CN110505212A - A kind of Internet of Things virtual secure equipment based on MiddleBox - Google Patents
A kind of Internet of Things virtual secure equipment based on MiddleBox Download PDFInfo
- Publication number
- CN110505212A CN110505212A CN201910672683.8A CN201910672683A CN110505212A CN 110505212 A CN110505212 A CN 110505212A CN 201910672683 A CN201910672683 A CN 201910672683A CN 110505212 A CN110505212 A CN 110505212A
- Authority
- CN
- China
- Prior art keywords
- internet
- things
- virtual secure
- equipment
- virtual
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
The present invention provides a kind of Internet of Things virtual secure equipment based on MiddleBox of the Prevention-Security of the safety management and the automation that can be realized internet of things equipment, the system includes: internet of things equipment layer, Internet of Things control layer and be arranged between layers of physical devices and Internet of Things control layer virtual MiddleBox layers, wherein, layers of physical devices communication link is connected at least one entity device, Internet of Things control layer is equipped with internet of things net controller, for controlling entity device, at least one virtual secure equipment of virtual MiddleBox layer building, virtual secure equipment and entity device, which correspond, to be communicated to connect;The flow of the disengaging of all entity devices of layers of physical devices, access can all be forwarded to virtual secure equipment, if virtual secure equipment detects security threat, virtual secure equipment can carry out automatic processing according to preset security strategy, carry out real-time blocking to malicious access;Access data are just transmitted to entity device when only virtual secure equipment is detected as safe.
Description
Technical field
The invention belongs to internet of things field, more particularly to the safety management that can be realized internet of things equipment and automatically
A kind of Internet of Things virtual secure equipment based on MiddleBox of the Prevention-Security of change.
Background technique
Since internet of things equipment is usually resource-constrained low power consuming devices, traditional mean of defense such as anti-virus is soft
Part, firewall, which is difficult to be directly mounted on device systems, resists security threat, is attacked so that internet of things equipment readily becomes
The target hit and utilized.In addition, the internet of things equipment largely left is there are weak password, hard coded at present and firmware is non-renewable asks
Topic, so that the safety management of internet of things equipment becomes the problem of urgent need to resolve.
Tianlong Yu et al. points out that traditional safety defense method cannot capture Internet of things system dynamic environment and across setting
It the problems such as standby interactive information, should, challenge model study abstract from security strategy and three sides of dynamic and context-aware ability
Again think deeply Internet of Things safety problem in face.It is also proposed that utilizing the frame mould based on software definition in the Internet of Things white paper of Cisco
Type simplifies IoT management process.TONG XU et al. proposes a kind of low cost intelligent security mechanism (SSM) based on SDN to support
Imperial new-flow attack.It is attacked by using the standard asynchronous message detection new-flow of Quality Initiative road, and flow is reset
Attack stream is intercepted to security middleware, and then according to access control rule.Sivanathan et al. design realizes
A kind of low cost intelligent home equipment safety defense system based on stream, the system include a home gateway based on SDN and
One analysis engine, is interacted by north orientation API and SDN controller, and given traffic streams are mirrored to analysis engine, Jin Erzhu
The network activity of dynamic monitoring internet of things equipment.Dai W etc. proposes base by the function and demand for security of definition IoT tenant network
In the safe IoT tenant network architecture of SDN, to solve the problems, such as that administrator right is excessive or abuses in IoT tenant network.
Since internet of things equipment is resource-constrained, firmware update is relatively difficult, and installing safety analysis tool wherein is to compare
Difficult.And this difficulty can be overcome by virtualizing mode, can use the safety that virtual secure function carries out internet of things equipment
State-detection and defence.However, only in virtual secure function example by capture data packet to network flow, port etc. into
Row detection is only capable of being detected and being defendd in network layer, can not obtain the operation data and safe condition of equipment built-in system layer,
To which system-wide security monitoring can not be carried out.
Summary of the invention
The present invention is to carry out to solve the above-mentioned problems, and it is an object of the present invention to provide can be realized the safety of internet of things equipment
A kind of Internet of Things virtual secure equipment based on MiddleBox of the Prevention-Security of management and automation.
The Internet of Things virtual secure equipment based on MiddleBox that the present invention provides a kind of characterized by comprising object
Networked devices layer, Internet of Things control layer and the virtual MiddleBox being arranged between layers of physical devices and Internet of Things control layer
Layer, wherein layers of physical devices communication link is connected at least one entity device, and Internet of Things control layer is equipped with internet of things net controller, uses
Controlled in entity device, at least one virtual secure equipment of virtual MiddleBox layer building, virtual secure equipment with
Entity device corresponds communication connection, and each virtual secure equipment is used for internet of things net controller and corresponding entity device
Content of Communication carries out security management and control.
In a kind of Internet of Things virtual secure equipment based on MiddleBox provided by the invention, can also have in this way
Feature, wherein virtual secure equipment includes at least: system safety detection and defense module, network security detection and defence mould
Block, safety state analysis module, security policy manager module, communication module, equipment firmware and QEMU module.
In a kind of Internet of Things virtual secure equipment based on MiddleBox provided by the invention, can also have in this way
Feature, wherein system safety detection and defense module are for being detected and being defendd to the loophole of entire Internet of things system.
In a kind of Internet of Things virtual secure equipment based on MiddleBox provided by the invention, can also have in this way
Feature, wherein network security detection and defense module carry out the inspection of network layer attack by analysis internet of things data stream
It surveys and defence, the network security detection and defense module constructs multiple network security function units, include at least: virtual fire prevention
Wall, IDS, IPS.
In a kind of Internet of Things virtual secure equipment based on MiddleBox provided by the invention, can also have in this way
Feature, wherein the network state and system mode of safety state analysis module real-time collecting entity device carry out safety analysis,
And security strategy is assessed the security risk of entity device and is adjusted, to realize automation defence.
In a kind of Internet of Things virtual secure equipment based on MiddleBox provided by the invention, can also have in this way
Feature, wherein communication module between virtual secure equipment and entity device communication and virtual secure equipment and object
Communication between director of networking.
In a kind of Internet of Things virtual secure equipment based on MiddleBox provided by the invention, can also have in this way
Feature, wherein virtual secure equipment have programmable interface, by programming generate new security function in real time.
In a kind of Internet of Things virtual secure equipment based on MiddleBox provided by the invention, can also have in this way
Feature, wherein internet of things net controller is distributed deployment, and internet of things net controller includes at least: virtual MiddleBox manages mould
Block, network stream management module, security policy manager module and network monitoring module.
In a kind of Internet of Things virtual secure equipment based on MiddleBox provided by the invention, can also have in this way
Feature, wherein security policy manager module be responsible for strategy consistency and security inspection, once discovery strategy conflict, then
Automation solution is carried out, to realize automation strategy defence.
In a kind of Internet of Things virtual secure equipment based on MiddleBox provided by the invention, can also have in this way
Feature, wherein virtual MiddleBox layers also construct at least one context-aware controller, with virtual secure equipment one
One is correspondingly connected with and between virtual secure equipment and internet of things net controller, when network stream management module detects Internet of Things
When data flow is related to multiple entity devices, current internet of things data stream, which will be sent in context-aware monitor, to be carried out
Detection, and performed corresponding processing based on corresponding security strategy.
The action and effect of invention
A kind of Internet of Things virtual secure equipment based on MiddleBox involved according to the present invention, layers of physical devices
The flow of the disengaging of all entity devices, access can all be forwarded to virtual secure equipment, virtual secure equipment as monitor,
The flow of monitoring disengaging entity device, if virtual secure equipment detects security threat, virtual secure equipment can be according to pre-
The security strategy set carries out automatic processing, carries out real-time blocking to malicious access;Only virtual secure equipment is detected as safety
When just by access data be transmitted to entity device;Virtual secure equipment of the invention is based on MiddleBox and constructs various virtual peaces
Global function, real-time monitoring system flow obtains the safe condition of internet of things equipment system, and realizes the Prevention-Security of automation,
Elastic, adaptive, appreciable safety is provided for internet of things equipment, realizes the dynamic safety management of internet of things equipment.
Detailed description of the invention
Fig. 1 is a kind of system architecture of the Internet of Things virtual secure equipment based on MiddleBox in the embodiment of the present invention
Figure.
Fig. 2 is virtual internet of things equipment figure in the embodiment of the present invention.
Fig. 3 is a kind of motion flow of the Internet of Things virtual secure equipment based on MiddleBox in the embodiment of the present invention
Figure.
Specific embodiment
The present invention is further illustrated below by the mode of embodiment, but does not therefore limit the present invention to the reality
It applies among a range.
<embodiment>
Fig. 1 is a kind of system architecture of the Internet of Things virtual secure equipment based on MiddleBox in the embodiment of the present invention
Figure.
As shown in Figure 1, in the present embodiment, a kind of Internet of Things virtual secure equipment 100 based on MiddleBox includes:
Internet of things equipment layer 10, Internet of Things control layer 20 and it is arranged in virtual between layers of physical devices and Internet of Things control layer
MiddleBox layer 30.
Layers of physical devices 10 refers mainly to the internet of things equipment of entity, and there are six entity devices 11 for communication connection, and entity is set
Standby namely true internet of things equipment, these equipment can be by agreements such as MQTT, HTTP, COAP or TCP/IP and virtual
MiddleBox layer 30 communicates.
Internet of Things control layer 20 is equipped with internet of things net controller 21, for controlling all entity devices 11.
Virtual MiddleBox layer 30 constructs six virtual secure equipment 31 and six context-aware controllers 32.Six
A virtual secure equipment 31, one end connect one to one with six context-aware controllers 32, and the other end is set with six entities
Standby 11 correspond communication connection, and each virtual secure equipment 31 is used for internet of things net controller 21 and corresponding entity device 11
Content of Communication carry out security management and control.
As shown in Figure 1, internet of things net controller 21 is distributed deployment, to prevent centralized management bring Single Point of Faliure etc. from asking
Topic.Internet of things net controller 21 includes at least: virtual MiddleBox management module 22, network stream management module 23, security strategy pipe
Manage module 24 and network monitoring module 25.Internet of things net controller 21 is responsible for management and monitors all virtual secure equipment 31,
And security policy manager, traffic management are carried out for each virtual secure equipment 31, to achieve the purpose that network monitoring.Each reality
Body equipment 11 has the virtual secure equipment 31 based on MiddleBox.
In the present embodiment, the structure and function of six virtual secure equipment 31 and six context-aware controllers 32 are complete
Exactly the same, the entity device only connected in corresponding internet of things equipment layer 10 is possible to different, here only to one of empty
Quasi- safety equipment 31 and a context-aware controller 32 specifically, omit to other five virtual secure equipment 31
It is described in detail.
Fig. 2 is virtual internet of things equipment figure in the embodiment of the present invention.
As shown in Fig. 2, each virtual secure equipment 31 includes at least: system safety detection and defense module 311, network are pacified
Full inspection is surveyed and defense module 312, safety state analysis module 313, security policy manager module 314, communication module 315, equipment
Firmware 316 and QEMU module 317.
System safety detection is with defense module 311 for the loophole of entire Internet of things system to be detected and defendd.
Network security detection and defense module 312 carry out the detection of network layer attack by analysis internet of things data stream
With defence, the network security detection and defense module construct multiple network security function units, include at least: virtual fire prevention
Wall, IDS, IPS, to detect the attack of network layer and be on the defensive.
The network state and system mode of 313 real-time collecting entity device of safety state analysis module carry out safety analysis,
And security strategy is assessed the security risk of entity device and is adjusted, to realize automation defence.
Security policy manager module 314 be responsible for strategy consistency and security inspection, once discovery strategy conflict, then into
Row automation solves, to realize automation strategy defence.
Communication module 315 is for the communication and virtual secure equipment and Internet of Things between virtual secure equipment and entity device
Communication between net controller.
Equipment firmware 316 and QEMU module 317 are true to analog machine based on QEMU simulation internet of things equipment firmware
System environments, facility environment based on simulation simulate any operation and access to entity device 11, to detect its safety wind
Danger.Entity device can be just sent to by only detecting the data packet passed through and access, to realize the safety behavior to system layer
It is monitored with threat.The virtualization software QEMU of mainstream at present, it is already possible to some internet of things equipment are supported, such as mainstream
The virtualization of ARM context3 can transport so that equipment firmware includes operating system and application under virtualized environment
Row.It, can since the Internet of Things virtual unit based on QEMU and firmware simulation has system running environment identical with entity device
It is detected with providing more fully system level.System vulnerability detection function various is such as buffered what is occurred in real-time discovery system
The risks such as area's spilling, configuration error, while monitoring device distorts the harmful operations of system configuration, damage system safety.
Meanwhile virtual secure equipment 31 is also equipped with isolation features, accesses the other equipment of Intranet to an entity device 11
Access is controlled, and after preventing an entity device to be broken, jeopardizes the equipment in other same network segments.For isolation logic, often
A entity device 11 has a dedicated strategy enforced by its particular virtual safety equipment 31, therefore single entity equipment 11
Policy update will not influence other equipment.
In addition, virtual secure equipment 31 is designed based on the virtual functional units that can be combined, and programmable functions are provided, thus
Generate new virtual secure function with can be convenient.These virtual secure functions will operate in the credible container of security isolation,
To provide credible protection.Once virtual secure equipment will prevent malicious data from sending to it was found that the data flow entered is problematic
Physical equipment.
Each context-aware controller 32 connect one to one virtual secure equipment 31 and internet of things net controller 21 it
Between, when network stream management module detects that internet of things data stream is related to multiple entity devices, current internet of things data stream
It will be sent in context-aware monitor and detect, and be performed corresponding processing based on corresponding security strategy, thus
Control the secure access across internet of things equipment.
Fig. 3 is a kind of motion flow of the Internet of Things virtual secure equipment based on MiddleBox in the embodiment of the present invention
Figure.
As shown in figure 3, a kind of motion flow of the Internet of Things virtual secure equipment 100 based on MiddleBox specifically:
The flow of all disengaging of entity device 11, access can all be forwarded to virtual secure equipment 31.If flow is related to
To multiple entity devices 11, flow will be sent in context-aware monitor 32 and detect, if violating context
Rule, system perform corresponding processing the security strategy issued according to internet of things net controller 21, such as intercept or alert;Otherwise it says
Free flow amount is legal, sends the flow in the entity device 11 of Internet of Things.If it is the flow for belonging to single entity equipment 11,
Flow will be sent to single virtual safety equipment 31.Single virtual safety equipment 31 carries out the detection of network behavior to flow,
If flow is legal, continue the detection that system action is carried out to flow, the plan that otherwise will be issued according to internet of things net controller 21
It is slightly acted accordingly, such as intercepts and alert.If carrying out the legal as the result is shown of system action detection to flow, system will
The flow is sent to Internet of Things entity device 11, the strategy that otherwise virtual secure equipment 31 will be issued according to internet of things net controller 21
It is acted accordingly, such as intercepts and alert.Internet of things net controller 21 formulates corresponding security strategy and carries out traffic management.Object
21 security policy manager of director of networking is also responsible for the consistency and safety inspection of strategy, once discovery strategy conflict, Ying Jinhang
Automation solves, to realize the strategy defence of automation.
The action and effect of embodiment
A kind of Internet of Things virtual secure equipment based on MiddleBox according to involved in the present embodiment, system can be every
One or one virtual secure equipment of every a kind of equipment distribution, the flow of the disengaging of all entity devices of layers of physical devices,
Access can all be forwarded to virtual secure equipment, and virtual secure equipment passes in and out the flow of entity device as monitor, monitoring, such as
Fruit virtual secure equipment detects security threat, and virtual secure equipment can carry out at automation according to preset security strategy
Reason carries out real-time blocking to malicious access;Access data are just transmitted to entity when only virtual secure equipment is detected as safe
Equipment;The virtual secure equipment of the present embodiment is based on MiddleBox and constructs various virtual secure functions, real-time monitoring system stream
Amount obtains the safe condition of internet of things equipment system, and realizes the Prevention-Security of automation, for internet of things equipment provide it is elastic,
Adaptively, appreciable safety realizes the dynamic safety management of internet of things equipment.
The communication system of the present embodiment passes through to the various virtual secure functions of virtual secure device build, real-time monitoring system
Flow, and the network layer and system layer safe condition of internet of things equipment are obtained, to realize single or same class entity device
State obtain and security monitoring compared to previous research provided required isolation, context and agility.This is virtually pacified
Full equipment exists as monitor, can monitor flow in real time, detects abnormal and filtering fallacious data packet, provides comprehensive net
Network detection and defense mechanism.
Secondly, the system not only can provide security mechanism from network level, equipment built-in system layer is also provided
Safety detection obtains the system-wide safe condition of equipment, realizes system-wide internet of things equipment safety detection and defence.And
And system research virtual secure equipment and physical equipment interaction mechanism, virtual secure function policy is designed, automation solves
Equipment safety problem.
In the present embodiment, the quantity of entity device is six, and the quantity of virtual secure equipment is six;And in the present invention
In, the quantity of entity device is other any amounts, and the quantity of virtual secure equipment is other any amounts;Also, entity is set
Standby can both connect one to one with virtual secure equipment can be with the corresponding multiple entity devices of a virtual secure equipment.
Although specific embodiments of the present invention have been described above, it will be appreciated by those of skill in the art that this is only
For example, protection scope of the present invention is to be defined by the appended claims.Those skilled in the art without departing substantially from
Under the premise of the principle and substance of the present invention, many changes and modifications may be made, but these change and
Modification each falls within protection scope of the present invention.
Claims (10)
1. a kind of Internet of Things virtual secure equipment based on MiddleBox characterized by comprising
Internet of things equipment layer, Internet of Things control layer and it is arranged between the layers of physical devices and the Internet of Things control layer
It is MiddleBox layers virtual,
Wherein, the layers of physical devices communication link is connected at least one entity device,
The Internet of Things control layer is equipped with internet of things net controller, for controlling the entity device,
At least one virtual secure equipment of the virtual MiddleBox layer building, the virtual secure equipment and the entity
Equipment corresponds communication connection, and each virtual secure equipment is used for the internet of things net controller and the corresponding reality
The Content of Communication of body equipment carries out security management and control.
2. a kind of Internet of Things virtual secure equipment based on MiddleBox according to claim 1, it is characterised in that:
Wherein, the virtual secure equipment includes at least: system safety detection and defense module, network security detection and defence mould
Block, safety state analysis module, security policy manager module, communication module, equipment firmware and QEMU module.
3. a kind of Internet of Things virtual secure equipment based on MiddleBox according to claim 2, it is characterised in that:
Wherein, the system safety detection is with defense module for the loophole of entire Internet of things system to be detected and defendd.
4. a kind of Internet of Things virtual secure equipment based on MiddleBox according to claim 2, it is characterised in that:
Wherein, the network security detection and defense module carry out the inspection of network layer attack by analysis internet of things data stream
It surveys and defends,
The network security detection and defense module construct multiple network security function units, include at least: virtual firewall,
IDS、IPS。
5. a kind of Internet of Things virtual secure equipment based on MiddleBox according to claim 2, it is characterised in that:
Wherein, the network state and system mode of entity device described in the safety state analysis module real-time collecting carry out safety
Analysis, and security strategy is assessed the security risk of the entity device and is adjusted, to realize automation defence.
6. a kind of Internet of Things virtual secure equipment based on MiddleBox according to claim 2, it is characterised in that:
Wherein, the communication module is for communication between the virtual secure equipment and the entity device and described virtual
Communication between safety equipment and the internet of things net controller.
7. a kind of Internet of Things virtual secure equipment based on MiddleBox according to claim 2, it is characterised in that:
Wherein, the virtual secure equipment has programmable interface, generates new security function in real time by programming.
8. a kind of Internet of Things virtual secure equipment based on MiddleBox according to claim 1, it is characterised in that:
Wherein, the internet of things net controller is distributed deployment, and the internet of things net controller includes at least: virtual MiddleBox
Management module, network stream management module, security policy manager module and network monitoring module.
9. a kind of Internet of Things virtual secure equipment based on MiddleBox according to claim 8, it is characterised in that:
Wherein, the security policy manager module is responsible for the consistency and security inspection of strategy, once discovery strategy conflict, then
Automation solution is carried out, to realize automation strategy defence.
10. a kind of Internet of Things virtual secure equipment based on MiddleBox according to claim 8, it is characterised in that:
Wherein, it also constructs at least one context-aware controller for described virtual MiddleBox layers, is set with the virtual secure
It is standby to connect one to one and between the virtual secure equipment and the internet of things net controller,
When the network stream management module detects that internet of things data stream is related to multiple entity devices, current Internet of Things
Network data stream will be sent in the context-aware monitor and detect, and be carried out accordingly based on corresponding security strategy
Processing.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910672683.8A CN110505212B (en) | 2019-07-24 | 2019-07-24 | Internet of things virtual safety equipment based on Middlebox |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910672683.8A CN110505212B (en) | 2019-07-24 | 2019-07-24 | Internet of things virtual safety equipment based on Middlebox |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110505212A true CN110505212A (en) | 2019-11-26 |
CN110505212B CN110505212B (en) | 2020-10-13 |
Family
ID=68586775
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910672683.8A Active CN110505212B (en) | 2019-07-24 | 2019-07-24 | Internet of things virtual safety equipment based on Middlebox |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110505212B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111556132A (en) * | 2020-04-26 | 2020-08-18 | 湖南大学 | Method and system for generating intelligent defense schematic diagram for industrial Internet of things |
CN112118577A (en) * | 2020-09-18 | 2020-12-22 | 国网山东省电力公司青岛供电公司 | SDN virtual honeypot-based IoT network attack reduction system and method |
CN115065531A (en) * | 2022-06-14 | 2022-09-16 | 天津理工大学 | SDN-based moving target defense method for IoT network sniffing attack |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101030860A (en) * | 2007-02-15 | 2007-09-05 | 华为技术有限公司 | Method and apparatus for preventing server from being attacked by automatic software |
CN104283881A (en) * | 2014-10-11 | 2015-01-14 | 上海华和得易信息技术发展有限公司 | Method and system for certificate authority and safety use of sensing equipment of Internet of Things |
WO2018211274A1 (en) * | 2017-05-16 | 2018-11-22 | Arm Ltd | Blockchain for securing and/or managing iot network-type infrastructure |
CN109995583A (en) * | 2019-03-15 | 2019-07-09 | 清华大学深圳研究生院 | A kind of scalable appearance method and system of NFV cloud platform dynamic of delay guaranteed |
-
2019
- 2019-07-24 CN CN201910672683.8A patent/CN110505212B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101030860A (en) * | 2007-02-15 | 2007-09-05 | 华为技术有限公司 | Method and apparatus for preventing server from being attacked by automatic software |
CN104283881A (en) * | 2014-10-11 | 2015-01-14 | 上海华和得易信息技术发展有限公司 | Method and system for certificate authority and safety use of sensing equipment of Internet of Things |
WO2018211274A1 (en) * | 2017-05-16 | 2018-11-22 | Arm Ltd | Blockchain for securing and/or managing iot network-type infrastructure |
CN109995583A (en) * | 2019-03-15 | 2019-07-09 | 清华大学深圳研究生院 | A kind of scalable appearance method and system of NFV cloud platform dynamic of delay guaranteed |
Non-Patent Citations (1)
Title |
---|
戚建淮等: "基于SDN/NFV构建防火云平台", 《通信技术》 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111556132A (en) * | 2020-04-26 | 2020-08-18 | 湖南大学 | Method and system for generating intelligent defense schematic diagram for industrial Internet of things |
CN112118577A (en) * | 2020-09-18 | 2020-12-22 | 国网山东省电力公司青岛供电公司 | SDN virtual honeypot-based IoT network attack reduction system and method |
CN112118577B (en) * | 2020-09-18 | 2023-10-13 | 国网山东省电力公司青岛供电公司 | SDN virtual honeypot-based IoT network attack reduction system and method |
CN115065531A (en) * | 2022-06-14 | 2022-09-16 | 天津理工大学 | SDN-based moving target defense method for IoT network sniffing attack |
CN115065531B (en) * | 2022-06-14 | 2023-09-08 | 天津理工大学 | SDN-based mobile target defense method for IoT network sniffing attack |
Also Published As
Publication number | Publication date |
---|---|
CN110505212B (en) | 2020-10-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3111433B1 (en) | Wireless sensor network | |
US10297128B2 (en) | Wireless sensor network | |
US7793138B2 (en) | Anomaly detection for storage traffic in a data center | |
CN102244622B (en) | Virtual gateway protection method, virtual security gateway and system for server virtualization | |
CN110505212A (en) | A kind of Internet of Things virtual secure equipment based on MiddleBox | |
WO2018095098A1 (en) | Network security protection method and device | |
US20170093923A1 (en) | Creating Additional Security Containers For Transparent Network Security For Application Containers Based On Conditions | |
CN101645873B (en) | Method for realizing network isolation in environments of computer and virtual machine | |
Radoglou-Grammatikis et al. | Attacking iec-60870-5-104 scada systems | |
US20140317737A1 (en) | Hypervisor-based intrusion prevention platform and virtual network intrusion prevention system | |
US9245147B1 (en) | State machine reference monitor for information system security | |
JP2018538633A (en) | Dual memory introspection to secure multiple network endpoints | |
CN104219218A (en) | Active safety defense method and active safety defense device | |
GB2532630A (en) | Network intrusion alarm method and system for nuclear power station | |
CN107566359A (en) | A kind of intelligent fire-proofing wall system and means of defence | |
CN113783871A (en) | Micro-isolation protection system adopting zero trust architecture and protection method thereof | |
CN110474913A (en) | Virtualization means of defence and terminal under a kind of cloud environment | |
CN103975331A (en) | Data center infrastructure management system incorporating security for managed infrastructure devices | |
CN110381082B (en) | Mininet-based attack detection method and device for power communication network | |
Das et al. | On the edge realtime intrusion prevention system for DoS attack | |
CN114465743B (en) | Data flow monitoring and analyzing method | |
CN109450848B (en) | Method and device for defending Docker east-west flow invasion | |
CN106528267A (en) | Xen privileged domain-based network communication monitoring system and method | |
Zhang et al. | Securing the Internet of Things: Need for a New Paradigm and Fog Computing | |
CN109561102A (en) | Dynamic security method is virtualized for the URL of automation attack |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |