CN110298381B - Cloud security service function tree network intrusion detection system - Google Patents
Cloud security service function tree network intrusion detection system Download PDFInfo
- Publication number
- CN110298381B CN110298381B CN201910441565.6A CN201910441565A CN110298381B CN 110298381 B CN110298381 B CN 110298381B CN 201910441565 A CN201910441565 A CN 201910441565A CN 110298381 B CN110298381 B CN 110298381B
- Authority
- CN
- China
- Prior art keywords
- network
- module
- tree
- service
- service function
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/21—Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
- G06F18/214—Generating training patterns; Bootstrap methods, e.g. bagging or boosting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Abstract
The invention relates to the field of network monitoring, in particular to a cloud security service function tree network intrusion detection system, which comprises a service tree topology arrangement module, a service tree topology mapping module, a stream characteristic database module and a global resource monitoring module, wherein the service tree topology arrangement module is used for arranging a plurality of service tree topology mapping modules; the invention provides cloud security resources by utilizing a network function virtualization technology; flexibly customizing a security defense strategy according to a cloud security situation, deploying a cloud security service function tree in a direction close to a network attack source, and gradually subdividing and identifying suspicious network traffic; according to the security defense strategy, the corresponding cloud security VNF can be scheduled to perform finer-grained processing according to the network flow characteristics of the current branch in the subdivided cloud security service function tree branches, and the network security is greatly improved.
Description
Technical Field
The invention relates to the field of network monitoring, in particular to a cloud security service function tree network intrusion detection system based on decision tree classification, which is realized in an SDN \ NFV cloud computing environment.
Background
In the process of communication between two hosts accessed to the network, the data message transmission needs to pass through various network function nodes distributed at various positions of the data center, so that safe, quick and stable network service can be provided for users in the communication process. When the network traffic of the service needs to process and deliver the network data packet through the corresponding network function node according to the established sequence required by the service logic, the network function node and the link through which the network traffic passes are generally called as a service function chain. Service function chains in a traditional network are tightly coupled with the underlying physical network topology, are difficult to deploy and update, and the realization of network functions depends on special network function hardware equipment which is statically deployed all over a data center. When a service requirement is changed, a service chain needs to be changed and the load capacity needs to be expanded to deal with a new service requirement, the physical network topology needs to be modified.
The information islanding problem of the traditional data center is broken through by the cloud computing concept, and due to the fact that the virtualization technology is widely used in the cloud computing data center, decoupling of tenant logic networking and a bottom layer physical network, separation of a control layer and a forwarding layer and dynamic creation and flexible deployment of a virtual network function VNF are achieved through the SDN technology and the NFV technology. Therefore, a new idea is provided for solving the network security problem by deploying the service function chain in the cloud computing environment.
Disclosure of Invention
In order to overcome the defects that when a service demand is changed, a service chain needs to be changed for responding to a new service demand and the load capacity is expanded, the physical network topology needs to be modified in the prior art, the invention provides a cloud security service function tree network intrusion detection system.
In order to solve the technical problems, the technical scheme of the invention is as follows:
a cloud security service function tree network intrusion detection system comprises a service tree topology arrangement module, a service tree topology mapping module, a stream feature database module and a global resource monitoring module;
the flow characteristic database module is used for storing network flow characteristic data of network attacks and selecting a corresponding network attack flow characteristic data set to construct a corresponding training set in combination with a cloud security situation;
the service tree topology arrangement module is used for constructing a decision tree classification model by combining with cloud security situation, training and pruning the decision tree model by using a training set constructed in the stream characteristic database module, and transmitting the trained decision tree classification model to the service tree topology mapping module;
the service tree topology mapping module is used for receiving the decision tree classification model constructed by the service tree topology arrangement module, mapping the decision rule matching nodes of the decision tree classification model into corresponding service function tree nodes, and completing the matching and classification of network traffic at the service function tree nodes;
the global resource monitoring module is used for monitoring and maintaining resources in the whole network range in the flow characteristic database module, the service tree topology arrangement module and the service tree topology mapping module, so that the actual bearing capacity information of the underlying infrastructure is provided in the mapping process of the cloud security service function tree topology and the construction process of the virtual logic network, and the mapping and deployment of VNF resources are optimized.
Preferably, the decision tree classification model performs stacking multiplexing on a plurality of service function chains to optimize security function arrangement and virtual resource deployment, deploys the cloud security service function tree in a direction close to a network attack source, and performs stepwise subdivision and identification on suspicious network traffic to complete specific fine-grained processing.
Preferably, the service tree topology mapping module includes a traffic scheduling sub-module and a VNF resource scheduling sub-module, and the traffic scheduling sub-module is configured to perform classification treatment on the network data packet and complete forwarding policy matching; and the VNF resource scheduling submodule is used for performing scheduling and classification according to needs according to the service function tree scheduling strategy.
Preferably, the flow scheduling sub-module classifies and treats the network data message according to the source direction by using an OpenFlow multi-stage flow table.
Preferably, the VNF resource scheduling sub-module uses a Docker container as a bearer for the virtual network function, and performs on-demand scheduling according to the service function tree arrangement policy.
Preferably, the global resource monitoring module further comprises a topology discovery sub-module, a VNF resource monitoring sub-module, and an infrastructure resource monitoring sub-module; the topology discovery sub-module is used for completing network topology discovery and virtual host discovery in the whole network range; the VNF resource monitoring submodule is used for completing state analysis and statistics of VNF resources in the whole network range; the infrastructure resource monitoring submodule is used for monitoring the running state of physical equipment of an infrastructure layer; the topology discovery submodule, the VNF resource monitoring submodule and the infrastructure resource monitoring submodule work independently, and status information monitored by the VNF resource monitoring submodule and the infrastructure resource monitoring submodule is collected and submitted to the global resource monitoring module to be processed. Preferably, the topology discovery sub-module is implemented by performing modular secondary development on the SDN controller, and the module completes network topology discovery and virtual host discovery in a whole network range by encapsulating an LLDP link discovery protocol and an ARP protocol as a detection message.
Preferably, the VNF resource monitoring sub-module completes state analysis and statistics of VNF resources in a whole network range by deploying the network flow feature acquisition module at the VNF node and updating the network flow feature information to the VNF resource monitoring sub-module in real time.
Preferably, the infrastructure resource monitoring sub-module monitors the operating state of the physical device in the infrastructure layer by acquiring the use conditions of resources such as computation, storage, network and the like of the physical server in the whole network range in real time.
Compared with the prior art, the technical scheme of the invention has the beneficial effects that:
(1) in order to solve the problems that the service function chain has single processing logic, virtual function nodes among a plurality of service function chains are mutually independent, the multiplexing rate is low and the like, the invention provides a novel service function tree-type topological structure on the virtual logic network level. Optimizing function and resource deployment by stacked multiplexing of multiple service function chains; and the branching nodes of the tree topology realize the shunting and separation of different kinds of network traffic.
(2) And constructing a cloud security service function tree model according to the decision tree classification idea, mapping decision rule matching nodes into corresponding service function tree topology nodes, acquiring and analyzing the network flow characteristics flowing into the nodes at the service function tree nodes, matching the network flow characteristics with the decision rules to determine the next hop branch trend of the network flow, and gradually subdividing and identifying suspicious network flow. Compared with the method for processing the suspicious network flow by using the decision tree on a single node, the service function tree can flexibly embed corresponding virtual network functions for specific processing according to the flow characteristics among each decision rule matching node.
Drawings
FIG. 1 is a schematic diagram of the overall system architecture of the present invention;
FIG. 2 is a schematic diagram of a cloud security services tree function tree topology;
fig. 3 is a schematic diagram of OVS dual-bridge architecture network packet forwarding;
FIG. 4 is a schematic diagram of an OpenFlow multi-stage flow table design;
Detailed Description
The drawings are for illustrative purposes only and are not to be construed as limiting the patent;
for the purpose of better illustrating the present embodiments, certain elements of the drawings may be omitted, enlarged or reduced, and do not represent the size of an actual product;
it will be understood by those skilled in the art that certain well-known structures in the drawings and descriptions thereof may be omitted.
The technical solution of the present invention is further described with reference to the drawings and the embodiments.
Example 1
As shown in fig. 1 and fig. 2, a cloud security service function tree network intrusion detection system includes a service tree topology arrangement module 1, a service tree topology mapping module 2, a stream feature database module 3, and a global resource monitoring module 4;
the flow characteristic database module 3 is used for storing network flow characteristic data of network attacks and selecting a corresponding network attack flow characteristic data set to construct a corresponding training set by combining with cloud security situation;
the service tree topology arrangement module 1 is used for constructing a decision tree classification model in combination with a cloud security situation, training and pruning the decision tree model by using a training set constructed in the stream feature database module 3, and transmitting the trained decision tree classification model to the service tree topology mapping module 2;
the service tree topology mapping module 2 is used for receiving the decision tree classification model constructed by the service tree topology arrangement module 1, mapping the decision rule matching nodes of the decision tree classification model into corresponding service function tree nodes, and completing the matching and classification of network traffic at the service function tree nodes;
the global resource monitoring module 4 is used for monitoring and maintaining resources in the whole network range in the flow characteristic database module 3, the service tree topology arrangement module 1 and the service tree topology mapping module 2, providing actual bearing capacity information of the underlying infrastructure in the mapping process of the cloud security service function tree topology and the construction process of the virtual logic network, and optimizing the mapping and deployment of VNF resources.
As a preferred embodiment, the decision tree classification model performs stacking multiplexing on a plurality of service function chains to optimize security function arrangement and virtual resource deployment, deploys a cloud security service function tree in a direction close to a network attack source, and performs stepwise subdivision and identification on suspicious network traffic to complete specific fine-grained processing.
As a preferred embodiment, the service tree topology mapping module 2 includes a traffic scheduling submodule 5 and a VNF resource scheduling submodule 6, where the traffic scheduling submodule 5 is configured to perform classification treatment on a network data packet, and complete forwarding policy matching; and the VNF resource scheduling submodule 6 is used for performing scheduling and classification according to the service function tree scheduling strategy.
As a preferred embodiment, the flow scheduling sub-module 5 uses an OpenFlow multi-stage flow table to perform classification treatment on the network data packet according to the source direction.
As a preferred embodiment, the VNF resource scheduling sub-module 6 uses a Docker container as a bearer of a virtual network function, and performs on-demand scheduling according to a service function tree scheduling policy.
As a preferred embodiment, the global resource monitoring module 4 further includes a topology discovery sub-module 7, a VNF resource monitoring sub-module 8, and an infrastructure resource monitoring sub-module 9; the topology discovery submodule 7 is used for completing network topology discovery and virtual host discovery in the whole network range; the VNF resource monitoring submodule 8 is used for completing state analysis and statistics of VNF resources in the whole network range; the infrastructure resource monitoring submodule 9 is configured to monitor an operating state of physical equipment in an infrastructure layer; the topology discovery submodule 7, the VNF resource monitoring submodule 8 and the infrastructure resource monitoring submodule 9 work independently of each other, and collectively present the monitored status information to the global resource monitoring module 4 for processing.
As a preferred embodiment, the topology discovery sub-module 7 is implemented by performing modular secondary development on an SDN controller, and completes network topology discovery and virtual host discovery in a whole network range by encapsulating an LLDP link discovery protocol and an ARP protocol as a detection message.
As a preferred embodiment, the VNF resource monitoring sub-module 8 completes state analysis and statistics of VNF resources in a whole network range by deploying a network flow feature acquisition module at a VNF node and updating network flow feature information to the VNF resource monitoring sub-module 8 in real time.
As a preferred embodiment, the infrastructure resource monitoring sub-module 9 monitors the operating state of the physical device in the infrastructure layer by acquiring the use conditions of resources such as computation, storage, and network of the physical server in the whole network range in real time.
FIG. 2 is a schematic view of a functional tree topology of a cloud security service tree during operation, where the bottom layer is an infrastructure formed by a plurality of data center hardware physical devices; the method comprises the steps that a cloud security resource pool is constructed after bottom layer physical equipment resources are virtualized, and a cloud security service function tree is scheduled and arranged; the intermediate layer is a schematic diagram of a VNF cloud security resource pool formed after virtualization of infrastructure layer resources, and the VNF communication after the cross-data center virtualization is realized through a VxLAN tunnel; the top layer is a tree topology structure in the virtual logic network layer, each VNF node is communicated according to a service tree topology arrangement strategy to form a tree topology, and branches of each tree are used for processing network traffic with corresponding characteristics.
Example 2
As shown in fig. 3 and 4, in this embodiment, the tree topology of the service function tree is combined with the network attack traffic identification and classification characteristics of the decision tree, and the feature rule matching of the decision tree nodes is distributed to each VNF node of the service function tree. Under the guidance of the decision tree classification concept, each path from the root node of the service tree as a starting point to each leaf node is a VNF node path through which network traffic with certain characteristics flows. Fig. 3 illustrates a virtualized container network implementation during VNF communication across data centers. Two OVS virtual bridges are constructed on a host machine through a network virtualization technology, wherein a br-int virtual bridge mainly plays a role in data packet exchange in a local network segment in a container data exchange network; the br-tun virtual bridge classifies, treats and matches the network data message according to the source direction to complete the forwarding strategy matching. Binding a virtual network card vNIC of the VNF container to a virtual port vPort of the OVS virtual bridge to construct a communication channel through a virtualization technology; and (4) completing network communication across the data center container by constructing a VxLAN tunnel. 1) Service tree topology orchestration module 1
The service tree topology arrangement module 1 adopts a C4.5 decision tree algorithm to complete arrangement and construction of a cloud security service function tree; discretizing the network flow characteristics of continuous values by a dichotomy, wherein the core idea of the dichotomy is to use the characteristics A m The k different feature values are sorted according to ascending order; dividing all the characteristic values into two parts by using a bisection method and taking a middle value adjacent to the two characteristic values as a threshold value, wherein k-1 division modes are shared; respectively calculating information gains corresponding to the k-1 division modes, and selecting the division threshold as a characteristic A when the obtained information gain is maximum m Is measured.
In the process of constructing the decision tree, in order to prevent the over-fitting phenomenon, a pessimistic pruning-after-pruning algorithm is adopted, and the pessimistic pruning algorithm does not need an additional test data set and prunes the decision tree from top to bottom.
2) Service tree topology mapping module 2
According to the architecture model of the cloud security service function tree, in order to ensure high availability and expansibility, an OVS dual-bridge architecture scheme is designed, as shown in fig. 3. Two OVS virtual bridges are constructed on a host machine through a network virtualization technology, wherein the br-int virtual bridge mainly plays a role of data packet exchange in a local network segment in a container data exchange network, and the functions of marking and stripping VLAN labels and normal data packet forwarding are completed; the br-tun virtual bridge classifies, treats and completes forwarding policy matching on the network data message according to the source direction by using a multi-level flow table of an OpenFlow protocol 1.3 version, and is a multi-level flow table design schematic diagram as shown in FIG. 4; and the tunnel packaging technology of VxLAN is used for the communication of the data packets in a large two-layer network range between data centers. The OVS realizes the circulation of data packets by establishing a pair of patch ports between the two virtual bridges of br-int and br-tun.
As shown in FIG. 4, the logic for processing the multi-stage flow table in the br-tun virtual bridge is designed as follows:
and the Table 0 processes all data packets flowing through the br-tun virtual bridge, and submits the data packets to a corresponding next-stage flow Table for matching processing according to different sources. Wherein, the data packet of the local network segment flows into the br-tun bridge from the patch-int port, and then is transmitted to Table 1 for processing; and data packets flowing across the data centers flow in from the VxLAN port and are submitted to Table 2 for processing.
Table 1 completes the function of forwarding the local network segment data packet across data centers. If the message is a multicast or broadcast message, jumping to Table 11, and flooding and sending the message from all VxLAN ports; if the data message is a unicast message, judging the data center tunnel port of the next hop flow direction of the data message according to the VLAN ID label, and forwarding the message to the corresponding tunnel port.
In Table 2, the data packet flowing into the local network segment from another data center is processed, and the packet is marked with a corresponding VLAN tag according to the corresponding Tunnel source Tunnel ID, and is submitted to the virtual bridge br-int of the local network segment through the patch-int port for processing.
And in Table 10, processing the unicast message submitted by Table 1, stripping the VLANID, adding the corresponding VxLAN tunnel ID, and sending the VxLAN tunnel ID from the corresponding VxLAN port.
In Table 11, the multicast or broadcast message forwarded and presented by Table 1 is processed, and after vlan id is stripped, the message is sent out by flooding from all VxLAN ports.
3) Flow characteristics database module 3
The flow characteristic database module 3 mainly stores the statistical value of the network flow characteristic performance when the common network attack occurs. Aiming at the principle of common network attack, 9 network flow characteristics are selected to provide the characteristics for a decision tree to construct, wherein the characteristics are respectively the proportion of a TCP data packet flowing into a VNF in a time window to all data packets, the proportion of a UDP data packet to all data packets, the proportion of an ICMP data packet to all data packets, the proportion of a SYN data packet in the TCP data packet, the proportion of different destination host address data packets to all data packets, the proportion of different destination port data packets to all data packets, the proportion of different source host data packets to all data packets, the proportion of different source port data packets to all data packets and the average bandwidth flowing into the VNF data packets.
In the selected network flow characteristics, the network flow has the characteristics of high instantaneous change rate, low time correlation and the like, and the network abnormal attack flow is more accurately reflected by adopting the statistical characteristic based on time; the concept of time window is utilized to smooth the transient change attribute of the network flow, and a time window of 1 second is adopted to depict the flow characteristic.
4) Global resource monitoring module 4
The global monitoring module mainly provides a global view for the control management layer, acquires the whole network topology from the topology discovery submodule 7, acquires the available computing resources in the whole network range from the infrastructure resource monitoring submodule 9, and acquires the whole network security situation from the VNF resource monitoring submodule 8.
The same or similar reference numerals correspond to the same or similar parts;
the terms describing positional relationships in the drawings are for illustrative purposes only and are not to be construed as limiting the patent;
it should be understood that the above-described embodiments of the present invention are merely examples for clearly illustrating the present invention, and are not intended to limit the embodiments of the present invention. Other variations and modifications will be apparent to persons skilled in the art in light of the above description. And are neither required nor exhaustive of all embodiments. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the claims of the present invention.
Claims (5)
1. A cloud security service function tree network intrusion detection system is characterized by comprising a service tree topology arrangement module (1), a service tree topology mapping module (2), a stream feature database module (3) and a global resource monitoring module (4);
the flow characteristic database module (3) is used for storing network flow characteristic data of network attacks and selecting a corresponding network attack flow characteristic data set to construct a corresponding training set by combining with cloud security situation;
the service tree topology arrangement module (1) is used for constructing a decision tree classification model by combining with cloud security situation, training and pruning the decision tree model by using a training set constructed in the stream characteristic database module (3),
transmitting the trained decision tree classification model to a service tree topology mapping module (2);
the service tree topology mapping module (2) is used for receiving the decision tree classification model constructed by the service tree topology arrangement module (1), mapping the decision rule matching nodes of the decision tree classification model into corresponding service function tree nodes, and completing the matching and classification of network traffic at the service function tree nodes;
the global resource monitoring module (4) is used for monitoring and maintaining resources in the whole network range in the flow characteristic database module (3), the service tree topology arrangement module (1) and the service tree topology mapping module (2), providing actual bearing capacity information of bottom infrastructure in the mapping process of the cloud security service function tree topology and the construction process of the virtual logic network, and optimizing the mapping and deployment of VNF resources;
the decision tree classification model performs stacking multiplexing on a plurality of service function chains to optimize safety function arrangement and virtual resource deployment, deploys a cloud safety service function tree in a direction close to a network attack source, and performs stepwise subdivision identification on suspicious network traffic to complete specific fine-grained processing;
the service tree topology mapping module (2) comprises a traffic scheduling submodule (5) and a VNF resource scheduling submodule (6), wherein the traffic scheduling submodule (5) is used for carrying out classification treatment on network data messages and completing forwarding strategy matching; the VNF resource scheduling submodule (6) is used for performing scheduling and classification according to the service function tree scheduling strategy;
the flow scheduling sub-module (5) classifies and treats the network data message according to the source direction by utilizing an OpenFlow multi-stage flow table;
and the VNF resource scheduling submodule (6) uses a Docker container as a load bearing of the virtual network function, and performs on-demand scheduling according to the service function tree arrangement strategy.
2. The cloud security service function tree network intrusion detection system according to claim 1, wherein the global resource monitoring module (4) further comprises a topology discovery sub-module (7), a VNF resource monitoring sub-module (8) and an infrastructure resource monitoring sub-module (9); the topology discovery submodule (7) is used for completing network topology discovery and virtual host discovery in the whole network range; the VNF resource monitoring submodule (8) is used for completing state analysis and statistics of VNF resources in the whole network range; the infrastructure resource monitoring submodule (9) is used for monitoring the running state of physical equipment of an infrastructure layer; the topology discovery submodule (7), the VNF resource monitoring submodule (8) and the infrastructure resource monitoring submodule (9) work independently, and status information monitored by the VNF resource monitoring submodule (8) and the infrastructure resource monitoring submodule is collected and submitted to the global resource monitoring module (4) for processing.
3. The cloud security service function tree network intrusion detection system according to claim 2, wherein the topology discovery sub-module (7) is implemented by performing modular secondary development in the SDN controller, and the topology discovery sub-module completes network-wide network topology discovery and virtual host discovery by encapsulating an LLDP link discovery protocol and an ARP protocol as probe messages.
4. The cloud security service function tree network intrusion detection system according to claim 2, wherein the VNF resource monitoring submodule (8) completes state analysis and statistics of VNF resources in a whole network range by deploying a network flow feature acquisition module at a VNF node and updating network flow feature information to the VNF resource monitoring submodule in real time.
5. The cloud security service function tree network intrusion detection system according to claim 2, wherein the infrastructure resource monitoring sub-module (9) monitors the operation state of the physical devices in the infrastructure layer by acquiring the computation, storage and network resource usage of the physical servers in the whole network in real time.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910441565.6A CN110298381B (en) | 2019-05-24 | 2019-05-24 | Cloud security service function tree network intrusion detection system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910441565.6A CN110298381B (en) | 2019-05-24 | 2019-05-24 | Cloud security service function tree network intrusion detection system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110298381A CN110298381A (en) | 2019-10-01 |
| CN110298381B true CN110298381B (en) | 2022-09-20 |
Family
ID=68027162
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910441565.6A Active CN110298381B (en) | 2019-05-24 | 2019-05-24 | Cloud security service function tree network intrusion detection system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110298381B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111698326B (en) * | 2020-06-12 | 2023-01-31 | 北京百度网讯科技有限公司 | Method and device for determining cost attribution of cloud service resources |
| CN112564967B (en) * | 2020-12-02 | 2022-11-08 | 杭州谐云科技有限公司 | Cloud service topology self-discovery method and system based on eBPF, electronic device and storage medium |
| CN114137861A (en) * | 2021-10-23 | 2022-03-04 | 西安电子科技大学 | Intention-driven cloud security service system and method |
| CN114143160B (en) * | 2021-10-25 | 2023-07-18 | 北京银盾泰安网络科技有限公司 | Cloud platform automatic operation and maintenance system |
| CN114531287A (en) * | 2022-02-17 | 2022-05-24 | 恒安嘉新(北京)科技股份公司 | Method, device, equipment and medium for detecting virtual resource acquisition behavior |
| CN114629685B (en) * | 2022-02-17 | 2022-12-16 | 华南理工大学 | Industrial private network hard slicing service function chain deployment method, device and medium |
| CN115859277B (en) * | 2023-02-07 | 2023-05-02 | 四川大学 | Host intrusion detection method based on system call sequence |
Citations (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101119321A (en) * | 2007-09-29 | 2008-02-06 | 杭州华三通信技术有限公司 | Network flux classification processing method and apparatus |
| CN101686239A (en) * | 2009-05-26 | 2010-03-31 | 中山大学 | Trojan discovery system |
| US8892766B1 (en) * | 2012-06-28 | 2014-11-18 | Trend Micro Incorporated | Application-based network traffic redirection for cloud security service |
| CN104363159A (en) * | 2014-07-02 | 2015-02-18 | 北京邮电大学 | Virtual open network building system and method based on software definition network |
| CN104580120A (en) * | 2013-10-28 | 2015-04-29 | 北京启明星辰信息技术股份有限公司 | On-demand-service virtualization network intrusion detection method and device |
| CN105491013A (en) * | 2015-11-20 | 2016-04-13 | 电子科技大学 | Multi-domain network security situation perception model and method based on SDN |
| CN105956661A (en) * | 2016-04-15 | 2016-09-21 | 中山大学 | System for realizing DANN online training on SDN network |
| CN107332913A (en) * | 2017-07-04 | 2017-11-07 | 电子科技大学 | A kind of Optimization deployment method of service function chain in 5G mobile networks |
| WO2018027226A1 (en) * | 2016-08-05 | 2018-02-08 | Fractal Industries, Inc. | Detection mitigation and remediation of cyberattacks employing an advanced cyber-decision platform |
| CN107770174A (en) * | 2017-10-23 | 2018-03-06 | 上海微波技术研究所(中国电子科技集团公司第五十研究所) | A kind of intrusion prevention system and method towards SDN |
| CN107819742A (en) * | 2017-10-19 | 2018-03-20 | 北京交通大学 | A kind of system architecture and its method of Dynamical Deployment Network Security Service |
| CN108173761A (en) * | 2017-12-22 | 2018-06-15 | 南京邮电大学 | A kind of method for optimizing resources of SDN and NFV fusions |
| KR20180069657A (en) * | 2016-12-15 | 2018-06-25 | 경희대학교 산학협력단 | Method, apparatus and computer program for security investment considering characteristics of cloud service |
| US10116514B1 (en) * | 2015-03-30 | 2018-10-30 | Amdocs Development Limited | System, method and computer program for deploying an orchestration layer for a network based on network function virtualization (NFV) |
| CN108881028A (en) * | 2018-06-06 | 2018-11-23 | 北京邮电大学 | The SDN network resource regulating method of application perception is realized based on deep learning |
| CN108900541A (en) * | 2018-08-10 | 2018-11-27 | 哈尔滨工业大学(威海) | One kind being directed to cloud data center SDN Security Situation Awareness Systems and method |
| KR20190018947A (en) * | 2017-08-16 | 2019-02-26 | 삼성전자주식회사 | Apparatus and method for handling a network attack in a software defined network |
| CN109617873A (en) * | 2018-12-06 | 2019-04-12 | 中山大学 | A kind of flow attacking system of defense based on SDN cloud security function services tree-model |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10541926B2 (en) * | 2012-06-06 | 2020-01-21 | The Trustees Of Columbia University In The City Of New York | Unified networking system and device for heterogeneous mobile environments |
| US9386034B2 (en) * | 2013-12-17 | 2016-07-05 | Hoplite Industries, Inc. | Behavioral model based malware protection system and method |
| US10749905B2 (en) * | 2017-07-31 | 2020-08-18 | Amdocs Development Limited | System, method, and computer program providing security in network function virtualization (NFV) based communication networks and software defined networks (SDNS) |
| US9614739B2 (en) * | 2014-01-30 | 2017-04-04 | Cisco Technology, Inc. | Defining service chains in terms of service functions |
| US9722927B2 (en) * | 2014-06-05 | 2017-08-01 | Futurewei Technologies, Inc. | Service chain topology map construction |
| US10523540B2 (en) * | 2017-03-29 | 2019-12-31 | Ca, Inc. | Display method of exchanging messages among users in a group |
| US20180302343A1 (en) * | 2017-04-14 | 2018-10-18 | Argela Yazilim ve Bilisim Teknolojileri San. ve Tic. A.S. | System and method for convergence of software defined network (sdn) and network function virtualization (nfv) |
| US10674409B2 (en) * | 2017-06-09 | 2020-06-02 | At&T Intellectual Property I, L.P. | System and method for fine grained service management using SDN-NFV networks |
-
2019
- 2019-05-24 CN CN201910441565.6A patent/CN110298381B/en active Active
Patent Citations (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101119321A (en) * | 2007-09-29 | 2008-02-06 | 杭州华三通信技术有限公司 | Network flux classification processing method and apparatus |
| CN101686239A (en) * | 2009-05-26 | 2010-03-31 | 中山大学 | Trojan discovery system |
| US8892766B1 (en) * | 2012-06-28 | 2014-11-18 | Trend Micro Incorporated | Application-based network traffic redirection for cloud security service |
| CN104580120A (en) * | 2013-10-28 | 2015-04-29 | 北京启明星辰信息技术股份有限公司 | On-demand-service virtualization network intrusion detection method and device |
| CN104363159A (en) * | 2014-07-02 | 2015-02-18 | 北京邮电大学 | Virtual open network building system and method based on software definition network |
| US10116514B1 (en) * | 2015-03-30 | 2018-10-30 | Amdocs Development Limited | System, method and computer program for deploying an orchestration layer for a network based on network function virtualization (NFV) |
| CN105491013A (en) * | 2015-11-20 | 2016-04-13 | 电子科技大学 | Multi-domain network security situation perception model and method based on SDN |
| CN105956661A (en) * | 2016-04-15 | 2016-09-21 | 中山大学 | System for realizing DANN online training on SDN network |
| WO2018027226A1 (en) * | 2016-08-05 | 2018-02-08 | Fractal Industries, Inc. | Detection mitigation and remediation of cyberattacks employing an advanced cyber-decision platform |
| KR20180069657A (en) * | 2016-12-15 | 2018-06-25 | 경희대학교 산학협력단 | Method, apparatus and computer program for security investment considering characteristics of cloud service |
| CN107332913A (en) * | 2017-07-04 | 2017-11-07 | 电子科技大学 | A kind of Optimization deployment method of service function chain in 5G mobile networks |
| KR20190018947A (en) * | 2017-08-16 | 2019-02-26 | 삼성전자주식회사 | Apparatus and method for handling a network attack in a software defined network |
| CN107819742A (en) * | 2017-10-19 | 2018-03-20 | 北京交通大学 | A kind of system architecture and its method of Dynamical Deployment Network Security Service |
| CN107770174A (en) * | 2017-10-23 | 2018-03-06 | 上海微波技术研究所(中国电子科技集团公司第五十研究所) | A kind of intrusion prevention system and method towards SDN |
| CN108173761A (en) * | 2017-12-22 | 2018-06-15 | 南京邮电大学 | A kind of method for optimizing resources of SDN and NFV fusions |
| CN108881028A (en) * | 2018-06-06 | 2018-11-23 | 北京邮电大学 | The SDN network resource regulating method of application perception is realized based on deep learning |
| CN108900541A (en) * | 2018-08-10 | 2018-11-27 | 哈尔滨工业大学(威海) | One kind being directed to cloud data center SDN Security Situation Awareness Systems and method |
| CN109617873A (en) * | 2018-12-06 | 2019-04-12 | 中山大学 | A kind of flow attacking system of defense based on SDN cloud security function services tree-model |
Non-Patent Citations (3)
| Title |
|---|
| A General Collaborative Framework for Modeling and Perceiving Distributed Network Behavior;Yi Xie et al.;《IEEE-ACM TRANSACTIONS ON NETWORKING》;20161031;第24卷(第5期);第3162-3176页 * |
| Constructing authentication web in cloud computing;Gansen Zhao et al.;《SECURITY AND COMMUNICATION NETWORKS》;20150213;第9卷(第15期);第2843-2860页 * |
| 网络流量的决策树分类;王宇 等;《小型微型计算机系统》;20091130(第11期);第2150-2156页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110298381A (en) | 2019-10-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110298381B (en) | Cloud security service function tree network intrusion detection system | |
| US10462039B2 (en) | Data neural network system and method | |
| EP3210345B1 (en) | Transparent network service header path proxies | |
| US10158533B2 (en) | System and method for base topology selection | |
| CN107005462B (en) | Method, equipment and system for forwarding data in software defined network | |
| US8811398B2 (en) | Method for routing data packets using VLANs | |
| EP1652357B1 (en) | Method and apparatus for adaptive flow-based routing in multi-stage data networks | |
| CN111245747B (en) | Networking method for data center network and data center network | |
| US20140376373A1 (en) | Congestion notification in leaf and spine networks | |
| US20140046882A1 (en) | Packet data neural network system and method | |
| Gholami et al. | Congestion control in software defined data center networks through flow rerouting | |
| CN110601983A (en) | Method and system for forwarding routing without sensing source of protocol | |
| CN104303467A (en) | Integrated heterogeneous software-defined network | |
| WO2022083540A1 (en) | Method, apparatus, and system for determining fault recovery plan, and computer storage medium | |
| CN105376154A (en) | Progressive MAC address learning | |
| CN105610710A (en) | Methods and apparatus for standard protocol validation mechanisms deployed over switch fabric system | |
| US9548900B1 (en) | Systems and methods for forwarding network packets in a network using network domain topology information | |
| CN106656905A (en) | Firewall cluster realization method and apparatus | |
| EP1890438A1 (en) | Method and apparatus for achieving dynamic capacity and high availability in multi-stage data networks using adaptive flow-based routing | |
| CN107566237A (en) | A kind of data message processing method and device | |
| US20140153442A1 (en) | Method, Device, and System for Packet Processing | |
| CN108337179A (en) | Link flow control method and device | |
| US11178050B2 (en) | Neural network for secure data transport, system and method | |
| CN107005479B (en) | Method, device and system for forwarding data in Software Defined Network (SDN) | |
| US9571346B2 (en) | Fault tolerant communication system, method, and device that uses tree searching |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |