CN110247893A - A kind of data transmission method and SDN controller - Google Patents

A kind of data transmission method and SDN controller Download PDF

Info

Publication number
CN110247893A
CN110247893A CN201910390899.5A CN201910390899A CN110247893A CN 110247893 A CN110247893 A CN 110247893A CN 201910390899 A CN201910390899 A CN 201910390899A CN 110247893 A CN110247893 A CN 110247893A
Authority
CN
China
Prior art keywords
forwarding device
connection
sdn controller
flow
historical data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910390899.5A
Other languages
Chinese (zh)
Other versions
CN110247893B (en
Inventor
张帅
张雪贝
杨建军
唐雄燕
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN201910390899.5A priority Critical patent/CN110247893B/en
Publication of CN110247893A publication Critical patent/CN110247893A/en
Application granted granted Critical
Publication of CN110247893B publication Critical patent/CN110247893B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment provides a kind of data transmission methods and SDN controller, it is related to field of communication technology, it solves and exists in the prior art since attacker gets the mark ID of some forwarding device, the relevant informations such as source IP address, purpose IP address, to carry out DoS attack to SDN controller level, the network paralysis for leading to large area, the problem of influencing the experience of user.This method includes that SDN controller obtains the historical data that the forwarding device of connection has been established;Wherein, to include forwarding device send first number of request to SDN controller to historical data and SDN controller sends second number of message to forwarding device or historical data includes Connection Time that forwarding device establishes connection with SDN controller for the last time;SDN controller is determined when meeting preset condition, generates warning information and disconnect the connection with forwarding device, and re-establish the connection with forwarding device according to mark ID according to historical data.

Description

A kind of data transmission method and SDN controller
Technical field
The present invention relates to field of communication technology more particularly to a kind of data transmission methods and SDN controller.
Background technique
Refusal service (denial of service, DoS) is a kind of simple but effectively offensive pattern, main needle The validity of network service is destroyed, prevent aggrieved computer or network be from receiving and processing extraneous request in time, or Extraneous request can not be timely responded to, so that the network service of legitimate user is not normally functioning, causes the experience of user bad.
In the prior art, for software defined network (software defined network, SDN) controller and forwarding When equipment connects, it is necessary first to carry out authentication, SDN controller will record in mark ID deposit flow table, each forwarding device A corresponding independent mark ID;Wherein, mark ID is disposable generates and identical with forwarding device life cycle.If attacker The mark ID of some forwarding device is got, the relevant informations such as source IP address, purpose IP address, attacker, which can forge, at this time is somebody's turn to do The solicited message of forwarding device carries out DoS attack to SDN controller level, so that the network equipment of SDN controller level is unequal to Load and paralysing or stopping providing normal network service influences the experience of user so as to cause the network paralysis of large area.
It can be seen from the above, exist in the prior art since attacker gets the mark ID of some forwarding device, source IP The relevant informations such as location, purpose IP address lead to the network paralysis of large area to carry out DoS attack to SDN controller level, The problem of influencing the experience of user.
Summary of the invention
The embodiment of the present invention provides a kind of data transmission method and SDN controller, solve exist in the prior art by The mark ID of some forwarding device, the relevant informations such as source IP address, purpose IP address are got in attacker, to control to SDN Device level processed carries out DoS attack, the problem of leading to the network paralysis of large area, influence the experience of user.
In order to achieve the above objectives, the embodiment of the present invention adopts the following technical scheme that
In a first aspect, the embodiment of the present invention provides a kind of data transmission method, comprising: the acquisition of SDN controller has been established The historical data of the forwarding device of connection;Wherein, historical data includes the first time that forwarding device sends request to SDN controller It is several with SDN controller send second number of message to forwarding device or historical data include forwarding device last time with SDN controller establishes the Connection Time of connection;SDN controller determines that generation alerts when meeting preset condition according to historical data The connection of information and disconnection and forwarding device, and the connection with forwarding device is re-established according to mark ID;Wherein, each SDN Controller establishes that the mark ID of connection is different, and warning information is used to indicate forwarding device, and there are dos attacks from forwarding device.
By above scheme it is found that the historical data of the forwarding device of connection has been established by obtaining for the embodiment of the present invention, So as to according to historical data, differentiate the forwarding device with the presence or absence of DoS attack, when according to historical data, determining satisfaction is pre- If when condition, generating warning information and disconnecting the connection with forwarding device, so as to prevent the attack to SDN controller;Together When, after disconnecting the connection with forwarding device in order to prevent, other users are initiated to request by the forwarding device to SDN controller, To re-establish the connection with forwarding device according to mark ID after disconnecting the connection with forwarding device;At this point, passing through setting It is different that each SDN controller and forwarding device establish the mark ID of connection, so as to prevent attacker from utilizing the forwarding again The mark ID of equipment, the relevant informations such as source IP address, purpose IP address forge solicited message and carry out DoS to SDN controller level Attack, ensure that the normal operation of SDN controller;It solves to exist in the prior art and be set since attacker gets some forwarding Standby mark ID, the relevant informations such as source IP address, purpose IP address cause to carry out DoS attack to SDN controller level The network paralysis of large area, the problem of influencing the experience of user.
Second aspect, the embodiment of the present invention provide a kind of SDN controller, comprising: acquiring unit has been established for obtaining The historical data of the forwarding device of connection;Wherein, historical data includes the first time that forwarding device sends request to SDN controller It is several with SDN controller send second number of message to forwarding device or historical data include forwarding device last time with SDN controller establishes the Connection Time of connection;Processing unit, the historical data for being obtained according to acquiring unit determine and meet When preset condition, generate warning information and disconnect with the connection of forwarding device, and re-established according to mark ID and forwarding device Connection;Wherein, each SDN controller establishes that the mark ID of connection is different, and warning information is used to indicate forwarding from forwarding device There are dos attacks for equipment.
The third aspect, the embodiment of the present invention provide a kind of SDN controller, comprising: communication interface, processor, memory, Bus;For storing computer executed instructions, processor is connect with memory by bus memory, when SDN controller is run When, processor executes the computer executed instructions of memory storage, so that SDN controller is executed as above-mentioned first aspect provides Method.
Fourth aspect, the embodiment of the present invention provide a kind of computer storage medium, including instruction, when its on computers When operation, so that computer executes the method provided such as above-mentioned first aspect.
It is corresponded to it is to be appreciated that any SDN controller of above-mentioned offer is used to execute first aspect presented above Method, therefore, attainable beneficial effect can refer to the method and following detailed description of first aspect above In corresponding scheme beneficial effect, details are not described herein again.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with It obtains other drawings based on these drawings.
Fig. 1 is the schematic diagram of DoS attack mode in the prior art;
Fig. 2 is in the prior art for the schematic diagram of the DoS attack mode of management plane;
Fig. 3 is schematic diagram of the management plane to the DoS attack mode of Forwarding plane equipment in the prior art;
Fig. 4 is the schematic diagram of the DoS attack mode of Forwarding plane equipment room in the prior art;
Fig. 5 is the network architecture diagram for the SDN that the embodiment of the present invention provides;
Fig. 6 is one of the flow diagram of data transmission method that the embodiment of the present invention provides;
Fig. 7 is the two of the flow diagram for the data transmission method that the embodiment of the present invention provides;
Fig. 8 is the structural schematic diagram of the mark ID for the data transmission method that the embodiment of the present invention provides;
Fig. 9 is the three of the flow diagram for the data transmission method that the embodiment of the present invention provides;
Figure 10 is the four of the flow diagram for the data transmission method that the embodiment of the present invention provides;
Figure 11 is the five of the flow diagram for the data transmission method that the embodiment of the present invention provides;
Figure 12 is the six of the flow diagram for the data transmission method that the embodiment of the present invention provides;
Figure 13 is that the three-dimensional vector for the data transmission method that the embodiment of the present invention provides analyzes schematic diagram;
Figure 14 is the schematic diagram of 3 forwarding devices being connected;
Figure 15 is the seven of the flow diagram for the data transmission method that the embodiment of the present invention provides;
Figure 16 is the eight of the flow diagram for the data transmission method that the embodiment of the present invention provides;
Figure 17 is that the bivector for the data transmission method that the embodiment of the present invention provides analyzes schematic diagram;
Figure 18 is one of the structural schematic diagram for the SDN controller that the embodiment of the present invention provides;
Figure 19 is the second structural representation for the SDN controller that the embodiment of the present invention provides.
Appended drawing reference:
SDN controller -10;
Acquiring unit -101;Processing unit -102.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.
For the ease of clearly describing the technical solution of the embodiment of the present invention, in an embodiment of the present invention, use " the One ", the printed words such as " second " distinguish function and the essentially identical identical entry of effect or similar item, and those skilled in the art can To understand that the printed words such as " first ", " second " are not to be defined to quantity and execution order.
In embodiments of the present invention, " illustrative " or " such as " etc. words for indicate make example, illustration or explanation.This Be described as in inventive embodiments " illustrative " or " such as " any embodiment or design scheme be not necessarily to be construed as comparing Other embodiments or design scheme more preferably or more advantage.Specifically, use " illustrative " or " such as " etc. words purport Related notion is being presented in specific ways.
In the description of the embodiment of the present invention, unless otherwise indicated, the meaning of " plurality " is refer to two or more.Example Such as, multiple networks refer to two or more networks.
The terms "and/or", only a kind of incidence relation for describing affiliated partner, indicates that there may be three kinds of passes System, for example, A and/or B, can indicate: individualism A exists simultaneously A and B, these three situations of individualism B.Symbol herein Number "/" indicates that affiliated partner is that relationship such as A/B perhaps indicates A or B.
SDN is a kind of new network of Emulex network innovation framework, by separating network equipment control plane with data surface, thus real The flexible control for having showed network flow allows network to become a kind of resource that can flexibly deploy, while attacker is to using SDN framework Network DoS attack it is also more and more.Wherein, most basic DoS attack is exactly to be full of network server in a short time A large amount of information for requiring to reply, rapid consumption network bandwidth and system resource, cause network or system to be sinkd beneath one's burden and paralyse or Stop providing normal network service;As shown in Figure 1, attacker attacks victim host using one-to-one form;This When, if the performance indicators such as the processor performance of victim host, memory size, network bandwidth are not high, it will cause at this time aggrieved Host sinks beneath one's burden and paralyses or stop providing normal network service.
Fig. 2 gives the schematic diagram that attacker carries out DoS attack to the management plane of the network using SDN framework;Wherein, For attacker by forging the data flow that is largely not present and being sent to forwarding device 2, forwarding device 2 can not be in oneself stream after receiving The forward rule of these data flows is inquired in table, therefore can send a large amount of inquiry requests to SDN controller, at this time SDN controller Resource be used to respond the request of forwarding device 2, if other users are by forwarding device 1 to the SDN controller application stream simultaneously The inquiry of table information is then unable to get normal response, is just had occurred at this time for the network-based control device management using SDN framework Plane carries out DoS attack.
Fig. 3 gives signal of the attacker to the management plane of the network using SDN framework to the DoS attack of Forwarding plane Figure;Wherein, if attacker forges a large amount of useless inquiry requests, but source address extends this as the address of forwarding device 1, then SDN After controller receives inquiry request, a large amount of flow tables are issued to forwarding device 1 according to source address information, since SDN controller issues Flow table, forwarding device needs are handled it, if it exceeds the processing capacity of forwarding device 1 itself, then forwarding device 1 can not at this time The access request for responding other users, just has occurred management plane to the DoS attack of Forwarding plane equipment at this time.
Fig. 4 gives attacker to the schematic diagram of the DoS attack the Forwarding plane using the network of SDN framework;Wherein, If attacker forges a large amount of identical information and is transmitted directly to forwarding device 2, forwarding device 2 turns flow according to flow table information Forwarding device 1 is issued, if having exceeded the processing capacity of forwarding device 1 itself, user issues request letter to forwarding device 1 at this time Breath or SDN controller are to when photos and sending messages, forwarding device 1 can not be responded thereto, and just be turned at this time under forwarding device 1 Send out the DoS attack between planar device.
In view of the above-mentioned problems, the data transmission method that the embodiment of the present invention provides, provides use as shown in Figure 5 The network architecture diagram of SDN framework, including application plane, management plane and Forwarding plane;Wherein, the SDN control in management plane Device is except having the functions such as Topology Management, resource management, performance management, service management, we are added to security module again, wherein pacifying Full module includes authentication function, flow analysis function, alarming processing function, to can effectively be detected by security module Attacker carries out DoS attack, attacker to the network using SDN framework to the management plane of the network using SDN framework out Management plane attacks the DoS attack of Forwarding plane and attacker between the DoS the Forwarding plane using the network of SDN framework It hits, carries out alarming processing, guarantee that the normal operation of the network using SDN framework, concrete implementation mode are as follows:
Embodiment one
The embodiment of the present invention provides a kind of data transmission method, includes: as shown in Figure 6 and Figure 7
S101, SDN controller obtain the historical data that the forwarding device of connection has been established;Wherein, historical data includes turning It sends out equipment and sends second number of first number of request with SDN controller to forwarding device transmission message to SDN controller, or Person's historical data includes the Connection Time that forwarding device last time establishes connection with SDN controller.
S102, SDN controller determine that generation warning information simultaneously disconnects and turns when meeting preset condition according to historical data The connection of equipment is sent out, and re-establishes the connection with forwarding device according to identity identification number (identity, ID);Its In, establish that the mark ID of connection is different, and warning information is used to indicate forwarding device, and there are dos attacks from forwarding device every time.
It should be noted that in actual application, the authentication function in security module include: SDN controller and When forwarding device establishes connection, it is necessary first to carry out authentication, SDN controller can according to the id information of forwarding device itself, Mark ID is generated in conjunction with the storage rule of SDN controller, SDN controller will record in mark ID deposit flow table, and by the mark ID is sent to corresponding forwarding device, to send SDN controller when forwarding device and SDN controller carry out authentication Mark ID be sent to SDN controller, to mark ID that SDN controller is sent according to the forwarding device and be stored in the flow table The mark ID of the correspondence forwarding device compare, when two mark ID are consistent, the mirror of the forwarding device and SDN controller Power authenticates successfully, so that SDN controller establishes the connection with the forwarding device;Wherein, the corresponding independence of each forwarding device Mark ID, while can generate some data cookie being stored on user local terminal for flow table use.
Illustratively, using forwarding device as interchanger, SDN controller establishes the mark ID of connection not with forwarding device every time Together, comprising:
For an interchanger, itself has an id information, usually uses media access control address (Media Access Control Address, MAC) it is identified;Illustratively, MAC Address can occupy 6 bytes, using 16 System compiles the MAC Address.
When SDN controller receives the id information of interchanger, id information (MAC of the SDN controller in the interchanger Location) on 3 bytes of addition ((wherein, for indicating the last Connection Time, 1 byte identifies 2 bytes for indicating interaction times The structure of ID is as shown in Figure 8) so that the mark ID generated every time is different;Illustratively, newly added 3 bytes use Hexadecimal is compiled.
But in traditional SDN definition, when SDN controller and forwarding device establish connection, mark ID is disposable life At and with forwarding device life cycle it is identical.If attacker gets the ID of some forwarding device, Internet protocol (internet Protocol, IP) relevant informations such as address, attacker can forge the forwarding device to controller level or Forwarding plane Other network equipments are attacked.So first step is exactly to increase authentication in security module, if information transmitting every time When all carry out authentication, this method is comparatively safe, but in this case SDN controller can be allowed to increase additional calculating generation Valence and storage resource in order to ensure the certification validity of forwarding device to a certain extent, and do not allow SDN controller to be paid More calculating costs, we store the connection of SDN controller and each equipment by authentication module, and according to information The number of transmitting and the length (such as S1020 and S1021) for establishing connection judge that forwarding device with the presence or absence of DoS attack, works as forwarding There are when Dos attack, the alarming processing function in security module just will start equipment, after generating warning information, with the forwarding Equipment re-connects, since each SDN controller is established from forwarding device, the mark ID of connection is different, and attacker exists SDN controller and forwarding device are established after connection due to the mark ID new without the forwarding device, to can not control again to SDN Device processed initiates DoS attack, improves the experience that SDN controller secure has ensured user.
Optionally, historical data includes first several and second number;SDN controller determines and meets according to historical data When preset condition, generate warning information and disconnect with the connection of forwarding device, and re-established according to mark ID and forwarding device Connection, include: as shown in figures 7 and 9
S1020, SDN controller determine first number and second in designated time period according to first several and second number When the sum of number is greater than or equal to first threshold, generates warning information and disconnect the connection with forwarding device, and according to mark ID Re-establish the connection with forwarding device.
Optionally, historical data includes the Connection Time;SDN controller is according to historical data, when determination meets preset condition, It generates warning information and disconnects the connection with forwarding device, and the connection with forwarding device, such as Fig. 7 are re-established according to mark ID Include: with shown in Figure 10
S1021, SDN controller are according to the Connection Time, when determining that the difference of current time and Connection Time are greater than or equal to Between threshold value when, generate warning information and disconnect with the connection of forwarding device, and re-established and forwarding device according to mark ID Connection.
It should be noted that in actual application, when SDN controller and forwarding device establish connection, SDN controller meeting Corresponding flow table is generated, as shown in table 1.
Table 1
current_time switch_ID connection_time interval count
Wherein, current_time indicates current time, and switch_ID indicates the mark ID number of forwarding device, Connection_time indicates the last Connection Time, and interval indicates defined interval time (unit hour), Count indicates that (each SDN controller issues data or the forwarding device to SDN controller to the forwarding device to interaction times Request data, interaction times all+1).
When current_time and connection_time difference >=interval (time threshold can also be become) or When count value reaches defined numerical value (such as first threshold), SDN controller needs to carry out authentication with the forwarding device again, Connection_time becomes current time after being authenticated, and count number is since 0.
Wherein, according to historical data, setting one re-authenticates the interval time of certification, avoids frequently re-establishing connection Authentication consumes resource;According to historical data, the information interaction of SDN controller and forwarding device whithin a period of time is counted Secondary interaction times may thereby determine that the first threshold in time rating, if being more than the of setting within time rating One threshold value, then it is assumed that be to have abnormal flow data consumption of network resources within time rating, to disconnect SDN controller at this time and turn The connection between equipment is sent out, authentication is re-started.
By above scheme it is found that the data transmission method that the embodiment of the present invention provides compared with prior art can be effective The DoS attack (the DoS attack type of Fig. 2) for preventing forwarding plane from carrying out to management plane, between SDN controller and forwarding device It is unalterable for establishing connection not, but will not re-establish connection frequently to consume the computing resource of controller, according to Time threshold and first threshold can effectively protect management plane and Forwarding plane, and control forwarding device and SDN are controlled The connection authentication relationship of device processed.
Optionally, the second flow that historical data further includes the first flow of arrival forwarding device, flows out from forwarding device And flow through the third flow of forwarding device, this method as shown in Fig. 7, Figure 11 and Figure 12 further include:
S103, SDN controller are according to historical data, when determination is unsatisfactory for preset condition, determine that first flow is greater than first Flow threshold generates alarm when perhaps second flow is greater than second flow threshold value or third flow and is greater than third flow threshold The connection of information and disconnection and forwarding device, and the connection with forwarding device is re-established according to mark ID.
Wherein, S103, SDN controller determine that first flow is greater than when determination is unsatisfactory for preset condition according to historical data First flow threshold value generates when perhaps second flow is greater than second flow threshold value or third flow and is greater than third flow threshold The connection of warning information and disconnection and forwarding device, and the connection with forwarding device is re-established according to mark ID, comprising:
S1030, SDN controller determine that being unsatisfactory for interaction times in designated time period is greater than or equal to according to historical data When first threshold, determine that perhaps second flow is greater than second flow threshold value or third to first flow greater than first flow threshold value When flow is greater than third flow threshold, generates warning information and disconnect the connection with forwarding device, and built again according to mark ID The vertical connection with forwarding device.
Alternatively,
S1031, SDN controller according to historical data, determine be unsatisfactory for current time and the difference of Connection Time be greater than or When equal to time threshold, determine first flow be greater than first flow threshold value perhaps second flow be greater than second flow threshold value or When third flow is greater than third flow threshold, generates warning information and disconnect the connection with forwarding device, and according to mark ID weight The new connection established with forwarding device.
Specifically, passing through first flow, second flow, third flow, first flow threshold value, in actual application (wherein, first flow threshold value can reach the first flow of forwarding device according to history for two flow thresholds and third flow threshold It determines, second flow threshold value can determine that third flow threshold can be according to stream according to the second flow flowed out from forwarding device Third flow through forwarding device determines) it can establish three-dimensional cartesian coordinate system as shown in fig. 13 that;Wherein, PACoordinate bePANCoordinate be (PN-X, PN-Y, PN-Z), PN-XEqual to first Flow threshold, PN-YEqual to second flow threshold value, PN-ZEqual to third flow threshold, IAIndicate first flow, OAIndicate second Amount, TAIndicate third flow.
As point PAFall in PAN(first is equivalent to when except the enclosure space formed with X/Y plane, XZ plane and YZ plane Flow is greater than first flow threshold value, and perhaps second flow is greater than second flow threshold value or third flow is greater than third flow threshold Value), illustrate there are abnormal conditions at this time;And as point PAFall in PANThe closing formed with X/Y plane, XZ plane and YZ plane is empty Between within when (be equivalent to first flow less than or equal to first flow threshold value, and second flow is less than or equal to second flow Threshold value, and third flow is less than or equal to third flow threshold), illustrate that there is no abnormal conditions at this time, so as to more It is intuitive to differentiate currently with the presence or absence of the above flow.
It should be noted that the flow analysis function in security module is to establish connection with the SDN controller to each Forwarding device carry out flow analysis, pass through reach inflow flow, flow out outflow flow, flow out throughflow flow This 3 parameters are compared, and analyze the abnormal flow between forwarding device.
Illustratively, there are 3 forwarding devices (respectively forwarding device A, forwarding device B and forwarding by taking Figure 14 as an example, in figure Equipment C), the flow table information issued according to SDN controller, wherein comprising source (source, src) IP, purpose (destination, Des) IP information shows that a flow is to go to another forwarding device from a forwarding device.
This flow is outflow flow for the forwarding device of srcIP;Forwarding device for desIP is inflow Flow;According to routing iinformation, the forwarding device of approach is all denoted as its troughflow flow.Such as SDN controller issues one Flow srcIP is the IP of forwarding device A, and desIP is the IP of forwarding device C, then is outflow for this flow of forwarding device A Flow is inflow flow for this flow of forwarding device C, is throughflow flow for this flow of forwarding device B.
Wherein, each forwarding device has the function of traffic statistics, certain time, and SDN controller is obtained from each equipment Data on flows is taken, and is recorded in the traffic conditions in designated time period, these data are compared with previous data on flows, To analyse whether that there are abnormal conditions.
By taking forwarding device A as an example, the flow that forwarding device A can be counted into forwarding device A is flowed out with from forwarding device A Flow, according to flow table information, it is understood that from the flow of forwarding device A, i.e. outflow flow reaches forwarding device A Flow, i.e. inflow flow;According to the flow of the slave forwarding device A outflow of equipment itself statistics, our available processes The flow of forwarding device A, i.e. troughflow flow.
Our available forwarding device A at the appointed time traffic conditions in section, so as to determine point PACoordinateBy determining point PAAnd PANWith X/Y plane, XZ plane and YZ The positional relationship for the enclosure space that plane is formed, so as to identify the DoS attack such as Fig. 3 or Fig. 4.
Specifically, determining point P for the sake of convenience of calculationACoordinate when, can directly use first flow, second flow Point P is indicated with third flowACoordinate, i.e. point PACoordinate be (IA, OA, TA)。
Optionally, this method as shown in Fig. 7, Figure 15 and Figure 16 further include:
S104, SDN controller are according to historical data, when determination is unsatisfactory for preset condition, determine that first number is greater than second When threshold value or second number are greater than third threshold value, generate warning information and disconnect the connection with forwarding device, and according to mark ID re-establishes the connection with forwarding device.
Wherein, S104, SDN controller determine that first number is greater than when determination is unsatisfactory for preset condition according to historical data When second threshold or second number are greater than third threshold value, generate warning information and disconnect the connection with forwarding device, and according to Mark ID re-establishes the connection with forwarding device, comprising:
S1040, SDN controller determine that being unsatisfactory for interaction times in designated time period is greater than or equal to according to historical data When first threshold, when determining that first number is greater than second threshold or second number greater than third threshold value, warning information is generated simultaneously The connection with forwarding device is disconnected, and the connection with forwarding device is re-established according to mark ID.
Alternatively,
S1041, SDN controller according to historical data, determine be unsatisfactory for current time and the difference of Connection Time be greater than or When equal to time threshold, when determining that first number is greater than second threshold or second number greater than third threshold value, alarm letter is generated The connection with forwarding device is ceased and disconnected, and the connection with forwarding device is re-established according to mark ID.
Specifically, can be built in actual application by first number, second number, second threshold and third threshold value Rectangular coordinate system shown in Liru Figure 17;Wherein, point PSACoordinate bePSNCoordinate be (PNA-X, PNA-Y), PSN-XEqual to first threshold, PSN-YEqual to second threshold, ISAIndicate first number, OSAIndicate second number.
As point PSAFall in PSNWhen except the enclosure space formed with X-axis and Y-axis (first number is equivalent to greater than the second threshold Value or second number are greater than third threshold value), illustrate there are abnormal conditions at this time;As point PSAFall in PSNIt is formed with X-axis and Y-axis Enclosure space within when (be equivalent to first number less than or equal to second threshold, and second number is less than or equal to third Threshold value), illustrate that there is no abnormal conditions at this time, currently whether there is the above flow so as to more intuitive differentiation.
It should be noted that for SDN controller, it does not flow through flow in actual application, so to it Only analysis inflow flow and outflow flow.
When wherein, for SDN controller, Outflow flow refers to that SDN controller sends forwarding flow table i.e. to forwarding device Second number of sending down service command request, inflow flow refer to that forwarding device sends service inquiry or resource tune to controller First number of request is spent, we need to analyze the request flow of SDN controller and every forwarding device, in this way can be more preferable When an abnormal situation occurs, found the abnormal situation rapidly is occurred in which platform equipment room.
Similarly, we can determine point P according to first number and second number in designated time periodSACoordinate beBy determining point PSAAnd PSNThe positional relationship ratio of the enclosure space formed with X-axis and Y-axis, So as to identify the DoS attack of Fig. 2.
Specifically, determining point P for the sake of convenience of calculationSACoordinate when, can directly several with first time and third number Indicate point PSACoordinate, i.e. point PSACoordinate be (ISA, OSA)。
Specifically, as shown in fig. 7, forwarding device A networking, needs and SDN controller carries out authentication (SDN controller Initial marking ID is distributed for forwarding device A), so that SDN controller can be normally carried out service interaction with forwarding device A;Then SDN controller carries out traffic monitoring to forwarding device A, analyzes its flow PASituation, if current_time with Connection_time >=interval or monitor count value be more than (expression is greater than or equal to) first threshold when, need It generates warning information and re-starts the authentication of SDN controller and equipment, then recycling is reciprocal;If current_ Time and connection_time < interval or count value < first threshold, and monitor flow PA>=flow threshold Value issues alarm, and disconnects the connection of SDN controller Yu forwarding device A, and is re-established and forwarding device according to mark ID Connection;Work as PSA(illustrate that there may be DoS attacks for SDN controller at this time) when >=second threshold, SDN controller need to be disconnected and owns Forwarding device, and attack is handled, make SDN controller and forwarding device A again again after detection SDN controller is normal It is attached.
A kind of SDN network for coping with DoS attack that this patent elaborates detects and precautionary scheme, by proposing that SDN management is flat The authentication method and management plane and Forwarding plane flow analysis method of face and Forwarding plane, can efficiently identify out needle Alarming processing is made for the DoS attack of management plane or Forwarding plane, and according to attack, the primary object of this patent is to mention The authentication method and management plane of a kind of management plane and Forwarding plane and Forwarding plane flow analysis method out, to the greatest extent may be used Can guarantee under the premise of network availability rapidly and efficiently identify and handle abnormal conditions.
By above scheme it is found that the historical data of the forwarding device of connection has been established by obtaining for the embodiment of the present invention, So as to according to historical data, differentiate the forwarding device with the presence or absence of DoS attack, when according to historical data, determining satisfaction is pre- If when condition, generating warning information and disconnecting the connection with forwarding device, so as to prevent the attack to SDN controller;Together When, after disconnecting the connection with forwarding device in order to prevent, other users are initiated to request by the forwarding device to SDN controller, To re-establish the connection with forwarding device according to mark ID after disconnecting the connection with forwarding device;At this point, passing through setting It is different that each SDN controller and forwarding device establish the mark ID of connection, so as to prevent attacker from utilizing the forwarding again The mark ID of equipment, the relevant informations such as source IP address, purpose IP address forge solicited message and carry out DoS to SDN controller level Attack, ensure that the normal operation of SDN controller;It solves to exist in the prior art and be set since attacker gets some forwarding Standby mark ID, the relevant informations such as source IP address, purpose IP address cause to carry out DoS attack to SDN controller level The network paralysis of large area, the problem of influencing the experience of user.
Embodiment two
The embodiment of the present invention provides a kind of SDN controller 10, includes: as shown in figure 18
Acquiring unit 101, for obtaining the historical data that the forwarding device of connection has been established;Wherein, historical data includes Forwarding device sends second number of first number of request with SDN controller to forwarding device transmission message to SDN controller, Or historical data includes the Connection Time that forwarding device last time establishes connection with SDN controller.
Processing unit 102, the historical data for being obtained according to acquiring unit 101 when determination meets preset condition, generate The connection of warning information and disconnection and forwarding device, and the connection with forwarding device is re-established according to mark ID;Wherein, every time Establish that the mark ID of connection is different, and warning information is used to indicate forwarding device, and there are dos attacks from forwarding device.
Optionally, historical data includes first several and second number;Processing unit 102 is specifically used for single according to obtaining Second number that first number and acquiring unit 101 that member 101 obtains obtain, determines first number and second in designated time period When the sum of number is greater than or equal to first threshold, generates warning information and disconnect the connection with forwarding device, and according to mark ID Re-establish the connection with forwarding device;Wherein, establish that the mark ID of connection is different, and warning information is used for from forwarding device every time Indicate that there are dos attacks for forwarding device.
Optionally, historical data includes the Connection Time;Processing unit 102, specifically for what is obtained according to acquiring unit 101 Connection Time when determining that current time and the difference of Connection Time are greater than or equal to time threshold, generates warning information and disconnects With the connection of forwarding device, and according to mark ID re-establish the connection with forwarding device.
Optionally, the second flow that historical data further includes the first flow of arrival forwarding device, flows out from forwarding device And flow through the third flow of forwarding device;Processing unit 102 is also used to the historical data obtained according to acquiring unit 101, really When being unsatisfactory for preset condition surely, determine that the first flow that acquiring unit 101 obtains is greater than first flow threshold value or acquiring unit 101 second flows obtained are greater than the third flow that second flow threshold value or acquiring unit 101 obtain and are greater than third flow threshold When value, generates warning information and disconnect the connection with forwarding device, and the connection with forwarding device is re-established according to mark ID.
Optionally, processing unit 102, are also used to the historical data obtained according to acquiring unit 101, and determination is unsatisfactory for presetting When condition, determine that first number of the acquisition of acquiring unit 101 is greater than second of second threshold or the acquisition of acquiring unit 101 When number is greater than third threshold value, generates warning information and disconnect the connection with forwarding device, and re-establish and turn according to mark ID Send out the connection of equipment.
Wherein, all related contents for each step that above method embodiment is related to can quote corresponding function module Function description, effect details are not described herein.
SDN controller 10 includes: storage unit, processing unit and acquiring unit the case where using integrated module. Processing unit is for carrying out control management to the movement of SDN controller, for example, processing unit is for supporting SDN controller to execute Process S101 and S102 in Fig. 6;Acquiring unit is used to support the information exchange of SDN controller and other equipment.Storage unit, For storing the program code and data of SDN controller.
Wherein, using processing unit as processor, storage unit is memory, and acquiring unit is for communication interface.Wherein, SDN controller is referring to Fig.1 shown in 9, including communication interface 501, processor 502, memory 503 and bus 504, communication interface 501, processor 502 is connected by bus 504 with memory 503.
Processor 502 can be a general central processor (Central Processing Unit, CPU), micro process Device, application-specific integrated circuit (Application-Specific Integrated Circuit, ASIC) or one or more A integrated circuit executed for controlling application scheme program.
Memory 503 can be read-only memory (Read-Only Memory, ROM) or can store static information and instruction Other kinds of static storage device, random access memory (Random Access Memory, RAM) or letter can be stored The other kinds of dynamic memory of breath and instruction, is also possible to Electrically Erasable Programmable Read-Only Memory (Electrically Erasable Programmable Read-only Memory, EEPROM), CD-ROM (Compact Disc Read- Only Memory, CD-ROM) or other optical disc storages, optical disc storage (including compression optical disc, laser disc, optical disc, digital universal Optical disc, Blu-ray Disc etc.), magnetic disk storage medium or other magnetic storage apparatus or can be used in carrying or store to have referring to Enable or data structure form desired program code and can by any other medium of computer access, but not limited to this. Memory, which can be, to be individually present, and is connected by bus with processor.Memory can also be integrated with processor.
Wherein, memory 503 is used to store the application code for executing application scheme, and is controlled by processor 502 System executes.Communication interface 501 is used to carry out information exchange, such as the information exchange with remote controler with other equipment.Processor 502 For executing the application code stored in memory 503, to realize method described in the embodiment of the present application.
In addition, a kind of calculating storage media (or medium) is also provided, including carrying out in above-described embodiment when executed The instruction for the method operation that SDN controller executes.In addition, also providing a kind of computer program product, including above-mentioned calculating storage Media (or medium).
It should be understood that in various embodiments of the present invention, magnitude of the sequence numbers of the above procedures are not meant to execute suitable Sequence it is successive, the execution of each process sequence should be determined by its function and internal logic, the implementation without coping with the embodiment of the present invention Process constitutes any restriction.
Those of ordinary skill in the art may be aware that list described in conjunction with the examples disclosed in the embodiments of the present disclosure Member and algorithm steps can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually It is implemented in hardware or software, the specific application and design constraint depending on technical solution.Professional technician Each specific application can be used different methods to achieve the described function, but this realization is it is not considered that exceed The scope of the present invention.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description, The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments provided herein, it should be understood that disclosed system, apparatus and method, it can be with It realizes by another way.For example, apparatus embodiments described above are merely indicative, for example, the unit It divides, only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components It can be combined or can be integrated into another system, or some features can be ignored or not executed.Another point, it is shown or The mutual coupling, direct-coupling or communication connection discussed can be through some interfaces, the indirect coupling of equipment or unit It closes or communicates to connect, can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product It is stored in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially in other words The part of the part that contributes to existing technology or the technical solution can be embodied in the form of software products, the meter Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be a People's computer, server or network equipment etc.) it performs all or part of the steps of the method described in the various embodiments of the present invention. And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (full name in English: read-only memory, English letter Claim: ROM), random access memory (full name in English: random access memory, English abbreviation: RAM), magnetic disk or light The various media that can store program code such as disk.
It is corresponded to it is to be appreciated that any SDN controller of above-mentioned offer is used to execute embodiment one presented above Method, therefore, attainable beneficial effect can refer to the method and following detailed description of foregoing embodiments one In corresponding scheme beneficial effect, details are not described herein again.
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any Those familiar with the art in the technical scope disclosed by the present invention, can easily think of the change or the replacement, and should all contain Lid is within protection scope of the present invention.Therefore, protection scope of the present invention should be based on the protection scope of the described claims.

Claims (12)

1. a kind of data transmission method characterized by comprising
SDN controller obtains the historical data that the forwarding device of connection has been established;Wherein, the historical data includes the forwarding Equipment sends message to the forwarding device with the SDN controller to first number that the SDN controller sends request Second number or the historical data include the company that the forwarding device last time establishes connection with the SDN controller Connect the time;
The SDN controller determines when meeting preset condition according to the historical data, generate warning information and disconnect with it is described The connection of forwarding device, and the connection with the forwarding device is re-established according to mark ID;Wherein, the SDN control every time Device establishes that the mark ID of connection is different, and the warning information is used to indicate the forwarding device, and there are DOS from the forwarding device Attack.
2. data transmission method according to claim 1, which is characterized in that the historical data includes first number With second number;
The SDN controller determines when meeting preset condition according to the historical data, generate warning information and disconnect with it is described The connection of forwarding device, and the connection with the forwarding device is re-established according to mark ID, comprising:
The SDN controller determines first number in designated time period according to first number and second number When being greater than or equal to first threshold with the sum of second number, generates warning information and disconnect the company with the forwarding device It connects, and the connection with the forwarding device is re-established according to mark ID.
3. data transmission method according to claim 1, which is characterized in that when the historical data includes the connection Between;
The SDN controller determines when meeting preset condition according to the historical data, generate warning information and disconnect with it is described The connection of forwarding device, and the connection with the forwarding device is re-established according to mark ID, comprising:
The SDN controller determines that current time and the difference of the Connection Time are greater than or equal to according to the Connection Time When time threshold, generate warning information and disconnect with the connection of the forwarding device, and according to mark ID re-establish with it is described The connection of forwarding device.
4. data transmission method according to claim 1, which is characterized in that the historical data further includes reaching described turn The first flow for sending out equipment, the second flow flowed out from the forwarding device and the third flow for flowing through the forwarding device;
The method also includes:
The SDN controller determines when being unsatisfactory for preset condition according to the historical data, determines that the first flow is greater than the Perhaps the second flow is greater than second flow threshold value to one flow threshold or the third flow is greater than third flow threshold When, it generates warning information and disconnects the connection with the forwarding device, and re-established and the forwarding device according to mark ID Connection.
5. data transmission method according to claim 1, which is characterized in that the method also includes:
The SDN controller determines when being unsatisfactory for preset condition according to the historical data, determines first number greater than the When two threshold values or second number are greater than third threshold value, generate warning information and disconnects the connection with the forwarding device, And the connection with the forwarding device is re-established according to mark ID.
6. a kind of SDN controller characterized by comprising
Acquiring unit, for obtaining the historical data that the forwarding device of connection has been established;Wherein, the historical data includes described Forwarding device disappears with the SDN controller to forwarding device transmission to first number that the SDN controller sends request Second number or the historical data of breath include that the forwarding device establishes connection with the SDN controller for the last time Connection Time;
Processing unit, the historical data for being obtained according to the acquiring unit determine that generation is accused when meeting preset condition The connection of alert information and disconnection and the forwarding device, and the connection with the forwarding device is re-established according to mark ID;Its In, each SDN controller establishes that the mark ID of connection is different, and the warning information is used to indicate institute from the forwarding device Stating forwarding device, there are dos attacks.
7. SDN controller according to claim 6, which is characterized in that the historical data include first number and Second number;
The processing unit is obtained specifically for first number obtained according to the acquiring unit and the acquiring unit Second number, determine in designated time period that the sum of first number and second number are greater than or equal to the first threshold When value, generates warning information and disconnect the connection with the forwarding device, and re-established according to mark ID and set with the forwarding Standby connection.
8. SDN controller according to claim 6, which is characterized in that the historical data includes the Connection Time;
The processing unit determines current time and institute specifically for the Connection Time obtained according to the acquiring unit When stating the difference of Connection Time more than or equal to time threshold, generates warning information and disconnects the connection with the forwarding device, And the connection with the forwarding device is re-established according to mark ID.
9. SDN controller according to claim 6, which is characterized in that the historical data further includes reaching the forwarding The first flow of equipment, the second flow flowed out from the forwarding device and the third flow for flowing through the forwarding device;
The processing unit, is also used to the historical data obtained according to the acquiring unit, and determination is unsatisfactory for preset condition When, determine what the first flow of the acquiring unit acquisition was obtained greater than first flow threshold value or the acquiring unit The second flow is greater than the third flow that second flow threshold value or the acquiring unit obtain and is greater than third flow threshold When value, generates warning information and disconnect the connection with the forwarding device, and re-established according to mark ID and set with the forwarding Standby connection.
10. SDN controller according to claim 6, which is characterized in that the processing unit is also used to obtain according to The historical data for taking unit to obtain when determination is unsatisfactory for preset condition, determines the acquiring unit obtains described first When number is greater than second number of second threshold or acquiring unit acquisition greater than third threshold value, alarm letter is generated The connection with the forwarding device is ceased and disconnected, and the connection with the forwarding device is re-established according to mark ID.
11. a kind of computer storage medium, which is characterized in that including instruction, when run on a computer, so that computer Execute the data transmission method as described in the claims any one of 1-5.
12. a kind of SDN controller characterized by comprising communication interface, processor, memory, bus;Memory is for depositing Computer executed instructions are stored up, processor is connect with memory by bus, and when the operation of SDN controller, processor executes storage The computer executed instructions of device storage, so that SDN controller is executed such as the described in any item data transmission of the claims 1-5 Method.
CN201910390899.5A 2019-05-10 2019-05-10 Data transmission method and SDN controller Active CN110247893B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910390899.5A CN110247893B (en) 2019-05-10 2019-05-10 Data transmission method and SDN controller

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910390899.5A CN110247893B (en) 2019-05-10 2019-05-10 Data transmission method and SDN controller

Publications (2)

Publication Number Publication Date
CN110247893A true CN110247893A (en) 2019-09-17
CN110247893B CN110247893B (en) 2021-07-13

Family

ID=67884248

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910390899.5A Active CN110247893B (en) 2019-05-10 2019-05-10 Data transmission method and SDN controller

Country Status (1)

Country Link
CN (1) CN110247893B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110943979A (en) * 2019-11-19 2020-03-31 普联技术有限公司 SDN network attack detection method, device, equipment and system
CN111343206A (en) * 2020-05-19 2020-06-26 上海飞旗网络技术股份有限公司 Active defense method and device for data flow attack
CN113938312A (en) * 2021-11-12 2022-01-14 北京天融信网络安全技术有限公司 Detection method and device for brute force cracking flow

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103561011A (en) * 2013-10-28 2014-02-05 中国科学院信息工程研究所 Method and system for preventing blind DDoS attacks on SDN controllers
CN104158800A (en) * 2014-07-21 2014-11-19 南京邮电大学 Detection method of DDoS (Distributed Denial of Service) attack for software defined network (SDN)
CN105282169A (en) * 2015-11-04 2016-01-27 中国电子科技集团公司第四十一研究所 DDoS attack warning method and system based on SDN controller threshold
CN106034105A (en) * 2015-03-09 2016-10-19 国家计算机网络与信息安全管理中心 OpenFlow switch and method for processing DDoS attack
CN106534133A (en) * 2016-11-17 2017-03-22 浙江工商大学 Deep learning based DDOS defensive device and method in SDN
CN106561016A (en) * 2015-11-19 2017-04-12 国网智能电网研究院 DDoS attack detection device and method for SDN controller based on entropy
CN107438074A (en) * 2017-08-08 2017-12-05 北京神州绿盟信息安全科技股份有限公司 The means of defence and device of a kind of ddos attack
CN107509128A (en) * 2017-08-16 2017-12-22 中国联合网络通信集团有限公司 A kind of method and system of core network access
WO2018076949A1 (en) * 2016-10-31 2018-05-03 腾讯科技(深圳)有限公司 Traffic attack protection method and system, controller, router, and storage medium
CN108282497A (en) * 2018-04-28 2018-07-13 电子科技大学 For the ddos attack detection method of SDN control planes
US20190097931A1 (en) * 2017-09-28 2019-03-28 Argela Yazilim ve Bilisim Teknolojileri San. ve Tic. A.S. System and method for control traffic reduction between sdn controller and switch

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103561011A (en) * 2013-10-28 2014-02-05 中国科学院信息工程研究所 Method and system for preventing blind DDoS attacks on SDN controllers
CN104158800A (en) * 2014-07-21 2014-11-19 南京邮电大学 Detection method of DDoS (Distributed Denial of Service) attack for software defined network (SDN)
CN106034105A (en) * 2015-03-09 2016-10-19 国家计算机网络与信息安全管理中心 OpenFlow switch and method for processing DDoS attack
CN105282169A (en) * 2015-11-04 2016-01-27 中国电子科技集团公司第四十一研究所 DDoS attack warning method and system based on SDN controller threshold
CN106561016A (en) * 2015-11-19 2017-04-12 国网智能电网研究院 DDoS attack detection device and method for SDN controller based on entropy
WO2018076949A1 (en) * 2016-10-31 2018-05-03 腾讯科技(深圳)有限公司 Traffic attack protection method and system, controller, router, and storage medium
CN106534133A (en) * 2016-11-17 2017-03-22 浙江工商大学 Deep learning based DDOS defensive device and method in SDN
CN107438074A (en) * 2017-08-08 2017-12-05 北京神州绿盟信息安全科技股份有限公司 The means of defence and device of a kind of ddos attack
CN107509128A (en) * 2017-08-16 2017-12-22 中国联合网络通信集团有限公司 A kind of method and system of core network access
US20190097931A1 (en) * 2017-09-28 2019-03-28 Argela Yazilim ve Bilisim Teknolojileri San. ve Tic. A.S. System and method for control traffic reduction between sdn controller and switch
CN108282497A (en) * 2018-04-28 2018-07-13 电子科技大学 For the ddos attack detection method of SDN control planes

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
NHU-NGOC DAO, JOONGHEON KIM, MINHO PARK , SUNGRAE CHO: "Adaptive Suspicious Prevention for Defending DoS Attacks", 《PLOS ONE》 *
孙凤木: "面向SDN网络的DDoS攻击检测与缓解技术研究", 《中国优秀硕士学位论文全文数据库信息科技辑》 *
毛明 陈庶樵,崔世建: "SDN控制器部署中的可靠性优化研究", 《电子技术应用》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110943979A (en) * 2019-11-19 2020-03-31 普联技术有限公司 SDN network attack detection method, device, equipment and system
CN111343206A (en) * 2020-05-19 2020-06-26 上海飞旗网络技术股份有限公司 Active defense method and device for data flow attack
CN111343206B (en) * 2020-05-19 2020-08-21 上海飞旗网络技术股份有限公司 Active defense method and device for data flow attack
CN113938312A (en) * 2021-11-12 2022-01-14 北京天融信网络安全技术有限公司 Detection method and device for brute force cracking flow
CN113938312B (en) * 2021-11-12 2024-01-26 北京天融信网络安全技术有限公司 Method and device for detecting violent cracking flow

Also Published As

Publication number Publication date
CN110247893B (en) 2021-07-13

Similar Documents

Publication Publication Date Title
KR101977731B1 (en) Apparatus and method for detecting anomaly in a controller system
EP2933954B1 (en) Network anomaly notification method and apparatus
CN110247893A (en) A kind of data transmission method and SDN controller
EP3343838B1 (en) Utilizing management network for secured configuration and platform management
US11252196B2 (en) Method for managing data traffic within a network
WO2015077377A1 (en) Methods, systems, and computer readable media for a network function virtualization information concentrator
JP2017507572A (en) Method, system, and computer-readable medium for cloud-based virtual orchestrator
JP2007006054A (en) Packet repeater and packet repeating system
CN109787827B (en) CDN network monitoring method and device
CN108028828B (en) Distributed denial of service (DDoS) attack detection method and related equipment
JP2017152852A (en) Communication system, communication apparatus, and communication control method for communication system
CN105959282A (en) Protection method and device for DHCP attack
JP2016111664A (en) Computer packaging system, and secure path selection method utilizing network evaluation
CN102130792A (en) Communication amount monitoring system
US8370897B1 (en) Configurable redundant security device failover
JP6927155B2 (en) Anomaly detection device, anomaly detection method and anomaly detection program
CN108737344A (en) A kind of network attack protection method and device
CN111935085A (en) Method and system for detecting and protecting abnormal network behaviors of industrial control network
EP3133790A1 (en) Message sending method and apparatus
CN112688970B (en) Large-traffic DDoS attack detection method and system based on programmable chip
KR100478910B1 (en) IP collision detection/ Interseption method thereof
Lussi et al. A lightweight fog-based internal intrusion detection system for smart environments
CN114448653A (en) Policy execution method, related device and storage medium
US20160308787A1 (en) Method for processing event between controller and network device
JP6851211B2 (en) Network monitoring system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant