WO2019080163A1 - Method for identifying fake source communication of cloud platform virtual switch - Google Patents
Method for identifying fake source communication of cloud platform virtual switchInfo
- Publication number
- WO2019080163A1 WO2019080163A1 PCT/CN2017/109595 CN2017109595W WO2019080163A1 WO 2019080163 A1 WO2019080163 A1 WO 2019080163A1 CN 2017109595 W CN2017109595 W CN 2017109595W WO 2019080163 A1 WO2019080163 A1 WO 2019080163A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- information
- address
- virtual switch
- virtual
- port
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/70—Virtual switches
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Definitions
- the technical problem to be solved by the present invention is to provide a method for identifying a forged source communication of a cloud platform virtual switch, and to check the security of the communication from the perspective of the virtual switch of the cloud platform.
- the method includes the following steps:
- the detection method is:
- the port it is judged to be an internal port or an external port.
- the internal ports are: virtual interfaces of the cloud platform virtual machine, the container, the physical machine, and the docking port of the virtual switch;
- the API for querying the network information is acquired to obtain the network IP and MAC address information recorded in the controller, if the IP, If the MAC and the feature record are inconsistent, it is determined that the IP and MAC records of the communication belong to the forged source communication;
- the API for querying the network information is invoked according to the MAC and IP address of the feature record to query whether the IP and MAC exist on the controller; if the information exists on the controller, the time is queried in the feature record database. Whether the MAC and IP feature records exist on other nearby virtual switches. If not found and the MAC address is not the gateway MAC address, it is determined that the IP and MAC data communication is forged; if the MAC address is the gateway MAC address, then Go to (4) for processing;
- the communication belongs to the communication outside the cloud platform and the cloud platform, and the detection is implemented by using a third-party detection tool; and the detection method of the simple credibility model is included.
- the virtual switch is an OpenvSwitch; the network data exchange of the virtual machine, the container, or the physical machine passes through the virtual switch; the network of the virtual machine, the container, or the physical machine is directly or indirectly established on the virtual switch. On the port.
- the characteristic information includes a communication source mac address, a source IP address, a VLAN identifier, a virtual switch port number, a virtual switch host number, a traffic information, and a switch identifier.
- the number and virtual switch host number information are collected and collected by the sflow protocol.
- the database uses influxdb as data storage, and periodically clears the feature information records exceeding the threshold time to ensure the timeliness of the records.
- the network controller provides an information API interface for querying the network, and stores network information on the cloud platform, which includes mac, IP address, VLAN information, network subnet information, and virtual interface information of the bound virtual machine.
- the method of the invention can identify the forged source mac and ip address communication for data exchange on the virtual switch of the cloud platform, in particular, identify the forged source communication within the cloud platform, and improve the security monitoring capability of the virtual switch communication on the cloud platform.
- Figure 1 is a flow chart of the present invention.
- This article takes OpenvSwitch as the virtual switch and Neutron component as the network controller as an example.
- Agent_IP is the IP of the host on the virtual switch
- COLLECTOR_IP is the IP of the collector
- the aftBD913EAA port is connected to the virtual machine and is the internal port.
- the eth0 port is an external port.
- the aftBD913EAA is an internal interface, and obtains the virtual network interface of the virtual machine uuidf04fc4ec-f1de-4210-a606-2977a48ac725 bound to the virtual machine according to the port number, and the IP address recorded on the controller side
- the MAC address is fa:16:3e:29:64:e7, and the ip address is 11.11.11.5.
- the record is legal communication.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The present invention relates to the field of cloud computing network security technologies, and in particular, to a method for identifying a fake source communication of a cloud platform virtual switch. The method of the invention comprises the following steps: (1) obtaining, on a virtual switch port, feature information such as a source mac address and a source IP address of a communication packet; (2) storing the feature information in the database in sequence according to the time series relationship; (3) analyzing the feature information record set for a period of time according to data and a detection method of a network controller; and if a record of a fake mac address or fake IP address is obtained, then it is identified that a fake source communication behavior exists on the corresponding port on the virtual switch. With the invention, the fake source communication behavior on the virtual switch of the cloud platform can be identified to a certain extent, and the network security monitoring capability of the cloud platform can be improved.
Description
本发明涉及云计算网络安全技术领域,特别一种对云平台虚拟交换机伪造源通信的识别方法。The present invention relates to the field of cloud computing network security technologies, and in particular, to a method for identifying a fake source communication of a cloud platform virtual switch.
随着云计算的发展,很多业务系统迁移到虚拟化平台上,显得虚拟化平台的网络安全性尤为重要了。传统的方法是在虚拟化网络边界处检查网络是否收到攻击、病毒入侵的行为。但是对于虚拟化平台,在一个虚拟化平台内部的网络安全检查行为目前很少有好的方法;而且内部的网络通信占据了很重要的比重,是否可以着手于云平台上的虚拟交换机来检查通信的安全性呢?是值得研究的问题。With the development of cloud computing, many business systems have migrated to the virtualization platform, which makes the network security of the virtualization platform particularly important. The traditional method is to check whether the network receives attacks and virus intrusion at the boundary of the virtualized network. However, for the virtualization platform, there are few good methods for network security check behavior within a virtualization platform; and internal network communication occupies a very important proportion, whether it can start to check the communication on the virtual switch on the cloud platform. Security? It is a question worth studying.
发明内容Summary of the invention
本发明解决的技术问题是提供一种对云平台虚拟交换机伪造源通信的识别方法,实现从云平台虚拟交换机角度来检查通信的安全性。The technical problem to be solved by the present invention is to provide a method for identifying a forged source communication of a cloud platform virtual switch, and to check the security of the communication from the perspective of the virtual switch of the cloud platform.
本发明解决上述技术问题的技术方案是:The technical solution of the present invention to solve the above technical problem is:
所述的方法包括如下步骤:The method includes the following steps:
(1)在虚拟交换机的端口上获取通信数据包的源mac地址、源IP地址、VLAN标识、端口号、虚拟交换机所在主机号、交换机标识特征信息;(1) Obtaining the source mac address, source IP address, VLAN ID, port number, host number of the virtual switch, and switch identification feature information of the communication packet on the port of the virtual switch;
(2)将特征信息按照时序关系依次存储在数据库中;(2) storing the feature information in the database in sequence according to the time series relationship;
(3)根据网络控制器的数据和检测方法,分析一段时间内特征信息记录集;
如获得mac地址或IP地址伪造的记录;则将其识别为该虚拟交换机上对应端口存在伪造源的通信行为。(3) analyzing the feature information record set for a period of time according to the data and detection method of the network controller;
If the record is forged by the mac address or IP address, it is identified as the communication behavior of the counter source on the corresponding port on the virtual switch.
所述的检测方法是:The detection method is:
(1)根据端口判断是内部端口或外部端口,(1) According to the port, it is judged to be an internal port or an external port.
内部端口为:云平台虚拟机、容器、物理机的虚拟接口和虚拟交换机的对接端口;The internal ports are: virtual interfaces of the cloud platform virtual machine, the container, the physical machine, and the docking port of the virtual switch;
外部端口为虚拟交换机与物理网卡接入、作为对外接入通信的接口,实现跨节点间的虚拟交换机之间或者云平台外部与内部通信的端口;The external port is a virtual switch and a physical network card, and serves as an interface for external access communication, and implements a port for communication between the virtual switches between nodes or between the cloud platform and the outside of the cloud platform;
(2)对内部端口,则根据端口号所绑定的虚拟机、容器、物理机的虚拟接口信息,调用查询网络信息的API获取控制器中记录的网络IP、MAC地址信息,如果该IP、MAC和特征记录上的不一致,则判断该通信的IP和MAC记录属于伪造源通信;(2) For the internal port, according to the virtual interface information of the virtual machine, the container, and the physical machine to which the port number is bound, the API for querying the network information is acquired to obtain the network IP and MAC address information recorded in the controller, if the IP, If the MAC and the feature record are inconsistent, it is determined that the IP and MAC records of the communication belong to the forged source communication;
(3)对外部端口,则根据特征记录上MAC和IP地址调用查询网络信息的API查询控制器上该IP和MAC是否存在;如果控制器上存在该信息,则在特征记录数据库中查询该时间附近的其他虚拟交换机上是否存在该MAC和IP特征记录,如果没有找到并且该MAC地址不是网关MAC地址,则判断该IP和MAC数据通信属于伪造的;如果该MAC地址为网关MAC地址,则转到(4)进行处理;(3) For the external port, the API for querying the network information is invoked according to the MAC and IP address of the feature record to query whether the IP and MAC exist on the controller; if the information exists on the controller, the time is queried in the feature record database. Whether the MAC and IP feature records exist on other nearby virtual switches. If not found and the MAC address is not the gateway MAC address, it is determined that the IP and MAC data communication is forged; if the MAC address is the gateway MAC address, then Go to (4) for processing;
(4)该通信属于云平台外部和云平台内部的通信,借助第三方的检测工具来实现检测;包括朴素可信度模型的检测方法。(4) The communication belongs to the communication outside the cloud platform and the cloud platform, and the detection is implemented by using a third-party detection tool; and the detection method of the simple credibility model is included.
所述的虚拟交换机为OpenvSwitch;虚拟机、容器或物理机的网络数据交换经过虚拟交换机;虚拟机、容器或物理机的网络直接或间接建立在虚拟交换机
的端口上。The virtual switch is an OpenvSwitch; the network data exchange of the virtual machine, the container, or the physical machine passes through the virtual switch; the network of the virtual machine, the container, or the physical machine is directly or indirectly established on the virtual switch.
On the port.
所述的特征信息包含通信源mac地址、源IP地址、VLAN标识、虚拟交换机端口号、虚拟交换机主机号、流量信息、交换机标识;其中,源mac地址、源IP地址、VLAN标识、虚拟交换机端口号、虚拟交换机主机号信息由sflow协议采集获取。The characteristic information includes a communication source mac address, a source IP address, a VLAN identifier, a virtual switch port number, a virtual switch host number, a traffic information, and a switch identifier. The source mac address, the source IP address, the VLAN identifier, and the virtual switch port. The number and virtual switch host number information are collected and collected by the sflow protocol.
所述的数据库以influxdb作为数据存储,定期清除超过阈值时间的特征信息记录,保证记录的时效性。The database uses influxdb as data storage, and periodically clears the feature information records exceeding the threshold time to ensure the timeliness of the records.
所述的网络控制器对外提供查询网络的信息API接口,存储了云平台上网络信息,其包含了mac、IP地址、VLAN信息、网络子网信息、绑定的虚拟机的虚拟接口信息。The network controller provides an information API interface for querying the network, and stores network information on the cloud platform, which includes mac, IP address, VLAN information, network subnet information, and virtual interface information of the bound virtual machine.
本发明方案的有益效果如下:The beneficial effects of the solution of the present invention are as follows:
本发明的方法可以对云平台的虚拟交换机上的数据交换进行伪造源mac和ip地址通信的识别,特别是云平台内部伪造源通信的识别,提高了云平台上虚拟交换机通信的安全监测能力。The method of the invention can identify the forged source mac and ip address communication for data exchange on the virtual switch of the cloud platform, in particular, identify the forged source communication within the cloud platform, and improve the security monitoring capability of the virtual switch communication on the cloud platform.
下面结合附图对本发明进一步说明:The present invention is further described below in conjunction with the accompanying drawings:
图1为本发明的流程图。Figure 1 is a flow chart of the present invention.
本文以OpenvSwitch为虚拟交换机,Neutron组件作为网络控制器为例,This article takes OpenvSwitch as the virtual switch and Neutron component as the network controller as an example.
1、获取OpenvSwitch端口的网络特征信息,以sflow协议作为数据包采集协议1. Obtain the network feature information of the OpenvSwitch port, and use the sflow protocol as the packet collection protocol.
sflow的采集和OpenvSwitch对接
Sflow acquisition and OpenvSwitch docking
其中Agent_IP为虚拟交换机上宿主机的IP,COLLECTOR_IP为收集器的IPAgent_IP is the IP of the host on the virtual switch, and COLLECTOR_IP is the IP of the collector.
2、采集的特征信息存取到数据库中,本文以influxdb作为存储数据库为2, the collected feature information is accessed into the database, this article uses influxdb as the storage database
例如插入switch_records表记录For example, insert the switch_records table record
3、检查识别伪造源3. Check and identify the source of forgery
(1)区分内、外部端口(1) Distinguish between internal and external ports
以云平台管理虚拟机的网络为例进行说明,在宿主机上执行ovs-vsctl show命令,获取到如下输出Take the cloud platform management virtual machine network as an example. Execute the ovs-vsctl show command on the host machine to obtain the following output.
可以查看相关端口上,该aftBD913EAA端口与虚拟机连接,则为内部端口;You can view the related port. The aftBD913EAA port is connected to the virtual machine and is the internal port.
该eth0端口为外部端口。The eth0 port is an external port.
(2)该aftBD913EAA为内部接口,则获取绑定的虚拟机的根据端口号所绑定的虚拟机uuidf04fc4ec-f1de-4210-a606-2977a48ac725的虚拟网络接口,其在控制器端上记录的IP和MAC地址为fa:16:3e:29:64:e7,ip地址为11.11.11.5,则该记录为合法通信;(2) The aftBD913EAA is an internal interface, and obtains the virtual network interface of the virtual machine uuidf04fc4ec-f1de-4210-a606-2977a48ac725 bound to the virtual machine according to the port number, and the IP address recorded on the controller side The MAC address is fa:16:3e:29:64:e7, and the ip address is 11.11.11.5. The record is legal communication.
(3)该eth0为外部端口,在控制器的数据中查询其MAC和IP fa:16:3e:c3:04:97,ip=10.0.0.224是否存在,存在该条记录,则在特征记录中其他主机上没有查询到该记录信息,则经过该eth0端口该条数据包属于伪造的。
(3) The eth0 is an external port, and the MAC and IP fa:16:3e:c3:04:97, ip=10.0.0.224 is checked in the data of the controller. If the record exists, it is in the feature record. If the record information is not queried on other hosts, the packet is forged through the eth0 port.
Claims (7)
- 一种对云平台虚拟交换机伪造源通信的识别方法,其特征在于,所述的方法包括如下步骤:A method for identifying a forged source communication of a virtual switch of a cloud platform, characterized in that the method comprises the following steps:(1)在虚拟交换机的端口上获取通信数据包的源mac地址、源IP地址、VLAN标识、端口号、虚拟交换机所在主机号、交换机标识特征信息;(1) Obtaining the source mac address, source IP address, VLAN ID, port number, host number of the virtual switch, and switch identification feature information of the communication packet on the port of the virtual switch;(2)将特征信息按照时序关系依次存储在数据库中;(2) storing the feature information in the database in sequence according to the time series relationship;(3)根据网络控制器的数据和检测方法,分析一段时间内特征信息记录集;如获得mac地址或IP地址伪造的记录;则将其识别为该虚拟交换机上对应端口存在伪造源的通信行为。(3) analyzing the feature information record set for a period of time according to the data and detection method of the network controller; if obtaining the record of the mac address or IP address forgery; identifying it as the communication behavior of the counter source of the corresponding port on the virtual switch .所述的检测方法是:The detection method is:(1)根据端口判断是内部端口或外部端口,(1) According to the port, it is judged to be an internal port or an external port.内部端口为:云平台虚拟机、容器、物理机的虚拟接口和虚拟交换机的对接端口;The internal ports are: virtual interfaces of the cloud platform virtual machine, the container, the physical machine, and the docking port of the virtual switch;外部端口为虚拟交换机与物理网卡接入、作为对外接入通信的接口,实现跨节点间的虚拟交换机之间或者云平台外部与内部通信的端口;The external port is a virtual switch and a physical network card, and serves as an interface for external access communication, and implements a port for communication between the virtual switches between nodes or between the cloud platform and the outside of the cloud platform;(2)对内部端口,则根据端口号所绑定的虚拟机、容器、物理机的虚拟接口信息,调用查询网络信息的API获取控制器中记录的网络IP、MAC地址信息,如果该IP、MAC和特征记录上的不一致,则判断该通信的IP和MAC记录属于伪造源通信;(2) For the internal port, according to the virtual interface information of the virtual machine, the container, and the physical machine to which the port number is bound, the API for querying the network information is acquired to obtain the network IP and MAC address information recorded in the controller, if the IP, If the MAC and the feature record are inconsistent, it is determined that the IP and MAC records of the communication belong to the forged source communication;(3)对外部端口,则根据特征记录上MAC和IP地址调用查询网络信息的API查询控制器上该IP和MAC是否存在;如果控制器上存在该信息,则在特 征记录数据库中查询该时间附近的其他虚拟交换机上是否存在该MAC和IP特征记录,如果没有找到并且该MAC地址不是网关MAC地址,则判断该IP和MAC数据通信属于伪造的;如果该MAC地址为网关MAC地址,则转到(4)进行处理;(3) For the external port, the API for querying the network information is invoked according to the MAC and IP address of the feature record to query whether the IP and MAC exist on the controller; if the information exists on the controller, then Checking whether the MAC and IP feature records exist on the other virtual switches in the vicinity of the time in the record database. If the MAC address is not found and the MAC address is not the gateway MAC address, it is determined that the IP and MAC data communication is forged; if the MAC address For the gateway MAC address, go to (4) for processing;(4)该通信属于云平台外部和云平台内部的通信,借助第三方的检测工具来实现检测;包括朴素可信度模型的检测方法。(4) The communication belongs to the communication outside the cloud platform and the cloud platform, and the detection is implemented by using a third-party detection tool; and the detection method of the simple credibility model is included.
- 根据权利要求1所述的方法,其特征在于,所述的虚拟交换机为OpenvSwitch;虚拟机、容器或物理机的网络数据交换经过虚拟交换机;虚拟机、容器或物理机的网络直接或间接建立在虚拟交换机的端口上。The method according to claim 1, wherein the virtual switch is an OpenvSwitch; the network data exchange of the virtual machine, the container or the physical machine passes through the virtual switch; the network of the virtual machine, the container or the physical machine is directly or indirectly established On the port of the virtual switch.
- 根据权利要求1所述的方法其特征在于,所述的特征信息包含通信源mac地址、源IP地址、VLAN标识、虚拟交换机端口号、虚拟交换机主机号、流量信息、交换机标识;其中,源mac地址、源IP地址、VLAN标识、虚拟交换机端口号、虚拟交换机主机号信息由sflow协议采集获取。The method according to claim 1, wherein the feature information comprises a communication source mac address, a source IP address, a VLAN identifier, a virtual switch port number, a virtual switch host number, a traffic information, and a switch identifier; wherein, the source mac The address, source IP address, VLAN ID, virtual switch port number, and virtual switch host number are collected and obtained by the sflow protocol.
- 根据权利要求2所述的方法其特征在于,所述的特征信息包含通信源mac地址、源IP地址、VLAN标识、虚拟交换机端口号、虚拟交换机主机号、流量信息、交换机标识;其中,源mac地址、源IP地址、VLAN标识、虚拟交换机端口号、虚拟交换机主机号信息由sflow协议采集获取。The method according to claim 2, wherein the feature information comprises a communication source mac address, a source IP address, a VLAN identifier, a virtual switch port number, a virtual switch host number, a traffic information, and a switch identifier; wherein, the source mac The address, source IP address, VLAN ID, virtual switch port number, and virtual switch host number are collected and obtained by the sflow protocol.
- 根据权利要求1至4任一项所述的方法,其特征在于,所述的数据库以influxdb作为数据存储,定期清除超过阈值时间的特征信息记录,保证记录的时效性。The method according to any one of claims 1 to 4, wherein the database is stored as influxdb, and the feature information records exceeding the threshold time are periodically cleared to ensure the timeliness of the records.
- 根据权利要求1至4任一项所述的方法,其特征在于,所述的网络控制器对外提供查询网络的信息API接口,存储了云平台上网络信息,其包含了mac、 IP地址、VLAN信息、网络子网信息、绑定的虚拟机的虚拟接口信息。The method according to any one of claims 1 to 4, wherein the network controller provides an information API interface for querying the network, and stores network information on the cloud platform, which includes the mac, IP address, VLAN information, network subnet information, and virtual interface information of the bound virtual machine.
- 根据权利要求5所述的方法,其特征在于,所述的网络控制器对外提供查询网络的信息API接口,存储了云平台上网络信息,其包含了mac、IP地址、VLAN信息、网络子网信息、绑定的虚拟机的虚拟接口信息。 The method according to claim 5, wherein the network controller provides an information API interface for querying the network, and stores network information on the cloud platform, which includes mac, IP address, VLAN information, and network subnet. Information, virtual interface information of the bound virtual machine.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710994937.9A CN107800696B (en) | 2017-10-23 | 2017-10-23 | Method for identifying communication counterfeiting source on cloud platform virtual switch |
CN201710994937.9 | 2017-10-23 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2019080163A1 true WO2019080163A1 (en) | 2019-05-02 |
Family
ID=61533510
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2017/109595 WO2019080163A1 (en) | 2017-10-23 | 2017-11-06 | Method for identifying fake source communication of cloud platform virtual switch |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN107800696B (en) |
WO (1) | WO2019080163A1 (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108989086B (en) * | 2018-06-20 | 2021-03-30 | 复旦大学 | Open vSwitch illegal port operation automatic discovery and tracing system in OpenStack platform |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7870246B1 (en) * | 2005-08-30 | 2011-01-11 | Mcafee, Inc. | System, method, and computer program product for platform-independent port discovery |
CN105657081A (en) * | 2016-04-07 | 2016-06-08 | 华为技术有限公司 | DHCP (dynamic host configuration protocol) service providing method, device and system |
CN106878320A (en) * | 2017-03-09 | 2017-06-20 | 郑州云海信息技术有限公司 | A kind of method and apparatus for preventing IP address spoofing |
CN106961394A (en) * | 2017-03-31 | 2017-07-18 | 联想(北京)有限公司 | Suppress interchanger to flood the method and apparatus of storm |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9306916B2 (en) * | 2013-12-25 | 2016-04-05 | Cavium, Inc. | System and a method for a remote direct memory access over converged ethernet |
WO2015184586A1 (en) * | 2014-06-03 | 2015-12-10 | 华为技术有限公司 | Openflow communication method, system, controller, and service gateway |
CN105577548B (en) * | 2014-10-10 | 2018-10-09 | 新华三技术有限公司 | Message processing method and device in a kind of software defined network |
CN105871787A (en) * | 2015-01-22 | 2016-08-17 | 中国移动通信集团公司 | Intrusion prevention method applied to cloud virtual network, device, network device and system |
US9497165B2 (en) * | 2015-03-26 | 2016-11-15 | International Business Machines Corporation | Virtual firewall load balancer |
CN104994094B (en) * | 2015-07-01 | 2016-11-30 | 北京奇虎科技有限公司 | Virtual platform safety protecting method based on virtual switch, device and system |
CN105429946A (en) * | 2015-10-28 | 2016-03-23 | 广州西麦科技股份有限公司 | System and method of preventing forging IP address based on SDN virtual switch |
CN107104852A (en) * | 2017-03-28 | 2017-08-29 | 深圳市神云科技有限公司 | Monitor the method and device of cloud platform virtual network environment |
-
2017
- 2017-10-23 CN CN201710994937.9A patent/CN107800696B/en active Active
- 2017-11-06 WO PCT/CN2017/109595 patent/WO2019080163A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7870246B1 (en) * | 2005-08-30 | 2011-01-11 | Mcafee, Inc. | System, method, and computer program product for platform-independent port discovery |
CN105657081A (en) * | 2016-04-07 | 2016-06-08 | 华为技术有限公司 | DHCP (dynamic host configuration protocol) service providing method, device and system |
CN106878320A (en) * | 2017-03-09 | 2017-06-20 | 郑州云海信息技术有限公司 | A kind of method and apparatus for preventing IP address spoofing |
CN106961394A (en) * | 2017-03-31 | 2017-07-18 | 联想(北京)有限公司 | Suppress interchanger to flood the method and apparatus of storm |
Also Published As
Publication number | Publication date |
---|---|
CN107800696A (en) | 2018-03-13 |
CN107800696B (en) | 2020-07-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN113228589B (en) | Protecting network-based computing resources using tags | |
US10873534B1 (en) | Data plane with flow learning circuit | |
CN109040130B (en) | Method for measuring host network behavior pattern based on attribute relation graph | |
CN109379390B (en) | Network security baseline generation method based on full flow | |
CN102487339A (en) | Attack preventing method for network equipment and device | |
US9847968B2 (en) | Method and system for generating durable host identifiers using network artifacts | |
CN110933111B (en) | DDoS attack identification method and device based on DPI | |
CN106341337A (en) | Flow detection and control mechanism capable of realizing application perception under SDN and method | |
EP2836911A2 (en) | Network virtual user risk control method and system | |
EP3282643B1 (en) | Method and apparatus of estimating conversation in a distributed netflow environment | |
CN109951459A (en) | A kind of ARP spoofing attack detection method based on local area network | |
CN107302534A (en) | A kind of DDoS network attack detecting methods and device based on big data platform | |
CN106533947B (en) | Message processing method and device | |
CN109271793A (en) | Internet of Things cloud platform device class recognition methods and system | |
CN106899612A (en) | A kind of method of automatic detection personation host A RP deceptions | |
CN106790062A (en) | A kind of method for detecting abnormality and system based on the polymerization of inverse dns nailing attribute | |
CN108540387A (en) | Method for network access control and device | |
CN107070930A (en) | A kind of suspicious network towards main frame connects recognition methods | |
CN108833430B (en) | Topology protection method of software defined network | |
CN110377977A (en) | Detection method, device and the storage medium of sensitive information leakage | |
CN104113880B (en) | Method of data flow control and system | |
WO2019080163A1 (en) | Method for identifying fake source communication of cloud platform virtual switch | |
CN105718793A (en) | Method and system for preventing malicious code from identifying sandbox on the basis of sandbox environment modification | |
CN106603471B (en) | A kind of firewall policy detection method and device | |
CN108566382B (en) | Firewall self-adaption capability improving method based on rule life cycle detection |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 17930131 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 17930131 Country of ref document: EP Kind code of ref document: A1 |