WO2016098968A1 - Système de mise en réseau intelligent en termes sécurité et procédé associé - Google Patents
Système de mise en réseau intelligent en termes sécurité et procédé associé Download PDFInfo
- Publication number
- WO2016098968A1 WO2016098968A1 PCT/KR2015/005452 KR2015005452W WO2016098968A1 WO 2016098968 A1 WO2016098968 A1 WO 2016098968A1 KR 2015005452 W KR2015005452 W KR 2015005452W WO 2016098968 A1 WO2016098968 A1 WO 2016098968A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- security
- vtn
- service
- ocs
- information
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Definitions
- the present invention relates to an intelligent security networking system, in which service chaining is performed to derive an optimal security service path so that abnormal symptom detection, traffic detection, and security service can be provided in a virtual communication network that guarantees service scalability. It enhances the security performance of the virtual communication network, and utilizes advanced network security service chaining optimization technology based on Software Defined Network (SDN) / Network Function Virtualization (NFV) to create new security threats such as DDoS and Advanced Persistent Threat (APT).
- SDN Software Defined Network
- NFV Network Function Virtualization
- a new concept of self-defense and auto-scalable L4 / L7 + NFV / SDN smart security networking system that actively defends / responses to intelligent security networking systems.
- network technology has become part of the critical infrastructure in business, home and public institutions.
- the current network includes communication devices such as routers or switches, and such communication devices include complicated protocols and functions, and characteristics of each manufacturer are different from each other. Are going through.
- the existing network and security equipment had a problem that it is difficult to accommodate the fixed service.
- OpenFlow technology has emerged to provide an open standard interface to users or developers while solving high cost problems.
- OpenFlow technology separates the packet forwarding and control functions of the network switch and provides a protocol for communication between the two functions, so that software driven by an external controller can determine the packet path within the switch regardless of the equipment manufacturer. do.
- Openflow systems include openflow switches and controllers, and are configured to use standardized Openflow protocols between openflow switches and controllers to perform current network functions.
- Networking hereinafter abbreviated as SDN
- Openflow switches perform basic switching functions and consist of a flow table, a secure channel, and an openflow protocol.
- the controller creates a flow table inside the switch by the OpenFlow protocol, which includes the function of registering or deleting a new flow.
- the core function for the operation of the controller and openflow switch node in the openflow system is the flow table, which processes the packet by forwarding the packet to the open port using the flow table. do.
- the existing OpenFlow system recognizes the failure state in the controller and sets a port to configure a new path, and updates the flow table according to the set port. It took a lot of time to cope with the failure, which caused the packet is not delivered during the time to cope with the failure.
- the existing network security system (Firewall, IPS, IDS, etc.) is a dedicated hardware that performs only a specific function, the maximum throughput is fixed per system, there was a problem that can not respond quickly to DDos or APT attack.
- the existing network equipment is a network equipment that simultaneously performs a control function and a data transfer function, and thus there is a problem that traffic control cannot be performed quickly according to a situation.
- the present invention has been made in view of the above-described circumstances of the prior art, and a service chaining method for deriving an optimal security service path for providing an abnormal symptom detection, traffic detection, and security service to a virtual communication network that guarantees service scalability is provided.
- the purpose of the present invention is to provide an intelligent security networking system that enhances the security of virtual communication networks.
- an intelligent secure networking method performed in a node of a software defined networking network (SDN), comprising: a) setting virtual tenant network (VTN) information; b) setting security service information for each VTN; c) monitoring packets entering the network; d) determining whether to apply the security policy; e)
- SDN software defined networking network
- the process a) includes receiving a name or description of the VTN from an OrChestration system (OCS); Receiving an OCS (OrChestration system) inputting a VTN identification method such as IP, Mac, or VLAN;
- OCS OrChestration system
- An intelligent secure networking method is provided in which an OrChestration system (OCS) includes a process of receiving IP, Mac, or VLAN information of a host server in a VTN.
- the step b) comprises: allocating security service functions to a plurality of VTNs in a chaining pool system (CPS);
- An intelligent security networking method is provided that includes a process of setting a response policy when a security abnormal signal occurs in a chaining pool system (CPS).
- the step c) is an OrChestration system (OCS) receives and stores event signals from the Self-Defending System (SDS) and SDN Controller System (SCS) and Chaining Pool System (CPS) to determine the intrusion detection, intrusion Invoking a service chaining algorithm upon detection; Receiving traffic / resource information to determine whether a threshold is exceeded and calling a service chaining algorithm when the threshold is exceeded;
- OCS OrChestration system
- SDS Self-Defending System
- SCS SDN Controller System
- CPS Chaining Pool System
- Receiving traffic / resource information to determine whether a threshold is exceeded and calling a service chaining algorithm when the threshold is exceeded
- an intelligent security networking method comprising receiving a security service status information and presenting security service node information.
- the step d) includes the step of generating a virtual machine by the OrChestration system (OCS) requesting the CPS to create a security service for each VTN;
- OCS OrChestration system
- An intelligent security networking method is provided, wherein the security service required for peace of mind is kept running, and the security service required in case of abnormal symptoms is managed to be maintained in IDLE state.
- the step e) is an intelligent security networking method characterized in that the OrChestration system (OCS) is a process of deriving the optimal security service path through the service chaining.
- OCS OrChestration system
- the present invention receives and registers security settings for each VTN and VTN of an IDC center manager, applies security settings for each VTN and VTN to CPS, SCS, and SDS, and performs service chaining by receiving an abnormal symptom detection signal.
- An OCS for deriving a security service path
- An SCS for receiving VTN and VTN security setting information from the OCS and applying VTN path information to an open flow switch
- a CPS that receives security setting information for each VTN and VTN from the OCS, receives a security service generation signal, generates a security service virtual machine, and checks the security service status by driving a virtual machine for packets introduced through the Internet
- An intelligent security networking system is provided comprising an SDS configured to receive VTN and VTN-specific security configuration information from the OCS and to mirror and monitor incoming packets.
- the intelligent security networking system makes it possible to flexibly apply the security service policy set in the IDC center to a port of an open flow switch (or node), and to monitor all packets introduced from the Internet in real time, at the time of failure occurrence.
- the optimal security service path can be reconfigured to guarantee the continuity of traffic transmission and improve the quality of service.
- a user-tailored virtual application security chaining service can be provided for each VTN (Virtual Tenant Network) provided by an SDN network.
- VTN Virtual Tenant Network
- self-defense active response technology provides administrators with the convenience of automatically managing the network, while reducing operational costs by responding immediately to cyber attacks or failures.
- high-performance / high-strength security services such as cloud data center virtual security service sector, closed network operation government agency security sector (major institutional network providers such as the Ministry of Public Administration and Security, civil service, police, and NIS), general enterprise security equipment, and CDN / Internet broadcasting It can be applied to the field required.
- FIG. 1 is a schematic diagram showing a schematic configuration of an intelligent security networking system according to an embodiment of the present invention
- FIG. 2 is a signal flow diagram illustrating a process through an intelligent security networking system according to an embodiment of the present invention
- FIG. 3 is a diagram illustrating a VTN information setting state through an intelligent security networking system according to an embodiment of the present invention
- 5 and 6 are diagrams illustrating a security service setting state through an intelligent security networking system according to an embodiment of the present invention
- FIG. 7 is a diagram illustrating a security service application state of the intelligent security networking system according to an embodiment of the present invention.
- FIGS. 8 and 9 are diagrams illustrating an intrusion detection monitoring state through an intelligent security networking system according to an embodiment of the present invention.
- 10, 11, 12 and 13 are diagrams detailing a security service application state through an intelligent security networking system according to an embodiment of the present invention.
- FIG. 14 illustrates a key algorithm for establishing a service chaining list path through an intelligent security networking system according to the present invention .
- an intelligent secure networking method performed in a node of a software defined networking network (SDN), comprising: a) setting virtual tenant network (VTN) information; b) setting security service information for each VTN; c) monitoring packets entering the network; d) determining whether to apply the security policy; e)
- SDN software defined networking network
- the process a) includes receiving a name or description of the VTN from an OrChestration system (OCS); Receiving an OCS (OrChestration system) inputting a VTN identification method such as IP, Mac, or VLAN;
- OCS OrChestration system
- An intelligent secure networking method is provided in which an OrChestration system (OCS) includes a process of receiving IP, Mac, or VLAN information of a host server in a VTN.
- the step b) comprises: allocating security service functions to a plurality of VTNs in a chaining pool system (CPS);
- An intelligent security networking method is provided that includes a process of setting a response policy when a security abnormal signal occurs in a chaining pool system (CPS).
- the step c) is an OrChestration system (OCS) receives and stores event signals from the Self-Defending System (SDS) and SDN Controller System (SCS) and Chaining Pool System (CPS) to determine the intrusion detection, intrusion Invoking a service chaining algorithm upon detection; Receiving traffic / resource information to determine whether a threshold is exceeded and calling a service chaining algorithm when the threshold is exceeded;
- OCS OrChestration system
- SDS Self-Defending System
- SCS SDN Controller System
- CPS Chaining Pool System
- Receiving traffic / resource information to determine whether a threshold is exceeded and calling a service chaining algorithm when the threshold is exceeded
- an intelligent security networking method comprising receiving a security service status information and presenting security service node information.
- the step d) includes the step of generating a virtual machine by the OrChestration system (OCS) requesting the CPS to create a security service for each VTN;
- OCS OrChestration system
- An intelligent security networking method is provided, wherein the security service required for peace of mind is kept running, and the security service required in case of abnormal symptoms is managed to be maintained in IDLE state.
- the step e) is an intelligent security networking method characterized in that the OrChestration system (OCS) is a process of deriving the optimal security service path through the service chaining.
- OCS OrChestration system
- the present invention receives and registers security settings for each VTN and VTN of an IDC center manager, applies security settings for each VTN and VTN to CPS, SCS, and SDS, and performs service chaining by receiving an abnormal symptom detection signal.
- An OCS for deriving a security service path
- An SCS for receiving VTN and VTN security setting information from the OCS and applying VTN path information to an open flow switch
- a CPS that receives security setting information for each VTN and VTN from the OCS, receives a security service generation signal, generates a security service virtual machine, and checks the security service status by driving a virtual machine for packets introduced through the Internet
- An intelligent security networking system is provided comprising an SDS configured to receive VTN and VTN-specific security configuration information from the OCS and to mirror and monitor incoming packets.
- the present invention relates to a SDN-based high-reliability self-defense smart security system, and provides the following functions so that operators can easily use the network with confidence.
- FIG. 1 is a schematic diagram showing a schematic configuration of an intelligent security networking system according to an embodiment of the present invention
- Figure 2 is a signal flow diagram showing a process through an intelligent security networking system according to an embodiment of the present invention.
- the intelligent security networking system is a service for deriving an optimal security service path so that abnormal symptom detection, traffic detection, and security service can be provided in a virtual communication network that guarantees service scalability. It is a system that enhances the security performance of the virtual communication network by allowing chaining to be performed.
- the intelligent security networking system is authorized by registering security settings for each VTN and VTN of an IDC center manager, and registering security settings for each VTN and VTN CPS (Chainning Pool System: 14). ) And OCS (OrChestration system: 6) which is applied to SDN (SDN Controller System: 12) and SDS (Self-Defending System: 16), performs service chaining and derives security service path by receiving abnormal signal detection signal.
- An SDN controller system 12 for receiving VTNs and security setting information for each VTN from the OCS (OrChestration system: 6) and applying route information for each VTN to an open flow switch; Authorizes VTN and VTN security setting information from the OCS (OrChestration system: 6), generates a security service virtual signal by receiving a security service generation signal, and checks the security service status by driving a virtual machine for packets introduced through the Internet.
- Chaining Pool System (CPS) 14; Self-Defending System (SDS) 16 receives VTN and security setting information for each VTN from the OCS (OrChestration system: 6) and mirrors the incoming packet.
- CPS Chaining Pool System
- SDS Self-Defending System
- Intelligent security networking system enables to perform the included NFV orchestration, through which the security service of the network function can be quickly switched to maintain the optimal operation and management of equipment Extremely dynamic service chaining is possible.
- Intelligent security networking system is composed of the IDC center of the software-defined networking network (SDN) environment, the IDC center is composed of Argos system (2) and Legacy system (4), Argos system SCS 12, CPS 14, SDS 16, firewall 18, IDS 20, and IPS 22 are connected in parallel to the open flow switch 10 configured therein. , SDS, firewall, IDS, and IPS are connected to OCS and DB through L2.
- SDN software-defined networking network
- the OCS interworks with the SCS, CPS, SDS, firewall, IDS, and IPS to perform network function virtualization and service chaining.
- the intelligent security networking system in an intelligent security networking environment performed in a node of a software defined networking network (SDN),
- SDN software defined networking network
- FIG. 3 is a diagram illustrating a VTN information setting state through an intelligent security networking system according to an embodiment of the present invention.
- the IDC center manager may perform VTN information setting, which is a process of FIG. 2, in which the IDC center manager is in the OCS (OrChestration system). Perform VTN information setting.
- the OrChestration system receives the name or description of the VTN
- the OrChestration system receives the VTN identification method such as IP or Mac or VLAN
- the OrChestration system is the IP of the host server in the VTN. You will be prompted for Mac or VLAN information.
- FIGS. 4 and 5 are diagrams illustrating a security service setting state through an intelligent security networking system according to an embodiment of the present invention.
- the IDC center manager may perform security service information setting for each VTN, which is the process of FIG. 2 b.
- the IDC center manager performs the OCS (OrChestration). system) to set VTN security service information.
- the IDC center manager sets VTN security service information in the OrChestration system (OCS), and the OrChestration system (OCS) assigns security service functions to a plurality of VTNs in a chaining pool system (CPS).
- OCS OrChestration system
- CPS chaining pool system
- OrChestration system sets a corresponding policy when a security abnormal signal occurs in the chaining pool system (CPS).
- the policy establishment and setting of the security service for each VTN is performed by performing a security service path processing such as “OFS-FW-OFS-Destination”, and auto-scaling when traffic increases. )
- a security service path processing such as “OFS-FW-OFS-Destination”, and auto-scaling when traffic increases.
- It can also be configured to extract security service paths such as “OFS1-FW-IPS-OFS3-Destination” when anomalous packets are detected, or “OFS-LB-FW (or other FW) when traffic growth and anomaly packets are detected at the same time. Configurable to extract secure service paths such as “IPS (or other IPS) -OFS-Destination”.
- FIG. 6 is a diagram illustrating a security service application state of the intelligent security networking system according to an embodiment of the present invention.
- VTN information and security service setting information for each VTN are set to SDS (Self).
- SDS Self
- SCS SDN Controller System
- CPS Chaining Pool System
- SCS SDN Controller System
- CPS chaining pool system
- the Self-Defending System is a means for performing a packet monitoring by mirroring all data packets introduced through the Internet.
- FIGS. 7 and 8 are diagrams illustrating an intrusion detection monitoring state through an intelligent security networking system according to an embodiment of the present invention.
- SCS SDN Controller System
- OCS OrChestration system
- the OrChestration System receives traffic and resource information from a Self-Defending System (SDS), an SDN Controller System (SCS), and a Chaining Pool System (CPS) to determine whether traffic and resources are abnormal.
- SDS Self-Defending System
- SCS SDN Controller System
- CCS Chaining Pool System
- OrChestration system mirrors packet data from the SDS (Self-Defending System) to make an intrusion detection judgment.
- SDS Self-Defending System
- an error indication capture signal is sent to the manager of the IDC center. Send.
- the OrChestration system receives and stores event signals from an SDS (Self-Defending System), an SDN Controller System (SCS), and a Chaining Pool System (CPS), determines an intrusion detection, and detects an intrusion. Invoke the service chaining algorithm.
- SDS Self-Defending System
- SCS SDN Controller System
- CPS Chaining Pool System
- OrChestration system receives traffic / resource information to determine whether a threshold is exceeded, calls a service chaining algorithm when exceeded, and receives security service status information to present security service node information.
- 9, 10, 11, 12 and 13 are diagrams detailing a security service application state through an intelligent security networking system according to an embodiment of the present invention.
- the intelligent security networking system is divided into a non-security when the security service is applied, and when the security service is applied, when the security service is not applied "OFS-FW-OFS-destination It performs security service path processing like
- the OrChestration system receives the traffic / resource information to determine whether the threshold is exceeded, calls the service chaining algorithm when the threshold is exceeded, and receives the security service status information. Extract the optimal security service node information.
- a security service path such as “OFS-LB-FW (or other FW) -OFS-destination” is extracted through auto-scaling.
- OCS OrChestration system
- the OrChestration system can derive a security service path, for example, if an increase in traffic and an abnormal packet are detected at the same time, “OFS-LB-FW (or other FW) -IPS. (Or other IPS) -OFS-destination ”.
- the OCS OrderChestration system
- the security platform information includes (but is not limited to) an abnormal traffic type, a physical port, a transmission address, and a destination address, and includes a Count item and an Actions item.
- the security platform information includes (but is not limited to) abnormal traffic types, physical ports, send addresses, and destination addresses, and includes Count and Actions items.
- the service chain list path setting in the high-strength security attack or traffic situation is illustrated as an example. However, this is only an example.
- an appropriate algorithm is performed through an optimization algorithm that constructs a service chain list aggressively.
- the optimization algorithm may be configured to set or detect a physical port, a destination address, and a send address separately from the Counts item to perform the subsequent processing. Can be).
- the optimization algorithm can detect one or two or more items in parallel or sequentially to maximize the service throughput of the SDN.
- each service chaining domain may be flexibly detected according to the service chaining domain.
- you can set the service chain list path i.e. flow3 or more besides flow 1 and flow 2).
- a user-tailored virtual application security chaining service can be provided for each VTN (Virtual Tenant Network) provided by an SDN network.
- VTN Virtual Tenant Network
- self-defense active response technology provides administrators with the convenience of automatically managing the network, while reducing operational costs by responding immediately to cyber attacks or failures.
- high-performance / high-strength security services such as cloud data center virtual security service sector, closed network operation government agency security sector (major institutional network providers such as the Ministry of Public Administration and Security, civil service, police, and NIS), general enterprise security equipment, and CDN / Internet broadcasting It can be applied to the field required.
- the intelligent security networking system according to an embodiment of the present invention is not limited only to the above-described embodiment, various changes are possible without departing from the technical gist of the present invention.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
La présente invention concerne un système de mise en réseau intelligent en termes de sécurité, et la présente invention vise à proposer un système intelligent en termes de sécurité dans lequel les performances de sécurité d'un réseau de communication virtuel sont améliorées en effectuant un chaînage de service permettant de dériver un acheminement de service de sécurité approprié, de manière à pouvoir fournir au réseau de communication virtuel une détection de signes inhabituels, une détection du trafic et un service de sécurité, ce qui permet d'assurer l'extensibilité du service. Lors de la mise en œuvre de la présente invention, une politique de service de sécurité établie dans un centre IDC peut être appliquée de manière flexible à un port d'un commutateur OpenFlow (ou un nœud), tous les paquets entrés provenant d'internet peuvent être surveillée en temps réel de manière à effectuer, lorsqu'une défaillance se produit dans un réseau, une analyse de l'écoulement du trafic et de la réalisation ou non d'une détection d'intrusion, de sorte qu'un acheminement approprié du service de sécurité est reconfiguré, ce qui garantit la continuité de la transmission de trafic et améliore la qualité de service.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020140184567A KR101615045B1 (ko) | 2014-12-19 | 2014-12-19 | 지능형 보안 네트워킹 시스템 및 그 방법 |
KR10-2014-0184567 | 2014-12-19 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2016098968A1 true WO2016098968A1 (fr) | 2016-06-23 |
Family
ID=55918533
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2015/005452 WO2016098968A1 (fr) | 2014-12-19 | 2015-06-01 | Système de mise en réseau intelligent en termes sécurité et procédé associé |
Country Status (2)
Country | Link |
---|---|
KR (1) | KR101615045B1 (fr) |
WO (1) | WO2016098968A1 (fr) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2018117336A1 (fr) * | 2016-12-20 | 2018-06-28 | 성균관대학교산학협력단 | Commutateur openflow pour récupération d'erreur, contrôleur openflow et procédé de récupération d'erreur |
CN109491668A (zh) * | 2018-10-11 | 2019-03-19 | 浙江工商大学 | 一种sdn/nfv服务部署的拟态防御构架及方法 |
CN114629853A (zh) * | 2022-02-28 | 2022-06-14 | 天翼安全科技有限公司 | 安全资源池中基于安全服务链解析的流量分类控制方法 |
US11968231B2 (en) | 2021-08-04 | 2024-04-23 | International Business Machines Corporation | Intelligent request routing within service mesh |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR102281757B1 (ko) * | 2015-02-27 | 2021-07-26 | 에스케이텔레콤 주식회사 | Sdn 기반의 네트워크 모니터링 장치 및 방법 |
KR101833712B1 (ko) * | 2016-05-31 | 2018-03-02 | 아토리서치(주) | 소프트웨어 정의 네트워킹을 이용하여 서비스 기능 체인을 운용하는 방법, 장치 및 컴퓨터 프로그램 |
KR102068622B1 (ko) * | 2019-03-14 | 2020-01-21 | 차수정 | 이기종 네트워크 보안시스템을 위한 빅데이타 분석기반의 지능형 장애예측 시스템 |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20040055895A (ko) * | 2002-12-23 | 2004-06-30 | 한국전자통신연구원 | 광역망에서의 차등 보안 서비스 장치 및 방법 |
KR20140072343A (ko) * | 2012-12-03 | 2014-06-13 | 한국전자통신연구원 | Sdn 망의 장애 대처 방법 |
-
2014
- 2014-12-19 KR KR1020140184567A patent/KR101615045B1/ko active IP Right Grant
-
2015
- 2015-06-01 WO PCT/KR2015/005452 patent/WO2016098968A1/fr active Application Filing
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20040055895A (ko) * | 2002-12-23 | 2004-06-30 | 한국전자통신연구원 | 광역망에서의 차등 보안 서비스 장치 및 방법 |
KR20140072343A (ko) * | 2012-12-03 | 2014-06-13 | 한국전자통신연구원 | Sdn 망의 장애 대처 방법 |
Non-Patent Citations (1)
Title |
---|
"Contrail Architecture", JUNIPER NETWORKS, WHITE PAPER, 2013, Retrieved from the Internet <URL:http://www.juniper.net/us/en/local/pdf/whitepapers/2000535-en.pdf> * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2018117336A1 (fr) * | 2016-12-20 | 2018-06-28 | 성균관대학교산학협력단 | Commutateur openflow pour récupération d'erreur, contrôleur openflow et procédé de récupération d'erreur |
CN109491668A (zh) * | 2018-10-11 | 2019-03-19 | 浙江工商大学 | 一种sdn/nfv服务部署的拟态防御构架及方法 |
US11968231B2 (en) | 2021-08-04 | 2024-04-23 | International Business Machines Corporation | Intelligent request routing within service mesh |
CN114629853A (zh) * | 2022-02-28 | 2022-06-14 | 天翼安全科技有限公司 | 安全资源池中基于安全服务链解析的流量分类控制方法 |
Also Published As
Publication number | Publication date |
---|---|
KR101615045B1 (ko) | 2016-04-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2016098968A1 (fr) | Système de mise en réseau intelligent en termes sécurité et procédé associé | |
Shin et al. | Enhancing network security through software defined networking (SDN) | |
CN108040057B (zh) | 适于保障网络安全、网络通信质量的sdn系统的工作方法 | |
CN107623663B (zh) | 处理网络流量的方法及装置 | |
EP1624644B1 (fr) | Routage de réseau privilégié | |
US20070101422A1 (en) | Automated network blocking method and system | |
WO2015152436A1 (fr) | Système de chaînage de services basé sur un réseau sdn | |
WO2012172509A2 (fr) | Systèmes et procédés qui réalisent un étranglement de requête d'application dans un environnement informatique distribué | |
US11949654B2 (en) | Distributed offload leveraging different offload devices | |
EP2158728B1 (fr) | Gestion de défaut de connexion guidée par des données (ddcfm) dans des points de maintenance de défaut de connexion (cfm) | |
WO2017122849A1 (fr) | Système de réseau de l'internet des objets | |
Spiekermann et al. | Network forensic investigation in OpenFlow networks with ForCon | |
EP2656553B1 (fr) | Procédé et agencement de transfert de paquets de données | |
WO2020130158A1 (fr) | Système de réseau fronthaul ouvert | |
US20150229659A1 (en) | Passive detection of malicious network-mapping software in computer networks | |
Almaini et al. | Delegation of authentication to the data plane in software-defined networks | |
Han et al. | State-aware network access management for software-defined networks | |
WO2021020935A1 (fr) | Procédé de réponse à une intrusion à base de sdn pour réseau embarqué et système l'utilisant | |
KR20200069632A (ko) | 소프트웨어 정의 네트워크를 이용하여 디도스 공격을 회피하는 방법, 장치 및 컴퓨터 프로그램 | |
US9912575B2 (en) | Routing network traffic packets through a shared inline tool | |
Matties | Distributed responder ARP: Using SDN to re-engineer ARP from within the network | |
KR20160036182A (ko) | 레거시 네트워크 프로토콜 기능과 sdn 기능이 하이브리드하게 동작하는 오픈플로우 동작 방법 | |
Katsura et al. | Quick blocking operation of firewall system cooperating with IDS and SDN | |
Chukwu et al. | One pass packet steering (OPPS) for stateless policy chains in multi-subscriber SDN | |
Rajaboevich et al. | Method for implementing traffic filtering in SDN networks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 15870136 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 15870136 Country of ref document: EP Kind code of ref document: A1 |