133790A1 (en) | Message sending method and apparatus | |
CN112688970B (en) | Large-traffic DDoS attack detection method and system based on programmable chip | |
KR100478910B1 (en) | IP collision detection/ Interseption method thereof | |
Lussi et al. | A lightweight fog-based internal intrusion detection system for smart environments | |
CN114448653A (en) | Policy execution method, related device and storage medium | |
US20160308787A1 (en) | Method for processing event between controller and network device | |
JP6851211B2 (en) | Network monitoring system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |