Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

SDN controller-side system and secure communication method based on intrusion tolerance

An intrusion tolerance and controller technology, applied in the field of secure communication, can solve problems such as unpredictable security attack methods and difficulty in ensuring the security of SDN controllers, and achieve good scalability.

Active Publication Date: 2018-11-30
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Under the existing deployment mode and security means, it is difficult to guarantee the security of the SDN controller due to the unpredictability of security attacks
[0004] The root of the above problems lies in the unpredictability of security attack methods, and the SDN controller has complete control over the underlying network. Therefore, only with a certain tolerance to unknown attacks can the security of the SDN controller and the underlying network be guaranteed. sex

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • SDN controller-side system and secure communication method based on intrusion tolerance
  • SDN controller-side system and secure communication method based on intrusion tolerance

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0020] In order to make the above objects, features and advantages of the present invention more obvious and understandable, the present invention will be further described below through specific embodiments and accompanying drawings.

[0021] figure 1 It is an architecture diagram of the SDN controller end system based on intrusion tolerance of the present invention. Such as figure 1 As shown, the pre-agent group is located before the SDN controller group, receives the Openflow message (request message) from the switch before the controller, and then copies and forwards it to the SDN controller group; receives the message from the SDN controller before the switch The Openflow message (response message), analyze and compare the flow rules in it, and forward the Openflow message containing the intrusion tolerance policy to the switch. figure 2 Schematic diagram of processing Openflow messages for front-end agents.

[0022] The intrusion tolerance in the above scheme depends...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention relates to an SDN controller end system based on an intrusion tolerance and a safety communication method. The system comprises an SDN controller group, a switch and at least one pre-proxy between the SDN controller group and the switch. The pre-proxy is responsible for sending the Openflow request message emitted by the switch to multiple SDN controllers in the SDN controller group, extracting the flow rule in the Openflow reply message emitted by each SDN controller, comparing the extracted flow rule, and forwarding a correct Openflow reply message to the switch if a comparison result satisfies a preset intrusion tolerance policy. According to the SDN controller end system and the safety communication method, the availability and reliability of the SDN controllers can be improved, and a security guarantee is provided for an SDN network.

Description

technical field [0001] The present invention relates to the field of SDN security. More specifically, the present invention relates to an SDN controller end system with intrusion tolerance capability based on a front agent group and an SDN controller group, and a secure communication method using the system to improve the availability of the SDN controller and reliability, providing security assurance for SDN networks. Background technique [0002] SDN network (Software Defined Network, Software Defined Network) is a new network innovation architecture. Its core technology, OpenFlow, realizes flexible control of network traffic by separating the control plane of network equipment from the data plane. Compared with traditional networks, SDN networks have three basic features: one is the separation of control and forwarding, the forwarding plane is composed of controlled forwarding devices, and the forwarding mode and business logic are determined by the control applications ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/0281H04L63/1425
Inventor 黄亮姜帆荀浩马多贺王利明徐震
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products