CN110611637B - Online network threat detection method and system based on VPN flow traction - Google Patents
Online network threat detection method and system based on VPN flow traction Download PDFInfo
- Publication number
- CN110611637B CN110611637B CN201810611863.0A CN201810611863A CN110611637B CN 110611637 B CN110611637 B CN 110611637B CN 201810611863 A CN201810611863 A CN 201810611863A CN 110611637 B CN110611637 B CN 110611637B
- Authority
- CN
- China
- Prior art keywords
- detection
- malicious
- cloud
- threat
- traffic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0823—Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
- H04L41/0826—Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability for reduction of network costs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
The invention provides an online network threat detection method and system based on VPN flow traction, wherein the method comprises the following steps: building a cloud online system, wherein the cloud online system is composed of at least one cloud server; building a VPN service on the cloud server; deploying bypass malicious threat traffic detection equipment at a high-bandwidth network channel gateway; the detection target is connected with the cloud online system through the VPN account; the cloud online system pulls the network traffic of the detection target to bypass malicious threat traffic detection equipment; and detecting the received network traffic by the bypass malicious threat traffic detection equipment, and storing a detection result for a detection target to check. The invention also provides a corresponding system, and by adopting the technical scheme of the invention, the threat flow detection equipment is deployed online, the detection equipment can be shared, the maintenance of the detection equipment is facilitated, and the equipment deployment and labor cost are reduced.
Description
Technical Field
The invention relates to the field of computer network security, in particular to an online network threat detection method and system based on VPN flow traction.
Background
The existing network threat detection, positioning and evidence obtaining technology only uses an off-line portable tool to a gateway of a detection target or even a single machine to carry out manual deployment tool to complete detection. In the tool deployment, threat detection and positioning processes, the conventional malicious traffic threat detection equipment needs to be deployed in a terminal device of a detection target or a routing gateway of an external outlet, and then performs malicious traffic detection through the malicious traffic threat detection equipment. Therefore, much labor is required to deploy the equipment before forensic detection is performed, and a large percentage of the threat of being unable to detect malicious code in a forensic event, thus causing a waste of labor costs. In addition, in the past, malicious traffic threat detection equipment is deployed at a terminal or a local area gateway, and only the network health state in a single node or a local area network can be detected, if an intrusion prevention detection system is deployed at a detection target, the malicious traffic threat detection equipment is not required to be deployed for a long time and detect the traffic health state, if the malicious traffic threat detection equipment is deployed for a long time, the network transmission performance and the equipment resource consumption are affected, and if the malicious traffic threat detection equipment is removed, the equipment deployment cost is further increased. Moreover, because the conventional malicious traffic threat detection device belongs to an end detection type, if detection is deployed in a large range, a large number of detection devices are required, so that the device is difficult to update, the detection malicious traffic feature library and the C2 library are difficult to synchronously upgrade, and a large amount of labor cost investment is also required. In summary, the current detection method needs to consume a large amount of resources such as manpower, physics, time and the like, which causes high cost investment and time delay for obtaining evidence.
Disclosure of Invention
Based on the problems, the invention provides an online network threat detection method based on VPN flow traction, which can realize the detection of a plurality of nodes by deploying a network threat detection device bypass at the cloud end, so that the detection device is shared, the deployment mode is simplified, and the upgrade and maintenance of the detection device are convenient.
The invention is realized by the following method:
an online network threat detection method based on VPN flow traction comprises the following steps:
building a cloud online system, wherein the cloud online system is composed of at least one cloud server;
building a VPN service on the cloud server;
deploying bypass malicious threat traffic detection equipment at a high-bandwidth network channel gateway; the bypass malicious threat traffic detection equipment integrates malicious traffic feature library and botnet control node information;
the detection target is connected with the cloud online system through the VPN account; the detection target is terminal equipment or a local area network;
the cloud online system pulls the network traffic of the detection target to bypass malicious threat traffic detection equipment;
the bypass malicious threat flow detection equipment detects the received network flow and stores a detection result for a detection target to check, wherein the detection result comprises IP, Port, Time and malicious code family data.
In the method, the cloud servers of the cloud online system are communicated with each other, and load balancing is realized.
In the method, the malicious flow characteristic library is obtained by acquiring communication interaction data according to a sample which is screened out by each malicious code family and can normally communicate with C2, classifying and extracting communication data characteristics of each request type, and generating the malicious flow characteristic library.
In the method, when a detection target is connected with a cloud online system through a VPN account, custom flow source information is submitted, the detection result is stored in a classified mode according to the flow source information, and the access right of a storage position is set.
In the method, the cloud server is also used as a network communication transfer node of a detection target to realize network proxy service.
The invention also correspondingly provides an online network threat detection system based on VPN flow traction, which comprises:
the cloud online system is composed of at least one cloud server; building a VPN service on the cloud server;
the bypass malicious threat flow detection equipment is deployed at a high-bandwidth network channel gateway; the bypass malicious threat traffic detection equipment integrates malicious traffic feature library and botnet control node information;
the detection target is connected with the cloud online system through the VPN account; the detection target is terminal equipment or a local area network;
the cloud online system pulls the network traffic of the detection target to bypass malicious threat traffic detection equipment;
the bypass malicious threat flow detection equipment detects the received network flow and stores a detection result for a detection target to check, wherein the detection result comprises IP, Port, Time and malicious code family data.
In the system, cloud servers of the cloud online system are communicated with each other, and load balancing is realized.
In the system, the malicious flow characteristic library is a malicious flow characteristic library which is generated by acquiring communication interaction data according to samples which are screened out by each malicious code family and can normally communicate with C2, and classifying and extracting communication data characteristics of each request type.
In the system, when a detection target is connected with the cloud online system through a VPN account, user-defined flow source information is submitted, and when a detection result is stored, the flow source information is stored in a classified mode, and the access authority of a storage position is set.
In the system, the cloud server is also used as a network communication transfer node of a detection target to realize network proxy service.
The invention has the advantages that: the threat detection equipment is deployed online, the detection target can be automatically detected and identified only by dragging the network flow to the malicious threat flow detection equipment through VPN service, and meanwhile, the detection result can be obtained in time. In the whole process, a user can realize malicious flow threat detection on terminal equipment or equipment of a communication network in a local area network only by realizing connection with VPN service, and accurately position nodes with malicious flow.
In the aspect of equipment deployment, because the threat detection equipment is online deployed, the detection equipment does not need to be deployed at each detection target in the past, one threat detection equipment can provide flow threat detection service for a plurality of users at the same time, the detection range is expanded from terminal detection to local area network detection, and area coverage is formed through multipoint detection. The problem of cyclic and reciprocating deployment of detection equipment is solved, excessive equipment deployment engineering investment in terminals and local area networks without virus infection is effectively avoided, and meanwhile, loss of various resources and performances of detection targets is also avoided.
In the aspect of equipment maintenance, the previous multi-point deployment mode needs to upgrade and maintain equipment of each node, and the online deployment mode of the detection equipment only needs to upgrade and maintain online threat flow detection equipment, so that the number of the equipment needing to be maintained is greatly reduced, the maintenance is facilitated, and the labor cost is reduced.
Drawings
In order to more clearly illustrate the technical solutions of the present invention or the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments described in the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a flowchart of an embodiment of a VPN traffic-pulling-based online network threat detection method of the present invention;
fig. 2 is a schematic structural diagram of an online network threat detection system based on VPN traffic traction according to the present invention.
Detailed Description
In order to make the technical solutions in the embodiments of the present invention better understood and make the above objects, features and advantages of the present invention more comprehensible, the technical solutions of the present invention are described in further detail below with reference to the accompanying drawings.
The invention provides an online network threat detection method based on VPN flow traction, which can realize the detection of a plurality of nodes by deploying a network threat detection device bypass at the cloud end, so that the detection device is shared, the deployment mode is simplified, and the upgrading and maintenance of the detection device are convenient.
The invention is realized by the following method:
an online network threat detection method based on VPN traffic pulling, as shown in fig. 1, includes:
s101: building a cloud online system, wherein the cloud online system is composed of at least one cloud server; the specific number of the cloud servers can be enough to deploy according to the detection load planning set by expectation;
s102: building a VPN service on the cloud server;
the cloud online system is built mainly because the detection target and the bypass malicious threat flow detection device are points without interaction, and therefore the cloud online system and the VPN service built on the cloud online system need to be connected. The VPN provides a special network service for a detection target, the communication between the detection target and a public network is carried out, and the communication flow at the outlet of a VPN cloud server is detected, identified and analyzed by bypass malicious threat flow detection equipment;
s103: deploying bypass malicious threat traffic detection equipment at a high-bandwidth network channel gateway; malicious traffic feature library and botnet Control node information (Command and Control: C2) are integrated in the bypass malicious threat traffic detection equipment; the bypass malicious threat traffic detection equipment can detect threat traffic characteristics of communication, malicious link URL, botnet control nodes, vulnerability attack, scanning blasting and the like;
s104: the detection target is connected with the cloud online system through the VPN account; the detection target is terminal equipment or a local area network;
s105: the cloud online system pulls the network traffic of the detection target to bypass malicious threat traffic detection equipment;
s106: and detecting the received network traffic by the bypass malicious threat traffic detection equipment, and storing a detection result for a detection target to check. The detection result comprises data such as IP, Port, Time, malicious code family description and the like.
In the method, the cloud servers of the cloud online system are communicated with each other, and load balancing is realized. The load balance is realized, the balance distribution of the VPN service built in the later period is mainly guaranteed, and the breakdown caused by the overload of the flow of the single-point VPN server is avoided.
In the method, the malicious flow characteristic library is obtained by acquiring communication interaction data according to samples which are screened out by each malicious code family and can normally communicate with C2, classifying and extracting communication data characteristics of each request type to generate a malicious flow characteristic library, and extracting characteristics under a multi-environment sample test.
In the method, when a detection target is connected with a cloud online system through a VPN account, custom flow source information is submitted, the detection result is stored in a classified mode according to the flow source information, and the access right of a storage position is set.
In the method, the cloud server is also used as a network communication transfer node of a detection target to realize network proxy service.
To more clearly illustrate the scheme and advantages of the present invention, the following embodiments are given:
user a needs to detect whether a terminal device or a local area network is infected with a virus trojan with network communication. The user A only needs to connect a VPN service agent, namely a cloud server in a cloud online system, to a detection target terminal or a local area network router through an account number useRA, and draws target flow to bypass malicious threat flow detection equipment to realize threat detection and positioning, the detection equipment stores a detection result to a position where only the useRA has a reference authority according to a VPN user, and the useRA is given a management authority for related data.
In the method, the VPN serves as a flow transmission channel, but the network flow of the detection target cannot be actively pulled to pass through the online bypass malicious threat flow detection device through the VPN, so that the detection target needs to actively set VPN connection to guide network communication data to the bypass malicious threat flow detection device, and the malicious threat detection of the communication flow is realized. In order to effectively avoid detection result misarrangement caused by simultaneous submission of VPN drainage detection by multiple users, a detection target needs to submit custom flow source information as a basis for feeding back an analysis result to a detection target object while VPN connection is performed. Meanwhile, in order to avoid that the backup flow of a detection target unit is illegally obtained by other users, so that the detection target flow is illegally leaked, and the loss is difficult to estimate, the VPN service and bypass malicious threat flow detection equipment needs to store the backup flow and the detection result according to user-defined flow source information provided by the users and set access rights, and strictly forbids illegal access of unrelated users and obtains related detection data information.
The present invention also provides a VPN flow traction-based online network threat detection system, as shown in fig. 2, including:
the cloud online system 201 is composed of at least one cloud server; building a VPN service on the cloud server;
a bypass malicious threat traffic detection device 202 deployed at a high bandwidth network channel gateway; a malicious traffic feature library and a botnet control node are integrated in the bypass malicious threat traffic detection equipment;
the detection target 203 is connected with the cloud online system through a VPN account; the detection target is terminal equipment or a local area network;
the cloud online system pulls the network traffic of the detection target to bypass malicious threat traffic detection equipment;
and detecting the received network traffic by the bypass malicious threat traffic detection equipment, and storing a detection result for a detection target to check.
In the system, cloud servers of the cloud online system are communicated with each other, and load balancing is realized.
In the system, the malicious flow characteristic library is a malicious flow characteristic library which is generated by acquiring communication interaction data according to samples which are screened out by each malicious code family and can normally communicate with C2, and classifying and extracting communication data characteristics of each request type.
In the system, when a detection target is connected with the cloud online system through a VPN account, custom flow source information is submitted, the detection result is stored in a classified mode according to the flow source information, and the access right of a storage position is set.
In the system, the cloud server is also used as a network communication transfer node of a detection target to realize network proxy service.
The invention has the advantages that: the malicious threat flow detection equipment is deployed online, a detection target can be automatically detected and identified only by dragging network flow to the malicious threat flow detection equipment through VPN service, and meanwhile, a detection result can be obtained in time. In the whole process, a user can realize malicious flow threat detection on terminal equipment or equipment of a communication network in a local area network only by realizing connection with VPN service, and accurately position nodes with malicious flow.
In the aspect of equipment deployment, because the threat detection equipment is online deployed, the detection equipment does not need to be deployed at each detection target in the past, one threat detection equipment can provide flow threat detection service for a plurality of users at the same time, the detection range is expanded from terminal detection to local area network detection, and area coverage is formed through multipoint detection. The problem of cyclic and reciprocating deployment of detection equipment is solved, excessive equipment deployment engineering investment in terminals and local area networks without virus infection is effectively avoided, and meanwhile, loss of various resources and performance of detection targets is also avoided.
In the aspect of equipment maintenance, the previous multi-point deployment mode needs to upgrade and maintain equipment of each node, and the online deployment mode of the detection equipment only needs to upgrade and maintain the online threat flow detection equipment, so that the number of the equipment needing to be maintained is greatly reduced, the maintenance is facilitated, and the labor cost is reduced.
The technical scheme provided by the invention summarizes the technical thought in the detection, positioning and evidence obtaining of the network threat for a long time, so that the related technical thought architecture point is put forward for the first time. The whole scheme main body framework is that bypass type flow threat detection equipment is deployed on the cloud, a cloud VPN server is erected at the same time to provide a detection target for use, communication flow of the detection target is pulled to pass through the flow threat detection equipment, malicious flow detection and identification of the threat detection equipment are achieved automatically, tedious processes or steps are reduced as far as possible, time consumption is shortened, and meanwhile positioning inspection of full flow can be achieved.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment. While the present invention has been described with respect to the embodiments, those skilled in the art will appreciate that there are numerous variations and permutations of the present invention without departing from the spirit of the invention, and it is intended that the appended claims cover such variations and modifications as fall within the true spirit of the invention.
Claims (10)
1. An online network threat detection method based on VPN flow traction is characterized by comprising the following steps:
building a cloud online system, wherein the cloud online system is composed of at least one cloud server;
building a VPN service on the cloud server;
deploying bypass malicious threat traffic detection equipment at a high-bandwidth network channel gateway, wherein a network threat detection equipment bypass is deployed at a cloud end; detecting a point where the target and the bypass malicious threat traffic detection device do not have interaction;
the bypass malicious threat traffic detection equipment integrates malicious traffic feature library and botnet control node information;
the detection target is connected with the cloud online system through the VPN account; the detection target is terminal equipment or a local area network;
the cloud online system pulls the network traffic of the detection target to bypass malicious threat traffic detection equipment;
the bypass malicious threat flow detection equipment detects the received network flow and stores a detection result for a detection target to check, wherein the detection result comprises IP, Port, Time and malicious code family data.
2. The method of claim 1, wherein cloud servers of the cloud online system are in communication with each other and load balancing is achieved.
3. The method as claimed in claim 1, wherein the malicious traffic feature library is generated by obtaining communication interaction data according to the sample screened by each malicious code family and capable of communicating with C2 normally, and classifying and extracting the communication data features of each request type.
4. The method as claimed in claim 1, wherein when the detection target is connected to the cloud online system through the VPN account, the method further submits custom flow source information, when the detection result is stored, the custom flow source information is stored in a classified manner according to the flow source information, and the access right of the storage location is set.
5. The method of claim 1, wherein the cloud server further implements a network proxy service as a network communication relay node of a detection target.
6. An online cyber threat detection system based on VPN traffic pulling, comprising:
the cloud online system is composed of at least one cloud server; building a VPN service on the cloud server;
the bypass malicious threat flow detection device is deployed at a high-bandwidth network channel gateway, and the bypass of the network threat detection device is deployed at the cloud end; detecting a point where the target and the bypass malicious threat traffic detection device do not have interaction; malicious traffic feature library and botnet control node information are integrated in the bypass malicious threat traffic detection equipment;
the detection target is connected with the cloud online system through the VPN account; the detection target is terminal equipment or a local area network;
the cloud online system pulls the network traffic of the detection target to bypass malicious threat traffic detection equipment;
the bypass malicious threat flow detection equipment detects the received network flow and stores a detection result for a detection target to check, wherein the detection result comprises IP, Port, Time and malicious code family data.
7. The system of claim 6, wherein the cloud servers of the cloud online system are in communication with each other and achieve load balancing.
8. The system as claimed in claim 6, wherein the malicious traffic feature library is generated by obtaining communication interaction data according to the sample screened by each malicious code family and capable of communicating with C2 normally, and classifying and extracting the communication data features of each request type.
9. The system of claim 6, wherein when the detection target is connected to the cloud online system through the VPN account, custom traffic source information is also submitted, and when the detection result is stored, the detection result is stored in a classified manner according to the traffic source information, and access rights of the storage location are set.
10. The system of claim 6, wherein the cloud server further implements a network proxy service as a network communication relay node of a detection target.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810611863.0A CN110611637B (en) | 2018-06-14 | 2018-06-14 | Online network threat detection method and system based on VPN flow traction |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810611863.0A CN110611637B (en) | 2018-06-14 | 2018-06-14 | Online network threat detection method and system based on VPN flow traction |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110611637A CN110611637A (en) | 2019-12-24 |
| CN110611637B true CN110611637B (en) | 2022-07-01 |
Family
ID=68887582
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810611863.0A Active CN110611637B (en) | 2018-06-14 | 2018-06-14 | Online network threat detection method and system based on VPN flow traction |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110611637B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105323261A (en) * | 2015-12-15 | 2016-02-10 | 北京奇虎科技有限公司 | Data detection method and device |
| CN106101075A (en) * | 2016-05-31 | 2016-11-09 | 上海连尚网络科技有限公司 | A kind of method and apparatus realizing secure access |
| CN107872456A (en) * | 2017-11-09 | 2018-04-03 | 深圳市利谱信息技术有限公司 | Network intrusion prevention method, apparatus, system and computer-readable recording medium |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9282110B2 (en) * | 2013-11-27 | 2016-03-08 | Cisco Technology, Inc. | Cloud-assisted threat defense for connected vehicles |
| CN106713293A (en) * | 2016-12-14 | 2017-05-24 | 武汉虹旭信息技术有限责任公司 | Cloud platform malicious behavior detecting system and method |
| CN106790091B (en) * | 2016-12-23 | 2020-10-27 | 深信服科技股份有限公司 | Cloud safety protection system and flow cleaning method |
| CN106713365A (en) * | 2017-02-28 | 2017-05-24 | 郑州云海信息技术有限公司 | Cloud environment-based network security system |
-
2018
- 2018-06-14 CN CN201810611863.0A patent/CN110611637B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105323261A (en) * | 2015-12-15 | 2016-02-10 | 北京奇虎科技有限公司 | Data detection method and device |
| CN106101075A (en) * | 2016-05-31 | 2016-11-09 | 上海连尚网络科技有限公司 | A kind of method and apparatus realizing secure access |
| CN107872456A (en) * | 2017-11-09 | 2018-04-03 | 深圳市利谱信息技术有限公司 | Network intrusion prevention method, apparatus, system and computer-readable recording medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110611637A (en) | 2019-12-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Zheng et al. | Realtime DDoS defense using COTS SDN switches via adaptive correlation analysis | |
| US10355949B2 (en) | Behavioral network intelligence system and method thereof | |
| US7409714B2 (en) | Virtual intrusion detection system and method of using same | |
| US7463593B2 (en) | Network host isolation tool | |
| CN106850690B (en) | Honeypot construction method and system | |
| EP3304813A1 (en) | Network behavior data collection and analytics for anomaly detection | |
| KR102160187B1 (en) | Apparatus and method deploying firewall on SDN, and network using the same | |
| KR101250899B1 (en) | Apparatus for detecting and preventing application layer distribute denial of service attack and method | |
| Al-Kasassbeh | Network intrusion detection with wiener filter-based agent | |
| KR20110067871A (en) | Network access apparatus and method for watching and controlling traffic using oam packet in ip network | |
| CN110611637B (en) | Online network threat detection method and system based on VPN flow traction | |
| CN116228195B (en) | Data processing method, device, equipment and storage medium suitable for worksheets | |
| US10747525B2 (en) | Distribution of a software upgrade via a network | |
| Sanz et al. | A cooperation-aware virtual network function for proactive detection of distributed port scanning | |
| US7971244B1 (en) | Method of determining network penetration | |
| Amin et al. | Edge-computing with graph computation: A novel mechanism to handle network intrusion and address spoofing in SDN | |
| Khalifa et al. | Network security challenges in SDN environments | |
| Ordabayeva et al. | Analysis of network security organization based on SD-WAN technology | |
| CN116527478B (en) | Fault cluster distinguishing processing method, device, equipment and storage medium | |
| Jili et al. | DDoS detection and protection based on cloud computing platform | |
| DE102019000823B4 (en) | System for coordinative security across multi-layer networks | |
| JP4361570B2 (en) | Packet control instruction management method | |
| KR101223597B1 (en) | Apparatus and method for generating signature of operating system | |
| KR101724922B1 (en) | Apparatus and Method for controlling middleboxs | |
| ROA et al. | Implementation of detection against distributed reflection for rank correlation dos attacks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |