CN110366170A - A kind of wireless network secure defence method based on software definition safety - Google Patents
A kind of wireless network secure defence method based on software definition safety Download PDFInfo
- Publication number
- CN110366170A CN110366170A CN201910518416.5A CN201910518416A CN110366170A CN 110366170 A CN110366170 A CN 110366170A CN 201910518416 A CN201910518416 A CN 201910518416A CN 110366170 A CN110366170 A CN 110366170A
- Authority
- CN
- China
- Prior art keywords
- network
- attack
- defence
- data
- wireless
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/65—Environment-dependent, e.g. using captured environmental data
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Environmental & Geological Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of, and the wireless network secure based on software definition safety defends method.The method is based on software definition security network infrastructure, including cloud platform, SDN controller and wireless access point.Network environment data packet in wireless access point sniff wireless network, uploads to cloud platform for network environment data in real time;The network flow table from SDN controller is executed, realizes cyber-defence.Cloud platform completes the attack detecting of network environment data, and defence decision is generated after detecting network attack, is issued to SDN controller.The network forwarding equipment of SDN controller management and configuration including wireless access point issues network flow table according to defence decision.The present invention realizes the attack detecting under wireless network and automates with defence, is integrated, improves protection efficiency.
Description
Technical field
The present invention relates to a kind of wireless network secures to defend method, belongs to network safety filed.
Background technique
With the rapid development of internet, network and information technology is widely used, but also adjoint and come more
The network attack of large area, wider range.
The existing detection defence method for wireless network is using wireless sniff deployed with devices in a network environment come sniff
Environmental data whether there is attack by Expert Rules library detection network environment data, determine network attack position, then passes through people
Work or other network tools are on the defensive to network.Existing method relies on the deployment of Network Sniffing equipment in a network, Wu Fajian
Measure the network attack except deployment range;In addition, existing method often only focuses on the monitoring and detection of network, can not detect
Automated network defence is executed after to attack, protection efficiency is lower in actual deployment.
The rise of software defined network (SDN) provides important support for the evolution of the network information security, turns to network
Managing and controlling for hair equipment makes it possible cyber-defence.The software definition safety (SDS) proposed on the basis of SDN
Security protection thinking improves the initiative and linkage of safety detection and defence, enhances managerial ability, the collaboration water of network
Gentle service quality.Its thought is by data plane and to control planar separation, top-down to be divided into: application layer, control layer and object
Manage layer.Physical layer network resource is managed collectively by control layer, centralized control they specific Prevention-Security implemented according to instruction grasp
Make, application layer is unified to carry out intelligence, the arranging service of automation and management by way of software definition, corresponding to complete
Security function, to realize the Security mechanism of flexible function, ability elasticity, intelligent decision-making.
Summary of the invention
The object of the present invention is to provide a kind of, and the wireless network secure based on software definition security architecture defends method, it is logical
It crosses and network security agent is combined into realization environment sensing with the network equipment, complete intelligent algorithm detection using cloud platform and determine
Plan, and automatic defense is realized by SDN controller, it realizes that the attack detecting under wireless network automates with defence, is integrated, mentions
High protection efficiency.
The present invention realizes that its purpose is adopted the technical scheme that:
The present invention is based on the wireless network secures of software definition security architecture to defend method specifically: in the software definition safety
In framework, the wireless access point of physical layer includes broker security, the cloud platform of application layer include database, the communication server and
Detection system, the SDN controller of control layer include firewall;The wireless network secure defence method includes the following steps:
(1) broker security sniff wireless network environment, and network environment data is uploaded to the communication server;The communication server pair
The network environment data packet received is parsed, and the network environment data after parsing is deposited into the database;
(2) it whether there is network attack data in the network environment data after detection system detection parsing, and if it exists, then detection system
System acts and from network attack data according to the attack type in network attack data from corresponding defence is transferred in database
Extracting attack characteristic information by defence movement and attack signature Information encapsulation at defence decision, and issues defence decision and controls to SDN
Device processed;
(3) firewall in SDN controller, which is acted according to defence to network forwarding equipment, issues network flow table, network forwarding equipment
Corresponding defence movement is executed according to the network flow table received.
Further, for the present invention in the step (1), broker security uploads network environment data using CoAP agreement
To the communication server.
Further, broker security of the present invention includes communication customer end and environment sniff module;In the step (1)
In, by environment sniff module sniff wireless network environment and the network environment data of acquisition is sent to communication customer end, is communicated
Received network environment data is uploaded to the communication server by client.
Further, environment sniff module of the present invention obtains network environment data by the following method:
1) environment sniff module establishes web socket in application process, by the wireless network of web socket and wireless access point
Card binding;
2) environment sniff module captures the institute in network environment locating for the wireless network card by the wireless network card of wireless access point
There is wireless data packet, and wireless data packet is transmitted to from wireless network card by environment sniff module by web socket;
3) environment sniff module is that wireless data packet adds pcap format packet header, generates pcap formatted data, and is pcap format
Data add communication protocol packet header, obtain network environment data.
Further, detection system of the present invention includes that attack detection module and decision issue module;It executes by the following method
The step (2):
Attack detection module analyzing network circumstance data, judge whether there is network attack data;If it exists, then decision issues mould
The attack type that root tuber judges according to attack detection module transfers corresponding defence movement from database, and extracts network attack number
Attack signature information in;Decision issues module for defence movement and attack signature Information encapsulation into defence decision, and will prevent
Imperial decision is issued to SDN controller.
Compared with prior art, the beneficial effects of the present invention are: (1) is by being divided into environment for the detection defence of wireless network
Perception, intelligent measurement, three step of automatic defense are realized to wireless network attack from the complete closed loop for detecting defence.It (2) will be wireless
Access point captures network environment data packet as Technology of Network Sniffer, and universe network can be realized in the case where not depending on other equipment
Monitoring solves the problems, such as to rely on equipment dependence and limited coverage area caused by when specific sniffer is disposed in the prior art;
Largely expand Network Sniffing range, reduces Network Sniffing and environment sensing difficulty, realize large-scale network environment
Real-time perception.(3) complexity can be realized using the powerful calculating of cloud platform and storage capacity by attack detecting being deployed in cloud platform
Algorithm detection and data storage solve to cannot achieve algorithm detection and unitized prison since computing capability is limited in the prior art
The problem of control and storage.(4) wireless network is managed using SDN controller and realize automatic defense, solve prior art dependence
The problem of low efficiency is defendd caused by artificial defence or other defence tools realizes defence automation, improves protection efficiency.
Detailed description of the invention
Fig. 1 is the software definition roll-over protective structure composition of one embodiment of the present of invention.
Specific embodiment
The present invention is further elaborated with a specific embodiment below.The software that Fig. 1 shows the present embodiment is fixed
Adopted security architecture, is described as follows:
Wireless access point: for the exploitability for ensureing wireless access point, in the present embodiment, the operating system of wireless access point can
Using open source operating system.To make wireless access point adapt to OpenFLow agreement, and realize the access of SDN network, the present embodiment
Use Open vSwitch(OVS) as bridge inside wireless access point.In addition, also deploying a peace in wireless access point
Full Proxy device.Broker security is made of a communication customer end and an environment sniff module.In the present embodiment, it is contemplated that
The hardware limitation of wireless access point, communication customer end are CoAP client, and communication protocol is CoAP agreement.The present invention can also be used
The other applications layer communication protocol such as HTTP.After wireless access point booting, communication customer end starting, the communication service into cloud platform
Device transmission types are the CoAP data packet of CON, and the MAC Address of wireless access point is stored in the Token of data packet;The communication server
MAC Address by authenticating wireless access point is the insertion authority of wireless access point, establishes connection.After communication connection is established, nothing
The environment sniff module of line access point starts.Environment sniff module establishes web socket in application process first, and by net
Network socket and the wireless network card of wireless access point are bound;Then, the wireless network card of wireless access point captures locating for the network interface card
All wireless data packets in network environment transmit wireless data packet to environment sniff module local by web socket;Ring
Border sniff module is that wireless data packet adds pcap format packet header, generates pcap formatted data, and add for pcap formatted data
CoAP agreement packet header, obtains network environment data.Communication customer end is in real time by obtained network environment data in NON type
Reach the communication server in cloud platform.
Cloud platform: cloud platform can realize by open source cloud platform framework, such as OpenStack;Also existing cloud platform can be used
Service provider's product, such as Ali's cloud, AWS.In the present embodiment, a communication server, an inspection are at least disposed in cloud platform
Examining system and a database.The communication server comes from communication clients end data in wireless access point, communication protocol to receive
It is corresponding with communication customer end in wireless access point, it is in the present embodiment CoAP agreement;Detection system includes one for examining
The attack detection module and a decision for being used to issue decision for surveying attack issue module;It database purchase network log and is used for
The defence of defending against network attacks acts.At the beginning of communication connection is established, the communication server receives the communication in wireless access point
The authentication data packet of client, the communication server returns to ack msg packet after authenticating successfully, and stores in the option of data packet
Sign on.After communication connection is established, the communication server persistently receives the network of the communication customer end in wireless access point
Environmental data.The communication server stores network environment data to database, while networked environments data are transferred to detection system
System carries out attack detecting.In the present embodiment, the attack detection module in detection system is detected using algorithmic match.Of the invention
Attack detection module can also use other detection modes such as experts database matching detection, and the algorithm that algorithmic match detection uses can be with
It is the intelligent algorithms such as CNN, KNN, random forest.In the present embodiment, attack detection module is carried out using algorithmic match
Before attack detecting, first with data set training intelligent algorithm generating algorithm model;When detection attack, attack detection module will
Network environment data is input in trained algorithm model as input data, and the judging result of model output is then detection
As a result.The judging result of output may be normal or certain type flaw attack (such as flood attack, simulation attack, injection attacks).If
There is attack in testing result, the decision of detection system issues module and transfers corresponding defence from database according to attack type
It acts (drop, block, hopping), and the attack signature information in extracting attack data.Attack signature information is according to attack
Type and defence movement difference and it is different, corresponding setting need to be done as the case may be, for example, attacking for flood attack and injection
It hits, corresponding defence movement can be " drop ", and attack signature information is the source MAC of Attacking Packets;And interference is attacked
It hits, corresponding defence movement can be " hopping ", and attack signature information is then purpose MAC Address, channel number.Finally, under decision
Defence movement and attack signature information are packaged into defence decision with JSON data format by hair module, and will be prevented by http protocol
Imperial decision is issued to SDN controller.
SDN controller: after SDN controller receives the defence decision from cloud platform, firewall is according in defence decision
Hold and generate network flow table, the defence in action item filling defence decision in flow table acts, filling defence decision in object item
In attack signature information.Firewall passes through the packet-out message of OpenFLow agreement, by the network flow table issuance of generation
To the wireless access point in a wireless local area network in all network forwarding equipment.OVS bridge root in wireless access point
Defence movement is executed according to flow table information, realizes network automatic defense.
Below by taking flood attack as an example, just primary typical detection defence of the invention is illustrated with specific embodiment.
Wireless access point booting, starts communication customer end.Communication customer end in wireless access point is first and in cloud platform
The communication server be attached certification.If authentification failure, wireless access point returns to error message, EP (end of program).If certification at
Function, cloud platform return to sign on to wireless access point, and wireless access point receives startup environment sniff module after sign on, ring
The network data of wireless network where border sniff module is captured by the wireless network card of wireless access point, and add pcap data lattice
Formula and CoAP agreement packet header generate network environment data packet.The net that communication customer end constantly captures environment sniff module
Network environmental data is uploaded to the communication server in cloud platform by CoAP agreement.
There are attackers in network environment locating for wireless access point, and attacker is by largely recognizing wireless access point transmission
Data packet is demonstrate,proved as Attacking Packets and implements flood attack.These Attacking Packets are caught by the environment sniff module of wireless access point
It obtains and is mingled in proper network environmental data and be uploaded to cloud platform.
The communication server in cloud platform parses data packet after receiving network environment data packet, by the network environment after parsing
Data are stored in database.Meanwhile network environment data is input to training by the attack detection module in cloud platform detection system
Attack detecting is carried out in good CNN model.Due to having the Attacking Packets of flood attack, attack detecting mould in network environment data
Block detects Attacking Packets, and determines attack type for flood attack.
According to the attack type that attack detection module determines, the decision of detection system issues module and transfers flood from database
The defence movement of model attack, is herein " drop ", and it is to abandon all numbers from certain MAC Address that this, which acts specific defense mechanism,
According to packet.Meanwhile being acted according to attack type and defence, decision issues the attack signature information in module extracting attack data packet,
It is herein source MAC.
Decision issues module for attack signature information and defence movement with the encapsulation of JSON format, and is forwarded by http protocol
To SDN controller.
After SDN controller receives the message from cloud platform, firewall parsing defence decision, according to anti-in defence decision
Imperial movement and attack signature information generate network flow table, are issued to wireless access with the packet-out message of Openflow agreement
Network forwarding equipment all in WLAN where point.
Increasing a movement on the OVS bridge of wireless access point newly is " drop ", and object is the network flow of above-mentioned MAC Address
Table, OVS bridge will abandon all data-messages from the MAC Address, complete cyber-defence.
Circulation wireless access point capture network environment data and the mistake for being uploaded to the detection attack of cloud platform attack detection system
Journey, once detecting attack data, then cloud platform and SDN controller respond, defensive attack, to protect network.
Claims (5)
1. a kind of wireless network secure based on software definition security architecture defends method, it is characterised in that: fixed in the software
In adopted security architecture, the wireless access point of physical layer includes broker security, and the cloud platform of application layer includes database, communication clothes
Business device and detection system, the SDN controller of control layer include firewall;The wireless network secure defence method includes following step
It is rapid:
(1) broker security sniff wireless network environment, and network environment data is uploaded to the communication server;The communication server pair
The network environment data packet received is parsed, and the network environment data after parsing is deposited into the database;
(2) it whether there is network attack data in the network environment data after detection system detection parsing, and if it exists, then detection system
System acts and from network attack data according to the attack type in network attack data from corresponding defence is transferred in database
Extracting attack characteristic information by defence movement and attack signature Information encapsulation at defence decision, and issues defence decision and controls to SDN
Device processed;
(3) firewall in SDN controller, which is acted according to defence to network forwarding equipment, issues network flow table, network forwarding equipment
Corresponding defence movement is executed according to the network flow table received.
2. wireless network secure according to claim 1 defends method, it is characterised in that: in the step (1), safety
Proxy server uploads network environment data to the communication server using CoAP agreement.
3. wireless network secure according to claim 1 or 2 defends method, it is characterised in that: broker security includes logical
Believe client and environment sniff module;In the step (1), by environment sniff module sniff wireless network environment and it will obtain
Network environment data be sent to communication customer end, received network environment data is uploaded to communication clothes by communication customer end
Business device.
4. wireless network secure according to claim 3 defends method, it is characterised in that: environment sniff module is pressed with lower section
Method obtains network environment data:
1) environment sniff module establishes web socket in application process, by the wireless network of web socket and wireless access point
Card binding;
2) environment sniff module captures the institute in network environment locating for the wireless network card by the wireless network card of wireless access point
There is wireless data packet, and wireless data packet is transmitted to from wireless network card by environment sniff module by web socket;
3) environment sniff module is that wireless data packet adds pcap format packet header, generates pcap formatted data, and is pcap format
Data add communication protocol packet header, obtain network environment data.
5. wireless network secure according to any one of claim 1 to 4 defends method, it is characterised in that: detection system
Module is issued including attack detection module and decision;The step (2) are executed by the following method:
Attack detection module analyzing network circumstance data, judge whether there is network attack data;If it exists, then decision issues mould
The attack type that root tuber judges according to attack detection module transfers corresponding defence movement from database, and extracts network attack number
Attack signature information in;Decision issues module for defence movement and attack signature Information encapsulation into defence decision, and will prevent
Imperial decision is issued to SDN controller.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910518416.5A CN110366170A (en) | 2019-06-15 | 2019-06-15 | A kind of wireless network secure defence method based on software definition safety |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910518416.5A CN110366170A (en) | 2019-06-15 | 2019-06-15 | A kind of wireless network secure defence method based on software definition safety |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110366170A true CN110366170A (en) | 2019-10-22 |
Family
ID=68217314
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910518416.5A Pending CN110366170A (en) | 2019-06-15 | 2019-06-15 | A kind of wireless network secure defence method based on software definition safety |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110366170A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116319114A (en) * | 2023-05-25 | 2023-06-23 | 广州鲁邦通物联网科技股份有限公司 | Method and system for network intrusion detection |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104468624A (en) * | 2014-12-22 | 2015-03-25 | 上海斐讯数据通信技术有限公司 | SDN controller, routing/switching device and network defending method |
CN104580168A (en) * | 2014-12-22 | 2015-04-29 | 华为技术有限公司 | Method, device and system for processing attack data packages |
US20160381069A1 (en) * | 2012-06-11 | 2016-12-29 | Radware, Ltd. | Techniques for traffic diversion in software defined networks for mitigating denial of service attacks |
CN108063747A (en) * | 2016-11-09 | 2018-05-22 | 北京君正集成电路股份有限公司 | Wireless data processing method and apparatus |
-
2019
- 2019-06-15 CN CN201910518416.5A patent/CN110366170A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160381069A1 (en) * | 2012-06-11 | 2016-12-29 | Radware, Ltd. | Techniques for traffic diversion in software defined networks for mitigating denial of service attacks |
CN104468624A (en) * | 2014-12-22 | 2015-03-25 | 上海斐讯数据通信技术有限公司 | SDN controller, routing/switching device and network defending method |
CN104580168A (en) * | 2014-12-22 | 2015-04-29 | 华为技术有限公司 | Method, device and system for processing attack data packages |
CN108063747A (en) * | 2016-11-09 | 2018-05-22 | 北京君正集成电路股份有限公司 | Wireless data processing method and apparatus |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116319114A (en) * | 2023-05-25 | 2023-06-23 | 广州鲁邦通物联网科技股份有限公司 | Method and system for network intrusion detection |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Zhijun et al. | Low-rate DoS attacks, detection, defense, and challenges: A survey | |
Yu et al. | An efficient SDN-based DDoS attack detection and rapid response platform in vehicular networks | |
US11695792B2 (en) | Leveraging synthetic traffic data samples for flow classifier training | |
US11032314B2 (en) | Triggering targeted scanning to detect rats and other malware | |
CN103905451B (en) | System and method for trapping network attack of embedded device of smart power grid | |
CN110224990A (en) | A kind of intruding detection system based on software definition security architecture | |
US11570166B2 (en) | Semi-active probing framework to gather threat intelligence for encrypted traffic and learn about devices | |
Casola et al. | A security monitoring system for internet of things | |
CN107733851A (en) | DNS tunnels Trojan detecting method based on communication behavior analysis | |
Hofmann et al. | Online intrusion alert aggregation with generative data stream modeling | |
Igbe et al. | Deterministic dendritic cell algorithm application to smart grid cyber-attack detection | |
Jankowski et al. | Intrusion Detection in Software Dened Networks with Self-organized Maps: Dened | |
Osanaiye et al. | TCP/IP header classification for detecting spoofed DDoS attack in Cloud environment | |
US20230115046A1 (en) | Network security system for preventing unknown network attacks | |
SG184120A1 (en) | Method of identifying a protocol giving rise to a data flow | |
CN106899978A (en) | A kind of wireless network attack localization method | |
CN110213233A (en) | Defend the emulation platform and method for building up of power grid distributed denial of service attack | |
Fenil et al. | Towards a secure software defined network with adaptive mitigation of dDoS attacks by machine learning approaches | |
Pashamokhtari et al. | Progressive monitoring of iot networks using sdn and cost-effective traffic signatures | |
Farea et al. | Detections of iot attacks via machine learning-based approaches with cooja | |
CN110366170A (en) | A kind of wireless network secure defence method based on software definition safety | |
Wang et al. | DDoS attacks traffic and Flash Crowds traffic simulation with a hardware test center platform | |
US20240114052A1 (en) | Network security system for preventing spoofed ip attacks | |
Lin et al. | RICSel21 data collection: Attacks in a virtual power network | |
Heigl et al. | A resource-preserving self-regulating Uncoupled MAC algorithm to be applied in incident detection |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20191022 |