CN113079171A - SDN blind DDos attack resisting method based on multi-controller migration - Google Patents
SDN blind DDos attack resisting method based on multi-controller migration Download PDFInfo
- Publication number
- CN113079171A CN113079171A CN202110392529.2A CN202110392529A CN113079171A CN 113079171 A CN113079171 A CN 113079171A CN 202110392529 A CN202110392529 A CN 202110392529A CN 113079171 A CN113079171 A CN 113079171A
- Authority
- CN
- China
- Prior art keywords
- controller
- sdn
- blind
- switch
- pool
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 238000013508 migration Methods 0.000 title claims abstract description 21
- 230000005012 migration Effects 0.000 title claims abstract description 21
- 238000012544 monitoring process Methods 0.000 claims abstract description 25
- 238000004891 communication Methods 0.000 claims description 9
- 238000001514 detection method Methods 0.000 claims description 8
- 238000001914 filtration Methods 0.000 claims description 4
- 238000013507 mapping Methods 0.000 claims description 4
- 238000005516 engineering process Methods 0.000 description 7
- 230000007123 defense Effects 0.000 description 6
- 230000000694 effects Effects 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012163 sequencing technique Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0823—Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
- H04L41/0836—Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability to enhance reliability, e.g. reduce downtime
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the technical field of network security protection, in particular to an SDN blind DDos attack resisting method based on multi-controller migration, which comprises the following steps: s1, detecting whether the SDN is attacked by blind DDos; s2, forming a controller pool by using a plurality of controllers, wherein the controller pool comprises an offline controller and an online controller; s3, monitoring each controller in the controller pool; s4, dynamically connecting the controller to the switch; and S5, monitoring the bandwidth and load of the online controller, switching the offline controller in the controller pool to an online state when the SDN is attacked by blind DDoS, and allocating a corresponding IP address to the controller. The method can effectively monitor each controller in the controller pool, dynamically connect the controller with the switch, switch the offline controller in the controller pool to an online state when the SDN is attacked by blind DDos, and allocate corresponding IP addresses to the controllers, thereby effectively improving the reliability and the safety of the SDN.
Description
Technical Field
The invention relates to the technical field of network security protection, in particular to an SDN blind DDos attack resisting method based on multi-controller migration.
Background
The traditional network equipment couples equipment control and data forwarding together, so that the management of equipment such as a router, a switch and the like is very complex, the flexibility and the expansibility are lacked, and the further rapid development of the network is hindered. Therefore, in this context, a concept of a Software Defined Network (SDN) and related technologies thereof appear, and the SDN is a novel Network innovation architecture and an implementation manner of Network virtualization. The OpenFlow core technology of the software defined network separates the control plane and the data plane of the network equipment, can flexibly control network flow, uses the network as a pipeline, can become more intelligent, and can provide a platform for innovation of a core network and application. Distributed Denial of Service (DDoS) attacks can cause a large number of computers to be attacked at the same time, so that the attacked target cannot be used normally, and the Distributed Denial of Service attacks have occurred many times, which causes many large websites to have the condition that the operations cannot be performed, thereby not only affecting the normal use of the computers by users, but also causing great economic loss. The Moving Target Defense (MTD) technology is one of revolutionary technologies, and is completely different from the previous network security technologies, and the Moving Target Defense can change a passive Defense mode into an active Defense mode, and the system and network states of the Moving Target Defense are continuously changed along with the change of multiple dimensions such as time, space, physical environment and the like, so that the intrusion difficulty of an intruder is increased, the probability of vulnerability exposure of the own party is effectively reduced, and the Moving Target Defense technology becomes a key development direction of the future network security protection technology. The switches can be divided into wide area network switches and local area network switches according to the working positions. The wide area switch is a device for performing information exchange function in a communication system, and is applied to a data link layer. The switch has a plurality of ports, each port has a bridging function and can be connected with a local area network or a high-performance server or a workstation. Switches are also sometimes referred to as multi-port bridges.
For the existing SDN, a large amount of attack traffic caused by blind DDoS attack cannot be effectively resisted, so that the usability, reliability and safety of the SDN are low, and data in the SDN is easily lost or damaged.
Disclosure of Invention
Objects of the invention
In order to solve the technical problems in the background art, the invention provides an SDN anti-blind DDos attack method based on multi-controller migration, which can effectively resist a large amount of attack flow under the blind DDos attack, effectively monitor each controller in a controller pool, dynamically connect the controllers with a switch, detect the bandwidth and the load of an online controller when detecting whether the SDN is attacked by the blind DDos, switch an offline controller in the controller pool consisting of a plurality of controllers to an online state when a detection result shows that the SDN is attacked by the blind DDos, allocate corresponding IP addresses to the controllers, effectively improve the availability, the reliability and the safety of the SDN, and effectively protect data in the SDN.
(II) technical scheme
The invention provides an SDN blind DDos attack resisting method based on multi-controller migration, which comprises the following steps:
s1, detecting whether the SDN is attacked by blind DDos;
s2, forming a controller pool by using a plurality of controllers, wherein the controller pool comprises an offline controller and an online controller;
s3, monitoring each controller in the controller pool;
s4, dynamically connecting the controller to the switch;
and S5, monitoring the bandwidth and load of the online controller, switching the offline controller in the controller pool to an online state when the SDN is attacked by blind DDoS, and allocating a corresponding IP address to the controller.
Preferably, in S2, the controllers in the controller pool are sorted in the order of controller 1, controller 2, … …, and controller N.
Preferably, in S4, the switch is provided in plurality, and the switches are sorted in the order of switch 1, switch 2, switch … …, and switch N.
Preferably, in S5, the blind DDos attack is defended by randomly delaying the scan packets and filtering the flooding by route mapping.
Preferably, the system is applied to an SDN blind DDos attack resisting system based on multi-controller migration, and the system comprises:
blind DDos attack detection module: the method comprises the steps of detecting whether the SDN network is attacked by blind DDos;
a controller pool: utilizing a plurality of controllers to form a controller pool, wherein the controller pool comprises an offline controller and an online controller;
an SDN monitoring system: the system is used for monitoring all controllers in the controller pool;
the switch connection module: for dynamically connecting the controller to the switch;
MTD policy manager: the method is used for monitoring the bandwidth and the load of the online controller, switching the offline controller in the controller pool to an online state when the SDN is attacked by blind DDoS, and allocating a corresponding IP address to the controller.
Preferably, the SDN monitoring system includes:
semi-open SDN subsystem: for attracting blind DDos attacks;
semi-enclosed SDN subsystem: for closed cancellation of blind DDos attacks.
Preferably, every two of the switches 1, 2, … … and N are in communication connection, the switch 1 is in communication connection with the controller 1, the switch 2 is in communication connection with the controller 2, … … and the switch N is in communication connection with the controller N.
Preferably, the MTD policy manager includes:
the controller state switching module: the system comprises a controller pool, a controller and a controller, wherein the controller pool is used for switching an offline controller in the controller pool to an online state;
an IP address allocation module: for assigning the controller a corresponding IP address.
Compared with the prior art, the technical scheme of the invention has the following beneficial technical effects:
the method can effectively resist a large amount of attack flow under blind DDos attack, effectively monitor each controller in the controller pool, dynamically connect the controller with the switch, detect whether the SDN is attacked by the blind DDos, simultaneously detect the bandwidth and the load of the online controller, switch the offline controller in the controller pool consisting of a plurality of controllers to an online state when the detection result shows that the SDN is attacked by the blind DDos, and allocate corresponding IP addresses to the controllers, thereby effectively improving the availability, the reliability and the safety of the SDN and effectively protecting the data in the SDN.
The blind DDos attack detection module is respectively connected with each controller in the controller pool; the method comprises the steps that an offline controller in an offline state in a controller pool cannot be used for protecting the SDN network, and an online controller in an online state in the controller pool can be used for protecting the SDN network; the SDN monitoring system can monitor the use state of each controller, judge which state each controller is in on-line and off-line, and transmit the judgment result to the MTD policy manager; the controller is connected with the switch connecting module, and the controller can be connected with the switch by utilizing the switch connecting module; the MTD strategy manager acquires data transmitted by the SDN monitoring system, monitors the bandwidth and load of the online controllers, switches the offline controllers in the offline state to the online state when the SDN is attacked by blind DDos, improves the number of the online controllers in the online state, allocates corresponding IP addresses to the online controllers in the online state, and effectively plays a role in protecting the SDN.
After the blind DDos attack is lured by the semi-open type SDN subsystem, the blind DDos attack is eliminated in a closed mode by the semi-closed type SDN subsystem, the success rate of eliminating the blind DDos attack is improved, data information of the blind DDos attack is obtained, the data information is stored in a database, the blind DDos attack eliminating measure is directly called when the blind DDos attack is attacked next time, the time of threat removing is saved, and the protection effect of the data in the SDN is further improved.
The single switch can transmit data with the single controller, and data transmission and exchange can be performed between every two switches, so that data can be transmitted between the switches, and the controllers can be flexibly switched in two states of an off-line state and an on-line state.
Drawings
Fig. 1 is a schematic flow structure diagram of an SDN blind DDos attack resisting method based on multi-controller migration according to the present invention.
Fig. 2 is a schematic diagram of a system structure of an application of the SDN blind DDos attack resisting method based on multi-controller migration according to the present invention.
Fig. 3 is a schematic structural diagram of an SDN monitoring system in a system to which the SDN blind DDos attack resisting method based on multi-controller migration is applied.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail with reference to the accompanying drawings in conjunction with the following detailed description. It should be understood that the description is intended to be exemplary only, and is not intended to limit the scope of the present invention. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present invention.
As shown in fig. 1-3, the SDN blind DDos attack resisting method based on multi-controller migration provided by the present invention includes the following steps:
s1, detecting whether the SDN is attacked by blind DDos;
s2, forming a controller pool by using a plurality of controllers, wherein the controller pool comprises an offline controller and an online controller;
s3, monitoring each controller in the controller pool;
s4, dynamically connecting the controller to the switch;
and S5, monitoring the bandwidth and load of the online controller, switching the offline controller in the controller pool to an online state when the SDN is attacked by blind DDoS, and allocating a corresponding IP address to the controller.
The embodiment of the invention can effectively resist a large amount of attack flow under blind DDos attack, effectively monitor each controller in the controller pool, dynamically connect the controller with the switch, detect the bandwidth and the load of the online controller when detecting whether the SDN is attacked by the blind DDos, switch the offline controller in the controller pool consisting of a plurality of controllers to the online state when the detection result shows that the SDN is attacked by the blind DDos, and allocate corresponding IP addresses to the controllers, thereby effectively improving the availability, the reliability and the safety of the SDN and effectively protecting the data in the SDN.
In an alternative embodiment, in S2, the controllers in the controller pool are sorted in the order of controller 1, controller 2, … …, and controller N.
It should be noted that, by sequencing the plurality of controllers according to the sequence of the controller 1, the controllers 2, … …, and the controller N, the controller information can be checked more conveniently and quickly, and the controller to be used is called, so that time is saved, and efficiency is improved.
In an alternative embodiment, in S4, the switch is provided in plurality, and the switches are ordered according to the order of switch 1, switch 2, switch … …, and switch N.
It should be noted that, by sequencing the switches according to the order of switch 1, switch 2, … … and switch N, the switch information can be checked more conveniently and quickly, and the switch to be used is called, so that the time is saved, and the efficiency is improved.
In an alternative embodiment, in S5, blind DDos attacks are defended by randomly delaying scan packets and route mapping filtering flooding.
It should be noted that, after the offline controller in the controller pool is switched to the online state and the corresponding IP address is allocated to the controller, a random delay scanning message manner and a route mapping filtering flooding manner are used to effectively resist blind DDos attacks, ensure the security of the SDN network, and protect the security of data in the SDN network.
In an optional embodiment, the method is applied to an SDN blind DDos attack resisting system based on multi-controller migration, and the system comprises:
blind DDos attack detection module: the method comprises the steps of detecting whether the SDN network is attacked by blind DDos;
a controller pool: utilizing a plurality of controllers to form a controller pool, wherein the controller pool comprises an offline controller and an online controller;
an SDN monitoring system: the system is used for monitoring all controllers in the controller pool;
the switch connection module: for dynamically connecting the controller to the switch;
MTD policy manager: the method is used for monitoring the bandwidth and the load of the online controller, switching the offline controller in the controller pool to an online state when the SDN is attacked by blind DDoS, and allocating a corresponding IP address to the controller.
It should be noted that the blind DDos attack detection module is connected to each controller in the controller pool; the method comprises the steps that an offline controller in an offline state in a controller pool cannot be used for protecting the SDN network, and an online controller in an online state in the controller pool can be used for protecting the SDN network; the SDN monitoring system can monitor the use state of each controller, judge which state each controller is in on-line and off-line, and transmit the judgment result to the MTD policy manager; the controller is connected with the switch connecting module, and the controller can be connected with the switch by utilizing the switch connecting module; the MTD strategy manager acquires data transmitted by the SDN monitoring system, monitors the bandwidth and load of the online controllers, switches the offline controllers in the offline state to the online state when the SDN is attacked by blind DDos, improves the number of the online controllers in the online state, allocates corresponding IP addresses to the online controllers in the online state, and effectively plays a role in protecting the SDN.
In an optional embodiment, the SDN monitoring system includes:
semi-open SDN subsystem: for attracting blind DDos attacks;
semi-enclosed SDN subsystem: for closed cancellation of blind DDos attacks.
It should be noted that, after the blind DDos attack is induced by the semi-open SDN subsystem, the blind DDos attack is eliminated in a closed manner by using the semi-closed SDN subsystem, so that the success rate of eliminating the blind DDos attack is improved, data information of the blind DDos attack is acquired, the data information is stored in a database, and the blind DDos attack eliminating measure is directly called when the blind DDos attack is attacked next time, so that the time for releasing the threat is saved, and the protection effect on the data in the SDN network is further improved.
In an alternative embodiment, switch 1, switch 2, … …, and switch N are communicatively connected to each other, switch 1 is communicatively connected to controller 1, switch 2 is communicatively connected to controller 2, and switch N is communicatively connected to controller N, … ….
It should be noted that a single switch can perform data transmission with a single controller, and data transmission and switching can be performed between every two switches, so that data can be transmitted between the switches, and the controllers can be flexibly switched between an offline state and an online state.
In an alternative embodiment, the MTD policy manager comprises:
the controller state switching module: the system comprises a controller pool, a controller and a controller, wherein the controller pool is used for switching an offline controller in the controller pool to an online state;
an IP address allocation module: for assigning the controller a corresponding IP address.
It should be noted that the controller state switching module is used for controlling the off-line controller to be switched to the on-line state, and the IP address allocation module is used for allocating an IP address to the on-line controller in the on-line state, so that the control effect of the MTD policy manager on the off-line controller is effectively ensured.
It is to be understood that the above-described embodiments of the present invention are merely illustrative of or explaining the principles of the invention and are not to be construed as limiting the invention. Therefore, any modification, equivalent replacement, improvement and the like made without departing from the spirit and scope of the present invention should be included in the protection scope of the present invention. Further, it is intended that the appended claims cover all such variations and modifications as fall within the scope and boundaries of the appended claims or the equivalents of such scope and boundaries.
Claims (8)
1. An SDN blind DDos attack resisting method based on multi-controller migration is characterized by comprising the following steps:
s1, detecting whether the SDN is attacked by blind DDos;
s2, forming a controller pool by using a plurality of controllers, wherein the controller pool comprises an offline controller and an online controller;
s3, monitoring each controller in the controller pool;
s4, dynamically connecting the controller to the switch;
and S5, monitoring the bandwidth and load of the online controller, switching the offline controller in the controller pool to an online state when the SDN is attacked by blind DDoS, and allocating a corresponding IP address to the controller.
2. The SDN blind DDos attack resistant method based on multi-controller migration of claim 1, wherein in S2, for a plurality of controllers in the controller pool, the controllers are sorted in the order of controller 1, controller 2, … … and controller N.
3. The SDN anti-blind DDos attack method based on multi-controller migration of claim 2, wherein in S4, a plurality of switches are provided, and the plurality of switches are ordered according to the sequence of switch 1, switch 2, switch … … and switch N.
4. The SDN blind DDos attack resistant method based on multi-controller migration of claim 3, wherein in S5, the blind DDos attack is resisted by randomly delaying scanning messages and routing mapping filtering flooding.
5. The SDN blind DDos attack resisting method based on multi-controller migration, as claimed in claim 3, is applied to an SDN blind DDos attack resisting system based on multi-controller migration, and the system comprises:
blind DDos attack detection module: the method comprises the steps of detecting whether the SDN network is attacked by blind DDos;
a controller pool: utilizing a plurality of controllers to form a controller pool, wherein the controller pool comprises an offline controller and an online controller;
an SDN monitoring system: the system is used for monitoring all controllers in the controller pool;
the switch connection module: for dynamically connecting the controller to the switch;
MTD policy manager: the method is used for monitoring the bandwidth and the load of the online controller, switching the offline controller in the controller pool to an online state when the SDN is attacked by blind DDoS, and allocating a corresponding IP address to the controller.
6. The SDN blind DDos attack resistant method based on multi-controller migration according to claim 5, wherein the SDN monitoring system comprises:
semi-open SDN subsystem: for attracting blind DDos attacks;
semi-enclosed SDN subsystem: for closed cancellation of blind DDos attacks.
7. The SDN blind DDos attack resisting method based on multi-controller migration of claim 5, wherein each of the switch 1, the switch 2, the switch … … and the switch N are in communication connection with each other among N switches, the switch 1 is in communication connection with the controller 1, the switch 2 is in communication connection with the controller 2, and … … is in communication connection with the switch N and the controller N.
8. The SDN blind DDos attack resistant method based on multi-controller migration of claim 5, wherein the MTD policy manager comprises:
the controller state switching module: the system comprises a controller pool, a controller and a controller, wherein the controller pool is used for switching an offline controller in the controller pool to an online state;
an IP address allocation module: for assigning the controller a corresponding IP address.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110392529.2A CN113079171A (en) | 2021-04-13 | 2021-04-13 | SDN blind DDos attack resisting method based on multi-controller migration |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110392529.2A CN113079171A (en) | 2021-04-13 | 2021-04-13 | SDN blind DDos attack resisting method based on multi-controller migration |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113079171A true CN113079171A (en) | 2021-07-06 |
Family
ID=76617345
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110392529.2A Pending CN113079171A (en) | 2021-04-13 | 2021-04-13 | SDN blind DDos attack resisting method based on multi-controller migration |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113079171A (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103561011A (en) * | 2013-10-28 | 2014-02-05 | 中国科学院信息工程研究所 | Method and system for preventing blind DDoS attacks on SDN controllers |
CN105162759A (en) * | 2015-07-17 | 2015-12-16 | 哈尔滨工程大学 | SDN network DDoS attack detecting method based on network layer flow abnormity |
CN108111542A (en) * | 2018-01-30 | 2018-06-01 | 深圳大学 | Internet of Things ddos attack defence method, device, equipment and medium based on SDN |
WO2019148576A1 (en) * | 2018-02-05 | 2019-08-08 | 重庆邮电大学 | Ddos attack detection and mitigation method for industrial sdn network |
CN112134894A (en) * | 2020-09-25 | 2020-12-25 | 昆明理工大学 | Moving target defense method for DDoS attack |
-
2021
- 2021-04-13 CN CN202110392529.2A patent/CN113079171A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103561011A (en) * | 2013-10-28 | 2014-02-05 | 中国科学院信息工程研究所 | Method and system for preventing blind DDoS attacks on SDN controllers |
CN105162759A (en) * | 2015-07-17 | 2015-12-16 | 哈尔滨工程大学 | SDN network DDoS attack detecting method based on network layer flow abnormity |
CN108111542A (en) * | 2018-01-30 | 2018-06-01 | 深圳大学 | Internet of Things ddos attack defence method, device, equipment and medium based on SDN |
WO2019148576A1 (en) * | 2018-02-05 | 2019-08-08 | 重庆邮电大学 | Ddos attack detection and mitigation method for industrial sdn network |
CN112134894A (en) * | 2020-09-25 | 2020-12-25 | 昆明理工大学 | Moving target defense method for DDoS attack |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Xing et al. | SDNIPS: Enabling software-defined networking based intrusion prevention system in clouds | |
EP2251783B1 (en) | Method and system for application migration in a cloud | |
US9614768B2 (en) | Method for traffic load balancing | |
US11611454B2 (en) | Distributed network interfaces for application cloaking and spoofing | |
US9813448B2 (en) | Secured network arrangement and methods thereof | |
CN104980349A (en) | Relay System and Switching Device | |
US9306959B2 (en) | Dual bypass module and methods thereof | |
CN111431881A (en) | Method and device for trapping nodes based on windows operating system | |
Khan et al. | FML: A novel forensics management layer for software defined networks | |
CN105049349A (en) | Relay System and Switching Device | |
CN112511439B (en) | Data forwarding method, device, equipment and computer readable storage medium | |
CN113079171A (en) | SDN blind DDos attack resisting method based on multi-controller migration | |
Bui et al. | Analysis of topology poisoning attacks in software-defined networking | |
Anagha et al. | Packet injection and Dos attack controller software (PDACS) module to handle attacks in software defined network | |
CN113285836B (en) | System and method for enhancing toughness of software system based on micro-service real-time migration | |
CN112804131B (en) | Access control method based on VLAN structure | |
KR101914831B1 (en) | SDN to prevent an attack on the host tracking service and controller including the same | |
Shravanya et al. | Securing distributed SDN controller network from induced DoS attacks | |
CN112291257A (en) | Platform dynamic defense method based on event driving and timing migration | |
CN116827813B (en) | Multi-data center secure communication method and DCI equipment | |
KR102232761B1 (en) | Method and system for detecting client causing network problem using client route control system | |
Xiao et al. | Cross-Security Domain Dynamic Orchestration Algorithm of Network Security Functions | |
Lotlikar et al. | DoShield Through SDN for IoT Enabled Attacks | |
Aydeger | Mitigating stealthy link flooding DDoS attacks using SDN-based moving target defense | |
US20240235892A1 (en) | Distributed Network Interfaces For Application Cloaking And Spoofing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20220908 Address after: 361000 units 1702 and 1703, No. 59, Chengyi North Street, phase III, software park, Xiamen, Fujian Applicant after: XIAMEN USEEAR INFORMATION TECHNOLOGY Co.,Ltd. Address before: Unit 1701, 59 Chengyi North Street, phase III, software park, Xiamen City, Fujian Province, 361000 Applicant before: FUJIAN QIDIAN SPACE-TIME DIGITAL TECHNOLOGY Co.,Ltd. |
|
TA01 | Transfer of patent application right | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210706 |
|
RJ01 | Rejection of invention patent application after publication |