CN104683333A - Method for implementing abnormal traffic interception based on SDN - Google Patents
Method for implementing abnormal traffic interception based on SDN Download PDFInfo
- Publication number
- CN104683333A CN104683333A CN201510070235.2A CN201510070235A CN104683333A CN 104683333 A CN104683333 A CN 104683333A CN 201510070235 A CN201510070235 A CN 201510070235A CN 104683333 A CN104683333 A CN 104683333A
- Authority
- CN
- China
- Prior art keywords
- interception
- sdn
- traffic
- abnormal
- data packet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000002159 abnormal effect Effects 0.000 title claims abstract description 160
- 238000000034 method Methods 0.000 title claims abstract description 26
- 238000012544 monitoring process Methods 0.000 claims description 23
- 239000000284 extract Substances 0.000 claims description 8
- 230000005540 biological transmission Effects 0.000 claims description 6
- 238000001514 detection method Methods 0.000 description 10
- 238000012545 processing Methods 0.000 description 9
- 238000005516 engineering process Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 6
- 230000006399 behavior Effects 0.000 description 4
- 230000000903 blocking effect Effects 0.000 description 3
- 230000007123 defense Effects 0.000 description 3
- 230000005856 abnormality Effects 0.000 description 2
- 238000012550 audit Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 230000000149 penetrating effect Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 238000013528 artificial neural network Methods 0.000 description 1
- 238000007418 data mining Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000002068 genetic effect Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Embodiments of the invention provide a method and a system for implementing abnormal traffic interception. The method mainly comprises the following steps: extracting abnormal traffic characteristic information in a network, developing an appropriate traffic interception policy according to the abnormal traffic characteristic information, and transmitting the abnormal traffic characteristic information and the traffic interception policy to an SDN (Software Defined Network) controller; generating a traffic interception matching table item of forwarding equipment by the SDN controller according to the abnormal traffic characteristic information and the traffic interception policy, and transmitting the traffic interception matching table item to SDN forwarding equipment; matching received characteristic information of a packet to be forwarded with the traffic interception matching table item by the SDN forwarding equipment, and after matching successfully, performing interception on the packet to be forwarded according to the traffic interception matching table item. The embodiments of the invention can effectively and flexibly intercept the abnormal traffic or attack of the network without affecting normal services of the network, and are applicable to enterprise networks, campus networks, data center networks, internet networks and other traditional networks or novel SDN networks for intercepting the abnormal traffic.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a method for realizing abnormal traffic interception based on an SDN (software defined network).
Background
With the rapid development of the internet, the network openness and the degree of freedom are higher and higher, and the importance of the network security is more and more prominent, the current security solution mostly takes a security defense technology (such as a firewall system) and an intrusion detection technology (such as an intrusion detection system, an intrusion defense system, a network audit system, a database audit system, a malicious code monitoring system, etc.) as the main, prevents an illegal user from entering the network through the security defense technology, reduces the security risk of the network, and implements monitoring and detecting network abnormity or attack behavior through the detection technology, however, although the existing security measures solve the security problems of the network and equipment to a certain extent, the existing security measures have certain defects, such as the traditional firewall is deployed at the edge of the network, and aims to reject obviously suspicious external network traffic, but still allows some behavior disguised as normal traffic to intrude through, moreover, not all threats come from the outside, and thus firewalls remain impracticable for many attacks, particularly inter-internal network attacks.
The detection system deployed by the bypass can find deep attack behaviors penetrating through the firewall in time, but cannot intercept suspicious messages in real time or has a poor interception effect, and most intrusion detection systems are passive.
Therefore, an effective scheme is urgently needed, and after the abnormality is detected, the abnormal traffic or the application can be intercepted and intercepted quickly and effectively.
Disclosure of Invention
The embodiment of the invention provides a method for realizing abnormal traffic interception based on an SDN (Software Defined Network) controller, which is used for effectively and flexibly intercepting abnormal traffic or attack of a Network.
According to an aspect of the present invention, a method for implementing abnormal traffic interception based on an SDN is provided, including:
extracting abnormal traffic characteristic information in a network, making a corresponding traffic interception strategy according to the abnormal traffic characteristic information, and sending the abnormal traffic characteristic information and the traffic interception strategy to an SDN controller;
the SDN controller generates a flow interception matching table item of forwarding equipment according to the abnormal flow characteristic information and a flow interception strategy, and sends the flow interception matching table item to the SDN forwarding equipment;
and the SDN forwarding equipment matches the received characteristic information of the data packet to be forwarded with the flow interception matching table entry, and after the matching is successful, the data packet to be forwarded is intercepted according to the flow interception matching table entry.
Preferably, before sending the abnormal traffic feature information and the traffic interception policy to the SDN controller, the method further includes:
setting SDN forwarding equipment at a traditional network entrance, wherein the SDN forwarding equipment communicates with the SDN controller through an OFP protocol;
or,
setting SDN forwarding equipment on forwarding paths among different forwarding equipment in a traditional network, wherein the SDN forwarding equipment is communicated with the SDN controller through an OFP protocol;
or,
the SDN forwarding device is communicated with the SDN controller through an OFP protocol by utilizing the SDN controller and the SDN forwarding device in the existing SDN network.
Preferably, the extracting of the abnormal traffic feature information in the network, making a corresponding traffic interception policy according to the abnormal traffic feature information, and sending the abnormal traffic feature information and the traffic interception policy to the SDN controller includes:
setting a network security monitoring system and an abnormal traffic interception system in a network, wherein the abnormal traffic interception system comprises: a traffic interception interface module, the SDN controller, and the SDN forwarding device;
after detecting that abnormal conditions occur in traffic transmission in a network, a network security monitoring system sends abnormal condition information to an abnormal traffic interception system, and after receiving the abnormal condition information, a traffic interception interface module in the abnormal traffic interception system extracts abnormal traffic characteristic information in the network according to the abnormal condition information and works out a corresponding traffic interception strategy according to the abnormal traffic characteristic information;
and the traffic interception interface module transmits the abnormal traffic characteristic information and the traffic interception policy to the SDN controller through an Application Programming Interface (API).
Preferably, the SDN controller generates a traffic interception matching entry of a forwarding device according to the abnormal traffic feature information and a traffic interception policy, and sends the traffic interception matching entry to the SDN forwarding device, where the method includes:
the method comprises the steps that an SDN controller generates a flow interception matching table item corresponding to each SDN forwarding device according to received abnormal flow characteristics, flow interception strategies and configuration information of each SDN forwarding device, wherein the flow interception matching table item comprises data packet characteristic information and flow interception strategies which need to be intercepted, and an OFP protocol packet carrying the flow interception matching table item is sent to the corresponding SDN forwarding device through an OFP protocol;
after receiving an OFP protocol packet carrying the flow interception matching table entry and sent by the SDN controller, the SDN forwarding device verifies that a device identifier contained in the OFP protocol packet is consistent with an SDN forwarding device identifier, and stores the flow interception matching table entry.
Preferably, the packet characteristic information includes, but is not limited to, at least one of port, VLAN ID, source IP, destination IP, source MAC, destination MAC, ethertype, TCP/UDP port information, and the traffic interception policy includes dropping or changing forwarding path.
Preferably, the SDN forwarding device matches the received feature information of the to-be-forwarded data packet with the traffic interception matching entry, and after the matching is successful, performs interception processing on the to-be-forwarded data packet according to the traffic interception matching entry, including:
after receiving a data packet to be forwarded, the SDN forwarding device extracts data packet characteristic information of the data packet, and matches the extracted data packet characteristic information with each data packet characteristic information included in the flow interception matching table entry one by one;
when the extracted data packet feature information is matched with certain data packet feature information included in the flow interception matching table entry, intercepting the data packet to be forwarded according to a flow interception strategy corresponding to the certain data packet feature information included in the flow interception matching table entry;
and when the extracted data packet characteristic information is not matched with all the data packet characteristic information included in the flow interception matching table entry, forwarding the data packet to be forwarded according to the original forwarding rule.
According to another aspect of the present invention, a system for implementing abnormal traffic interception based on SDN is provided, including: the system comprises a flow interception interface module, an SDN controller and an SDN forwarding device;
the traffic interception interface module is used for extracting abnormal traffic characteristic information in a network, making a corresponding traffic interception strategy according to the abnormal traffic characteristic information, and sending the abnormal traffic characteristic information and the traffic interception strategy to the SDN controller;
the SDN controller is configured to generate a traffic interception matching entry of a forwarding device according to the abnormal traffic feature information and a traffic interception policy, and send the traffic interception matching entry to the SDN forwarding device;
the SDN forwarding device is configured to match the received feature information of the data packet to be forwarded with the traffic interception matching entry, and intercept the data packet to be forwarded according to the traffic interception matching entry after successful matching.
Preferably, the SDN forwarding device is disposed at an entrance of a legacy network, and communicates with the SDN controller through an OFP protocol; or the SDN forwarding device is arranged among different forwarding devices in a traditional network, and the SDN forwarding device communicates with the SDN controller through an OFP protocol; or, using an SDN controller and an SDN forwarding device in an existing SDN network, the SDN forwarding device communicating with the SDN controller through an OFP protocol.
Preferably, the system further comprises: the network security monitoring system comprises an abnormal flow intercepting system consisting of the flow intercepting interface module, the SDN controller and the SDN forwarding equipment;
the network safety monitoring system is used for sending abnormal condition information to the abnormal flow interception system after detecting that abnormal conditions occur in flow transmission in the network;
the flow interception interface module is used for connecting with the SDN controller, extracting abnormal flow characteristic information in a network according to the abnormal condition information after receiving the abnormal condition information, making a corresponding flow interception strategy according to the abnormal flow characteristic information, and transmitting the abnormal flow characteristic information and the flow interception strategy to the SDN controller through an Application Programming Interface (API).
Preferably, the SDN controller is configured to generate a traffic interception matching entry corresponding to each SDN forwarding device according to the received abnormal traffic characteristics, the received traffic interception policy, and the configuration information of each SDN forwarding device, where the traffic interception matching entry includes characteristic information of a data packet to be intercepted and the traffic interception policy, and send an OFP protocol packet carrying the traffic interception matching entry to the corresponding SDN forwarding device through an OFP protocol;
the SDN forwarding device is configured to store the traffic interception matching entry after receiving an OFP protocol packet carrying the traffic interception matching entry and sent by the SDN controller, and verifying that an equipment identifier included in the OFP protocol packet is consistent with an identifier of the SDN forwarding device itself.
Preferably, the SDN forwarding device is configured to extract data packet feature information of a data packet after receiving the data packet to be forwarded, and match the extracted data packet feature information with each data packet feature information included in the traffic interception matching entry one by one;
when the extracted data packet feature information is matched with certain data packet feature information included in the flow interception matching table entry, intercepting the data packet to be forwarded according to a flow interception strategy corresponding to the certain data packet feature information included in the flow interception matching table entry;
and when the extracted data packet characteristic information is not matched with all the data packet characteristic information included in the flow interception matching table entry, forwarding the data packet to be forwarded according to the original forwarding rule.
According to the technical scheme provided by the embodiment of the invention, the SDN controller and the SDN forwarding device are arranged in the network, so that the abnormal traffic or attack of the network can be effectively and flexibly intercepted without influencing the normal service of the network, and the method and the device can be suitable for the conventional network such as an enterprise network, a campus network, a data center network, an internet network and the like or the SDN network to implement abnormal traffic interception.
Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive labor.
Fig. 1 is a schematic view of an application scenario in which an SDN forwarding device is installed at a conventional network entry according to an embodiment of the present invention;
fig. 2 is a schematic view of an application scenario in which an SDN forwarding device is disposed on a forwarding path between different forwarding devices in a conventional network according to an embodiment of the present invention;
fig. 3 is a schematic view of an application scenario for implementing abnormal traffic interception in an SDN network according to an embodiment of the present invention;
fig. 4 is a processing flow chart of a method for implementing abnormal traffic interception based on an SDN according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a system for implementing abnormal traffic interception based on an SDN according to a second embodiment of the present invention, in the diagram, a network security monitoring system 51 and an abnormal traffic interception system 52, where the abnormal traffic interception system 52 includes: a traffic interception interface module 521, an SDN controller 522, and an SDN forwarding device 523.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the accompanying drawings are illustrative only for the purpose of explaining the present invention, and are not to be construed as limiting the present invention.
As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or coupled. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
It will be understood by those skilled in the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
For the convenience of understanding the embodiments of the present invention, the following description will be further explained by taking several specific embodiments as examples in conjunction with the drawings, and the embodiments are not to be construed as limiting the embodiments of the present invention.
Example one
A novel network innovation architecture of an SDN (software defined network) is an implementation mode of network virtualization, and the core technology OpenFlow separates a control plane and a data plane of network equipment, so that the flexible control of network flow is realized, and the network becomes more intelligent as a pipeline.
The embodiment of the invention is characterized in that a network security monitoring system and an abnormal flow intercepting system are arranged in a network, the abnormal flow intercepting system comprises an abnormal flow intercepting interface module, an SDN controller and an SDN forwarding device, the abnormal flow intercepting interface module is connected with the SDN controller, and the SDN controller and the SDN forwarding device support an openflow protocol.
The network connections between the network security monitoring system and the abnormal traffic intercepting system, and between the abnormal traffic intercepting interface module and the SDN controller may be various network connections such as an internet network, a wireless network, an ethernet network, or an internal local area network.
In the embodiment of the present invention, the abnormal traffic interception may be implemented by setting the SDN forwarding device in a traditional network entry or an internal forwarding path of a network, or may be implemented by directly using an existing SDN network. The number of SDN forwarding devices may be one or more.
An application scenario diagram in which an SDN forwarding device is disposed at an entrance of a conventional network such as an internet network is shown in fig. 1, the SDN forwarding device communicates with an SDN controller through an OFP protocol, and the SDN forwarding device is further connected with a forwarding device (shown by a black oblique line) inside the conventional network, and forwards all data packets transmitted to the conventional network in fig. 1, so that blocking and intercepting of internal abnormal traffic in the conventional network in the entire fig. 1 can be performed.
An application scenario diagram in which an SDN forwarding device is arranged on a forwarding path between different forwarding devices (shown by black oblique lines) in a conventional network such as an internet network is shown in fig. 2, the SDN forwarding device communicates with the SDN controller through an OFP protocol, and the SDN forwarding device forwards a data packet on the forwarding path, so that blocking and intercepting may be performed on internal abnormal traffic of the conventional network in fig. 2 according to a requirement.
An application scenario diagram for implementing abnormal traffic interception by using an existing SDN network is shown in fig. 3, where the SDN network includes an SDN controller and an SDN forwarding device, and the SDN forwarding device communicates with the SDN controller through an OFP protocol. The SDN network is a typical control forwarding separation type network, the SDN controller is responsible for generating and issuing forwarding entries, and the forwarding device performs packet matching and forwarding processing according to the forwarding entries issued by the SDN controller.
The embodiment of the present invention is not limited to the specific placement position of the SDN forwarding device, and any placement manner of the SDN forwarding device in the conventional network and the SDN network is within the protection scope of the embodiment of the present invention.
Those skilled in the art will appreciate that the above described types of conventional network and SDN network applications are merely exemplary, and that other types of network applications, now existing or hereafter discovered, that may be suitable for use with embodiments of the present invention, are also intended to be included within the scope of the present invention and are hereby incorporated by reference.
It will be appreciated by those skilled in the art that the various network elements shown in fig. 1, 2 and 3 for simplicity only may be fewer in number than in an actual network, but such omissions are clearly not to be expected without affecting the clear and complete disclosure of the inventive embodiments.
The embodiment provides a processing flow of a method for implementing abnormal traffic interception based on an SDN, as shown in fig. 4, including the following processing steps:
and S410, the network safety monitoring system sends abnormal condition information to the abnormal flow interception system.
The network security monitoring system detects abnormal traffic transmission in the network, the abnormal detection technology adopted by the network security monitoring system may use the existing detection technology, such as detection based on statistics, detection based on threshold, neural network, pattern prediction, genetic algorithm, data mining, IDS (intrusion detection system) technology, etc., and the detected abnormal information includes but is not limited to viruses, malicious attacks, network failures, illegal intrusion, etc. The network can be a traditional network such as an enterprise network, a campus network, a data center network, an internet network and the like, and an emerging network of an SDN network.
And the network safety monitoring system sends the detected abnormal condition information to the abnormal flow interception system for processing.
Step S420, a traffic interception interface module in the abnormal traffic interception system transmits the abnormal traffic feature information and the traffic interception policy to the SDN controller.
In this embodiment, the controller and the SDN forwarding device are constructed based on an SDN network, support an openflow protocol, and communicate with each other through the openflow protocol.
A controller may be connected to a plurality of SDN forwarding devices, set configuration information of each SDN forwarding device, where the configuration information includes information of an address, an identifier, a forwarding path, a forwarding rule, and the like of the SDN forwarding device, and store information of a data packet forwarded by each SDN forwarding device. The SDN forwarding device may be a router or a switch, etc.
And after receiving the abnormal condition information sent by the network security monitoring system, the traffic interception interface module extracts the abnormal traffic characteristic information in the network according to the abnormal condition information and works out a corresponding traffic interception strategy according to the abnormal traffic characteristic information. The abnormal traffic characteristic information includes, but is not limited to, port, VLAN (Virtual Local Area Network) ID, source IP, destination IP, source MAC, destination MAC, ethertype, TCP/UDP port information.
Then, the traffic interception Interface module transmits the abnormal traffic feature information and the traffic interception policy to the SDN controller through a northbound API (Application Programming Interface) of the SDN controller by using a communication network.
Step S430, the SDN controller receives the abnormal traffic feature and the traffic interception policy transmitted by the traffic interception interface module through the northbound API interface, generates a traffic interception matching entry corresponding to each SDN forwarding device according to the abnormal traffic feature and the traffic interception policy, and the configuration information of each SDN forwarding device, and issues the OFP data packet carrying the traffic interception matching entry to the corresponding SDN forwarding device through the OFP protocol.
The flow interception matching table entry comprises data packet feature information to be intercepted and a flow interception strategy, the feature information is at least one of port information of the data packet, VLAN ID, source IP, destination IP, source MAC, destination MAC, Ethernet type, TCP/UDP port information and the like, and the flow interception strategy can be discarding or changing a forwarding path and the like.
For example, one of the above traffic interception matching entries is shown in table 1:
TABLE 1
Step S440, after receiving, through the OFP interface, an OFP protocol packet with a traffic interception matching entry issued by the SDN controller, and verifying that an apparatus identifier included in the OFP protocol packet is consistent with an identifier of the SDN forwarding apparatus, the SDN forwarding apparatus stores the traffic interception matching entry.
Then, after receiving a data packet to be forwarded, the SDN forwarding device extracts data packet characteristic information of the data packet, and matches the extracted data packet characteristic information with each data packet characteristic information included in the flow interception matching table entry one by one;
step S450, when the extracted data packet characteristic information is matched with certain data packet characteristic information included in the flow interception matching table entry, step S460 is executed;
and when the extracted data packet feature information is not matched with all the data packet feature information included in the flow interception matching table entry, executing step S170.
Step S460, performing interception processing, such as discarding or changing a path, on the data packet to be forwarded according to the traffic interception policy corresponding to the certain data packet feature information included in the traffic interception matching entry.
For example, the network security monitoring system detects data abnormality from an IP address 192.168.45.136, notifies an abnormal traffic interception system linked with the abnormal traffic interception system of the abnormal traffic interception system, an abnormal traffic interception interface module of the abnormal traffic interception system extracts abnormal traffic characteristics, namely source IP-192.168.45.136, formulates a traffic interception policy-DROP (packet loss) processing, writes the information into an SDN controller through an API interface in the north direction of the SDN controller, the SDN controller generates a corresponding traffic interception matching table entry according to the written information and issues the corresponding traffic interception matching table entry to the forwarding device, a matching field of the traffic interception matching table entry is a source IP, a matching target is 192.168.45.136, operates-DROP of the DROP, the forwarding device performs table entry matching after receiving the data message, discards the message if a message source address is 192.168.45.136, and other messages are forwarded normally according to a table entry forwarding rule.
When the flow of the SDN network needs to be intercepted, the flow interception interface module is only needed to extract abnormal flow characteristics after receiving abnormal data detected by the network security monitoring system, a flow interception strategy is worked out, and the information is written into the SDN controller.
Step S470, forwarding the data packet to be forwarded according to the original forwarding rule.
In a scene of intercepting traffic of a conventional network, under a normal condition, an SDN forwarding device related to the embodiment of the present invention is used as a normal forwarding device to forward a message, the addition of the SDN forwarding device does not affect network service and performance, when an abnormal condition is detected by a network security monitoring system, a traffic interception interface module generates feature information and a policy decision of traffic to be intercepted, and informs an SDN controller, the SDN controller generates a table entry for abnormal traffic matching according to the information, which includes a matching entry, a traffic interception policy, and the like, and issues the table entry to the SDN forwarding device, the SDN forwarding device receives a forwarding table entry issued by the SDN controller, preferentially performs matching processing on the message according to the table entry, performs interception blocking when matching, and otherwise, continues forwarding according to a normal forwarding rule.
In practical applications, the functions of the traffic interception interface module may be implemented by being integrated in an SDN controller, that is, the traffic interception interface module may be merged with the SDN controller, and this structure form is also within the protection scope of the embodiment of the present invention.
Example two
The embodiment provides a system for implementing abnormal traffic interception based on an SDN, and a specific implementation structure of the system is shown in fig. 5, which may specifically include the following modules: a network security monitoring system 51 and an abnormal traffic intercepting system 52, wherein the abnormal traffic intercepting system 52 comprises: a traffic interception interface module 521, an SDN controller 522, and an SDN forwarding device 523.
The traffic interception interface module 521 is configured to extract abnormal traffic feature information in a network, make a corresponding traffic interception policy according to the abnormal traffic feature information, and send the abnormal traffic feature information and the traffic interception policy to an SDN controller;
the SDN controller 522 is configured to generate a traffic interception matching entry of a forwarding device according to the abnormal traffic feature information and a traffic interception policy, and send the traffic interception matching entry to the SDN forwarding device;
the SDN forwarding device 523 is configured to match the received feature information of the data packet to be forwarded with the traffic interception matching entry, and intercept the data packet to be forwarded according to the traffic interception matching entry after the matching is successful.
Further, the SDN forwarding device is disposed at-a legacy network ingress, the SDN forwarding device communicating with the SDN controller via an OFP protocol; or the SDN forwarding device is arranged among different forwarding devices in a traditional network, and the SDN forwarding device communicates with the SDN controller through an OFP protocol; or, using an SDN controller and an SDN forwarding device in an existing SDN network, the SDN forwarding device communicating with the SDN controller through an OFP protocol.
Further, the network security monitoring system is configured to send abnormal condition information to an abnormal traffic intercepting system after detecting that abnormal conditions occur in traffic transmission in the network;
the flow interception interface module is connected to the SDN controller via a network, and after receiving the abnormal situation information, extracts abnormal flow feature information in the network according to the abnormal situation information, works out a corresponding flow interception policy according to the abnormal flow feature information, and transmits the abnormal flow feature information and the flow interception policy to the SDN controller via an application programming interface API by using a communication network.
Further, the SDN controller is configured to generate a traffic interception matching entry corresponding to each SDN forwarding device according to the received abnormal traffic characteristics, the received traffic interception policy, and the configuration information of each SDN forwarding device, where the traffic interception matching entry includes characteristic information of a data packet to be intercepted and the traffic interception policy, and send an OFP protocol packet carrying the traffic interception matching entry to the corresponding SDN forwarding device through an OFP protocol;
the SDN forwarding device is configured to, after receiving an OFP protocol packet that carries the traffic interception matching entry and is sent by the SDN controller, verify that an equipment identifier included in the OFP protocol packet is consistent with an identifier of the SDN forwarding device itself, and store the traffic interception matching entry.
Further, the SDN forwarding device is configured to extract data packet feature information of a data packet after receiving the data packet to be forwarded, and match the extracted data packet feature information with each data packet feature information included in the traffic interception matching entry one by one;
when the extracted data packet feature information is matched with certain data packet feature information included in the flow interception matching table entry, intercepting the data packet to be forwarded according to a flow interception strategy corresponding to the certain data packet feature information included in the flow interception matching table entry;
and when the extracted data packet characteristic information is not matched with all the data packet characteristic information included in the flow interception matching table entry, forwarding the data packet to be forwarded according to the original forwarding rule.
The specific process of implementing abnormal traffic interception based on SDN by using the system of the embodiment of the present invention is similar to the foregoing method embodiment, and is not described here again.
In summary, the embodiment of the present invention, by setting the traffic interception interface module, the SDN controller, and the SDN forwarding device in the network, can effectively and flexibly intercept abnormal traffic or attacks on the network without affecting normal services of the network, and can be applied to various networks implementing abnormal traffic interception, such as a conventional network like an internet network or an SDN network.
After the abnormity is detected, the embodiment of the invention not only can actively and effectively intercept the attack between networks, but also can actively identify and intercept the attack inside the network; the deep attack behaviors penetrating through the firewall can be actively discovered and intercepted in time.
Those of ordinary skill in the art will understand that: the figures are merely schematic representations of one embodiment, and the blocks or flow diagrams in the figures are not necessarily required to practice the present invention.
From the above description of the embodiments, it is clear to those skilled in the art that the present invention can be implemented by software plus necessary general hardware platform. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which may be stored in a storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the embodiments or some parts of the embodiments.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for apparatus or system embodiments, since they are substantially similar to method embodiments, they are described in relative terms, as long as they are described in partial descriptions of method embodiments. The above-described embodiments of the apparatus and system are merely illustrative, and the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (11)
1. A method for realizing abnormal traffic interception based on SDN is characterized by comprising the following steps:
extracting abnormal traffic characteristic information in a network, making a corresponding traffic interception strategy according to the abnormal traffic characteristic information, and sending the abnormal traffic characteristic information and the traffic interception strategy to an SDN controller;
the SDN controller generates a flow interception matching table item of forwarding equipment according to the abnormal flow characteristic information and a flow interception strategy, and sends the flow interception matching table item to the SDN forwarding equipment;
and the SDN forwarding equipment matches the received characteristic information of the data packet to be forwarded with the flow interception matching table entry, and after the matching is successful, the data packet to be forwarded is intercepted according to the flow interception matching table entry.
2. The SDN-based method for implementing abnormal traffic interception according to claim 1, wherein before sending the abnormal traffic feature information and the traffic interception policy to the SDN controller, the method further comprises:
setting SDN forwarding equipment at a traditional network entrance, wherein the SDN forwarding equipment communicates with the SDN controller through an OFP protocol;
or,
setting SDN forwarding equipment on forwarding paths among different forwarding equipment in a traditional network, wherein the SDN forwarding equipment is communicated with the SDN controller through an OFP protocol;
or,
the SDN forwarding device is communicated with the SDN controller through an OFP protocol by utilizing the SDN controller and the SDN forwarding device in the existing SDN network.
3. The SDN-based method for intercepting abnormal traffic according to claim 2, wherein the extracting abnormal traffic feature information in the network, formulating a corresponding traffic interception policy according to the abnormal traffic feature information, and sending the abnormal traffic feature information and the traffic interception policy to the SDN controller includes:
setting a network security monitoring system and an abnormal traffic interception system in a network, wherein the abnormal traffic interception system comprises: a traffic interception interface module, the SDN controller, and the SDN forwarding device;
after detecting that abnormal conditions occur in traffic transmission in a network, a network security monitoring system sends abnormal condition information to an abnormal traffic interception system, and after receiving the abnormal condition information, a traffic interception interface module in the abnormal traffic interception system extracts abnormal traffic characteristic information in the network according to the abnormal condition information and works out a corresponding traffic interception strategy according to the abnormal traffic characteristic information;
and the traffic interception interface module transmits the abnormal traffic characteristic information and the traffic interception policy to the SDN controller through an Application Programming Interface (API).
4. The SDN-based method for implementing abnormal traffic interception according to claim 1, wherein the SDN controller generates a traffic interception matching entry for a forwarding device according to the abnormal traffic feature information and a traffic interception policy, and sends the traffic interception matching entry to the SDN forwarding device, including:
the method comprises the steps that an SDN controller generates a flow interception matching table item corresponding to each SDN forwarding device according to received abnormal flow characteristics, flow interception strategies and configuration information of each SDN forwarding device, wherein the flow interception matching table item comprises data packet characteristic information and flow interception strategies which need to be intercepted, and an OFP protocol packet carrying the flow interception matching table item is sent to the corresponding SDN forwarding device through an OFP protocol;
after receiving an OFP protocol packet carrying the flow interception matching table entry and sent by the SDN controller, the SDN forwarding device verifies that a device identifier contained in the OFP protocol packet is consistent with an SDN forwarding device identifier, and stores the flow interception matching table entry.
5. The SDN-based method for achieving abnormal traffic interception according to claim 4, wherein the packet characteristic information includes but is not limited to at least one of port, VLAN ID, source IP, destination IP, source MAC, destination MAC, ethertype, TCP/UDP port information, and the traffic interception policy includes dropping or changing forwarding path.
6. The SDN-based method for implementing abnormal traffic interception according to any one of claims 1 to 5, wherein the SDN forwarding device matches feature information of a received data packet to be forwarded with the traffic interception matching entry, and after matching succeeds, intercepts the data packet to be forwarded according to the traffic interception matching entry, including:
after receiving a data packet to be forwarded, the SDN forwarding device extracts data packet characteristic information of the data packet, and matches the extracted data packet characteristic information with each data packet characteristic information included in the flow interception matching table entry one by one;
when the extracted data packet feature information is matched with certain data packet feature information included in the flow interception matching table entry, intercepting the data packet to be forwarded according to a flow interception strategy corresponding to the certain data packet feature information included in the flow interception matching table entry;
and when the extracted data packet characteristic information is not matched with all the data packet characteristic information included in the flow interception matching table entry, forwarding the data packet to be forwarded according to the original forwarding rule.
7. A system for realizing abnormal traffic interception based on SDN is characterized by comprising: the system comprises a flow interception interface module, an SDN controller and an SDN forwarding device;
the traffic interception interface module is used for extracting abnormal traffic characteristic information in a network, making a corresponding traffic interception strategy according to the abnormal traffic characteristic information, and sending the abnormal traffic characteristic information and the traffic interception strategy to the SDN controller;
the SDN controller is configured to generate a traffic interception matching entry of a forwarding device according to the abnormal traffic feature information and a traffic interception policy, and send the traffic interception matching entry to the SDN forwarding device;
the SDN forwarding device is configured to match the received feature information of the data packet to be forwarded with the traffic interception matching entry, and intercept the data packet to be forwarded according to the traffic interception matching entry after successful matching.
8. The SDN-based system for implementing abnormal traffic interception according to claim 7, wherein the SDN forwarding device is disposed at an entrance of a legacy network, and communicates with the SDN controller through an OFP protocol; or the SDN forwarding device is arranged among different forwarding devices in a traditional network, and the SDN forwarding device communicates with the SDN controller through an OFP protocol; or, using an SDN controller and an SDN forwarding device in an existing SDN network, the SDN forwarding device communicating with the SDN controller through an OFP protocol.
9. The SDN-based system for implementing abnormal traffic interception according to claim 7, further comprising: the network security monitoring system comprises an abnormal flow intercepting system consisting of the flow intercepting interface module, the SDN controller and the SDN forwarding equipment;
the network safety monitoring system is used for sending abnormal condition information to the abnormal flow interception system after detecting that abnormal conditions occur in flow transmission in the network;
the flow interception interface module is used for connecting with the SDN controller, extracting abnormal flow characteristic information in a network according to the abnormal condition information after receiving the abnormal condition information, making a corresponding flow interception strategy according to the abnormal flow characteristic information, and transmitting the abnormal flow characteristic information and the flow interception strategy to the SDN controller through an Application Programming Interface (API).
10. The SDN-based system for achieving abnormal traffic interception according to claim 7, wherein:
the SDN controller is configured to generate a traffic interception matching entry corresponding to each SDN forwarding device according to the received abnormal traffic characteristics, traffic interception policies, and configuration information of each SDN forwarding device, where the traffic interception matching entry includes characteristic information of a data packet to be intercepted and the traffic interception policies, and send an OFP protocol packet carrying the traffic interception matching entry to the corresponding SDN forwarding device through an OFP protocol;
the SDN forwarding device is configured to store the traffic interception matching entry after receiving an OFP protocol packet carrying the traffic interception matching entry and sent by the SDN controller, and verifying that an equipment identifier included in the OFP protocol packet is consistent with an identifier of the SDN forwarding device itself.
11. The SDN-based system for implementing abnormal traffic interception according to any one of claims 7 to 10, wherein:
the SDN forwarding device is configured to extract data packet feature information of a data packet after receiving the data packet to be forwarded, and match the extracted data packet feature information with each data packet feature information included in the traffic interception matching entry one by one;
when the extracted data packet feature information is matched with certain data packet feature information included in the flow interception matching table entry, intercepting the data packet to be forwarded according to a flow interception strategy corresponding to the certain data packet feature information included in the flow interception matching table entry;
and when the extracted data packet characteristic information is not matched with all the data packet characteristic information included in the flow interception matching table entry, forwarding the data packet to be forwarded according to the original forwarding rule.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510070235.2A CN104683333A (en) | 2015-02-10 | 2015-02-10 | Method for implementing abnormal traffic interception based on SDN |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510070235.2A CN104683333A (en) | 2015-02-10 | 2015-02-10 | Method for implementing abnormal traffic interception based on SDN |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104683333A true CN104683333A (en) | 2015-06-03 |
Family
ID=53317929
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510070235.2A Pending CN104683333A (en) | 2015-02-10 | 2015-02-10 | Method for implementing abnormal traffic interception based on SDN |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104683333A (en) |
Cited By (25)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105357129A (en) * | 2015-10-10 | 2016-02-24 | 武汉邮电科学研究院 | Service awareness system and method based on software defined network |
| CN105429974A (en) * | 2015-11-10 | 2016-03-23 | 南京邮电大学 | An SDN-oriented intrusion prevention system and method |
| CN105516129A (en) * | 2015-12-04 | 2016-04-20 | 重庆邮电大学 | Method and device for blocking botnet control channel based on SDN (Software Defined Network) technology |
| CN105681102A (en) * | 2016-03-01 | 2016-06-15 | 上海斐讯数据通信技术有限公司 | Behavioral strategy method and system based on SDN |
| CN106230650A (en) * | 2016-09-30 | 2016-12-14 | 赛特斯信息科技股份有限公司 | SDN Overlay network fault positioning system and method |
| CN106254338A (en) * | 2016-07-29 | 2016-12-21 | 杭州华三通信技术有限公司 | Message detecting method and device |
| CN106559407A (en) * | 2015-11-19 | 2017-04-05 | 国网智能电网研究院 | A kind of Network traffic anomaly monitor system based on SDN |
| CN107196816A (en) * | 2016-03-14 | 2017-09-22 | 中国移动通信集团江西有限公司 | Anomalous traffic detection method, system and Network analyzing equipment |
| CN107404466A (en) * | 2016-05-20 | 2017-11-28 | 中国移动通信集团上海有限公司 | A kind of SDN network safety protection method and device |
| CN107769954A (en) * | 2016-08-23 | 2018-03-06 | 南京中兴软件有限责任公司 | The screen method and device of equipment alarm |
| CN107835188A (en) * | 2017-11-27 | 2018-03-23 | 浙江宇视科技有限公司 | A kind of equipment safety cut-in method and system based on SDN |
| CN108199906A (en) * | 2018-02-07 | 2018-06-22 | 深圳市风云实业有限公司 | Abnormal flow processing method, device and user terminal in a kind of SDN frameworks |
| CN108353068A (en) * | 2015-10-20 | 2018-07-31 | 慧与发展有限责任合伙企业 | The intrusion prevention system of SDN controllers auxiliary |
| CN109274673A (en) * | 2018-09-26 | 2019-01-25 | 广东工业大学 | Network traffic anomaly detection and defense method |
| CN110069683A (en) * | 2017-09-18 | 2019-07-30 | 北京国双科技有限公司 | A kind of method and device crawling data based on browser |
| CN111277609A (en) * | 2020-02-24 | 2020-06-12 | 深圳供电局有限公司 | SDN network monitoring method and system |
| CN111835709A (en) * | 2020-05-29 | 2020-10-27 | 深圳市风云实业有限公司 | Network security monitoring system and method based on controllable data flow direction |
| CN111835725A (en) * | 2020-06-12 | 2020-10-27 | 北京邮电大学 | A network attack response method for SDN controller cluster |
| CN112367213A (en) * | 2020-10-12 | 2021-02-12 | 中国科学院计算技术研究所 | SDN (software defined network) -oriented strategy anomaly detection method, system, device and storage medium |
| CN113489708A (en) * | 2021-06-30 | 2021-10-08 | 北京达佳互联信息技术有限公司 | Detection method and device, electronic equipment and computer readable storage medium |
| CN114513343A (en) * | 2022-01-26 | 2022-05-17 | 广州晨扬通信技术有限公司 | Method, device, system, equipment and storage medium for hierarchical interception of signaling firewall |
| CN114978580A (en) * | 2022-04-08 | 2022-08-30 | 中国电信股份有限公司 | Network detection method and device, storage medium and electronic equipment |
| CN116016126A (en) * | 2022-12-13 | 2023-04-25 | 中国建设银行股份有限公司江苏省分行 | Fault isolation method and device based on service system |
| CN119603016A (en) * | 2024-11-22 | 2025-03-11 | 广东电网有限责任公司 | Network security prevention and control method, device, equipment and medium based on power grid master station |
| CN120128427A (en) * | 2025-05-09 | 2025-06-10 | 北京华耀科技有限公司 | Abnormal traffic processing method, system and related equipment |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103051557A (en) * | 2012-12-27 | 2013-04-17 | 华为技术有限公司 | Data stream processing method and system, controller and switching equipment |
| CN103095701A (en) * | 2013-01-11 | 2013-05-08 | 中兴通讯股份有限公司 | Open flow table security enhancement method and device |
| EP2615781A1 (en) * | 2010-09-08 | 2013-07-17 | Nec Corporation | Switching system, switching control method, and memory medium |
| CN103561011A (en) * | 2013-10-28 | 2014-02-05 | 中国科学院信息工程研究所 | Method and system for preventing blind DDoS attacks on SDN controllers |
| CN103609070A (en) * | 2012-10-29 | 2014-02-26 | 华为技术有限公司 | Network traffic detection method, system, equipment and controller |
| CN103607379A (en) * | 2013-11-04 | 2014-02-26 | 中兴通讯股份有限公司 | Software definition network safety enforcement method, system and controller thereof |
| CN104023034A (en) * | 2014-06-25 | 2014-09-03 | 武汉大学 | Security defensive system and defensive method based on software-defined network |
-
2015
- 2015-02-10 CN CN201510070235.2A patent/CN104683333A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2615781A1 (en) * | 2010-09-08 | 2013-07-17 | Nec Corporation | Switching system, switching control method, and memory medium |
| CN103609070A (en) * | 2012-10-29 | 2014-02-26 | 华为技术有限公司 | Network traffic detection method, system, equipment and controller |
| CN103051557A (en) * | 2012-12-27 | 2013-04-17 | 华为技术有限公司 | Data stream processing method and system, controller and switching equipment |
| CN103095701A (en) * | 2013-01-11 | 2013-05-08 | 中兴通讯股份有限公司 | Open flow table security enhancement method and device |
| CN103561011A (en) * | 2013-10-28 | 2014-02-05 | 中国科学院信息工程研究所 | Method and system for preventing blind DDoS attacks on SDN controllers |
| CN103607379A (en) * | 2013-11-04 | 2014-02-26 | 中兴通讯股份有限公司 | Software definition network safety enforcement method, system and controller thereof |
| CN104023034A (en) * | 2014-06-25 | 2014-09-03 | 武汉大学 | Security defensive system and defensive method based on software-defined network |
Cited By (36)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105357129B (en) * | 2015-10-10 | 2018-09-18 | 武汉邮电科学研究院 | A kind of business sensing system and method based on software defined network |
| CN105357129A (en) * | 2015-10-10 | 2016-02-24 | 武汉邮电科学研究院 | Service awareness system and method based on software defined network |
| CN108353068B (en) * | 2015-10-20 | 2021-05-07 | 慧与发展有限责任合伙企业 | SDN controller assisted intrusion prevention system |
| CN108353068A (en) * | 2015-10-20 | 2018-07-31 | 慧与发展有限责任合伙企业 | The intrusion prevention system of SDN controllers auxiliary |
| CN105429974A (en) * | 2015-11-10 | 2016-03-23 | 南京邮电大学 | An SDN-oriented intrusion prevention system and method |
| CN105429974B (en) * | 2015-11-10 | 2018-09-11 | 南京邮电大学 | A kind of intrusion prevention system and method towards SDN |
| CN106559407A (en) * | 2015-11-19 | 2017-04-05 | 国网智能电网研究院 | A kind of Network traffic anomaly monitor system based on SDN |
| CN105516129A (en) * | 2015-12-04 | 2016-04-20 | 重庆邮电大学 | Method and device for blocking botnet control channel based on SDN (Software Defined Network) technology |
| CN105681102A (en) * | 2016-03-01 | 2016-06-15 | 上海斐讯数据通信技术有限公司 | Behavioral strategy method and system based on SDN |
| CN107196816A (en) * | 2016-03-14 | 2017-09-22 | 中国移动通信集团江西有限公司 | Anomalous traffic detection method, system and Network analyzing equipment |
| CN107404466A (en) * | 2016-05-20 | 2017-11-28 | 中国移动通信集团上海有限公司 | A kind of SDN network safety protection method and device |
| CN106254338A (en) * | 2016-07-29 | 2016-12-21 | 杭州华三通信技术有限公司 | Message detecting method and device |
| CN106254338B (en) * | 2016-07-29 | 2019-09-06 | 新华三技术有限公司 | Message detecting method and device |
| CN107769954A (en) * | 2016-08-23 | 2018-03-06 | 南京中兴软件有限责任公司 | The screen method and device of equipment alarm |
| CN107769954B (en) * | 2016-08-23 | 2022-09-30 | 中兴通讯股份有限公司 | Method and device for shielding equipment alarm |
| CN106230650A (en) * | 2016-09-30 | 2016-12-14 | 赛特斯信息科技股份有限公司 | SDN Overlay network fault positioning system and method |
| CN110069683B (en) * | 2017-09-18 | 2021-08-13 | 北京国双科技有限公司 | Method and device for crawling data based on browser |
| CN110069683A (en) * | 2017-09-18 | 2019-07-30 | 北京国双科技有限公司 | A kind of method and device crawling data based on browser |
| CN107835188A (en) * | 2017-11-27 | 2018-03-23 | 浙江宇视科技有限公司 | A kind of equipment safety cut-in method and system based on SDN |
| CN108199906A (en) * | 2018-02-07 | 2018-06-22 | 深圳市风云实业有限公司 | Abnormal flow processing method, device and user terminal in a kind of SDN frameworks |
| CN108199906B (en) * | 2018-02-07 | 2021-03-30 | 深圳市风云实业有限公司 | Abnormal traffic processing method and device in SDN framework and user terminal |
| CN109274673A (en) * | 2018-09-26 | 2019-01-25 | 广东工业大学 | Network traffic anomaly detection and defense method |
| CN109274673B (en) * | 2018-09-26 | 2021-02-12 | 广东工业大学 | Network flow abnormity detection and defense method |
| CN111277609A (en) * | 2020-02-24 | 2020-06-12 | 深圳供电局有限公司 | SDN network monitoring method and system |
| CN111835709A (en) * | 2020-05-29 | 2020-10-27 | 深圳市风云实业有限公司 | Network security monitoring system and method based on controllable data flow direction |
| CN111835725A (en) * | 2020-06-12 | 2020-10-27 | 北京邮电大学 | A network attack response method for SDN controller cluster |
| CN112367213A (en) * | 2020-10-12 | 2021-02-12 | 中国科学院计算技术研究所 | SDN (software defined network) -oriented strategy anomaly detection method, system, device and storage medium |
| CN113489708A (en) * | 2021-06-30 | 2021-10-08 | 北京达佳互联信息技术有限公司 | Detection method and device, electronic equipment and computer readable storage medium |
| CN113489708B (en) * | 2021-06-30 | 2023-04-25 | 北京达佳互联信息技术有限公司 | Detection method and device, electronic equipment and computer readable storage medium |
| CN114513343A (en) * | 2022-01-26 | 2022-05-17 | 广州晨扬通信技术有限公司 | Method, device, system, equipment and storage medium for hierarchical interception of signaling firewall |
| CN114513343B (en) * | 2022-01-26 | 2022-10-04 | 广州晨扬通信技术有限公司 | Hierarchical intercepting method and device for signaling firewall, computer equipment and storage medium |
| CN114978580A (en) * | 2022-04-08 | 2022-08-30 | 中国电信股份有限公司 | Network detection method and device, storage medium and electronic equipment |
| CN114978580B (en) * | 2022-04-08 | 2023-09-29 | 中国电信股份有限公司 | Network detection method and device, storage medium and electronic equipment |
| CN116016126A (en) * | 2022-12-13 | 2023-04-25 | 中国建设银行股份有限公司江苏省分行 | Fault isolation method and device based on service system |
| CN119603016A (en) * | 2024-11-22 | 2025-03-11 | 广东电网有限责任公司 | Network security prevention and control method, device, equipment and medium based on power grid master station |
| CN120128427A (en) * | 2025-05-09 | 2025-06-10 | 北京华耀科技有限公司 | Abnormal traffic processing method, system and related equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104683333A (en) | Method for implementing abnormal traffic interception based on SDN | |
| Dayal et al. | Research trends in security and DDoS in SDN | |
| Nguyen et al. | Analysis of link discovery service attacks in SDN controller | |
| CN101589595B (en) | Pinning mechanism for potentially contaminated end systems | |
| US7873038B2 (en) | Packet processing | |
| US10931711B2 (en) | System of defending against HTTP DDoS attack based on SDN and method thereof | |
| US7409714B2 (en) | Virtual intrusion detection system and method of using same | |
| CN108040057B (en) | Working method of SDN system suitable for guaranteeing network security and network communication quality | |
| US9413859B2 (en) | Systems and methods for processing packets | |
| US9398043B1 (en) | Applying fine-grain policy action to encapsulated network attacks | |
| CN104660582B (en) | Software-defined network architecture for DDoS identification, protection and path optimization | |
| Gao et al. | A review of P4 programmable data planes for network security | |
| CN104539595B (en) | An SDN Architecture and Working Method Integrating Threat Processing and Routing Optimization | |
| Rengaraju et al. | Detection and prevention of DoS attacks in Software-Defined Cloud networks | |
| KR20140059818A (en) | Network environment separation | |
| CN110326314A (en) | Security architecture for machine type communication | |
| CN112202646B (en) | Flow analysis method and system | |
| EP3797497B1 (en) | Attack source tracing in sfc overlay network | |
| US20170141989A1 (en) | In-line tool performance monitoring and adaptive packet routing | |
| Shanthi et al. | Detection of botnet by analyzing network traffic flow characteristics using open source tools | |
| US20170134416A1 (en) | Security techniques on inter-terminal communications within the same ssid under the same ap using openflow | |
| US20200128029A1 (en) | Network device, monitoring and control device, network system, and control method therefor | |
| Bahaa-Eldin et al. | Protecting openflow switches against denial of service attacks | |
| JP2019213182A (en) | Network protection device and network protection system | |
| Waichal et al. | Router attacks-detection and defense mechanisms |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150603 |