Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Self-adaptively started ddos defense method and system based on trust value in SDN

A trust value, adaptive technology, applied in the field of ddos ​​defense, can solve problems such as multi-time, controller cost, etc.

Active Publication Date: 2017-05-10
NANJING UNIV OF POSTS & TELECOMM
View PDF3 Cites 27 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Because packet-based detection will still collect packet information to determine whether the packet is a ddos ​​attack packet even when no ddos ​​attack occurs, this will cause the controller to spend a lot of time and resources to process a large amount of normal information

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Self-adaptively started ddos defense method and system based on trust value in SDN
  • Self-adaptively started ddos defense method and system based on trust value in SDN
  • Self-adaptively started ddos defense method and system based on trust value in SDN

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0055] The specific embodiment of the present invention will be further described in detail in conjunction with the accompanying drawings.

[0056] The problem addressed by the present invention is to take into account the accuracy of detection to ensure that false positives and negative negatives do not occur, which affects user experience and reduces service quality. In addition, while ensuring the accuracy of detection, it is also necessary to consider the problem of detection efficiency, whether it takes up a lot of resources, and whether it affects the performance of the switch. Finally, after the attack is discovered, what measures should be taken to quickly and completely solve the problems caused by the attack.

[0057] The technical scheme adopted by the present invention to solve the technical problem is: adopt artificial neural network to classify abnormal traffic, so as to ensure less false positives and less false positives. The self-adaptive startup mechanism is...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a self-adaptively started ddos defense method based on a trust value in an SDN. The self-adaptively started ddos defense method comprises the following steps: a switch receives an unmatched packet, and sends a packet_in data packet to a controller; a counter is deployed in an SDN controller; the counter pre-sets a packet_in number value; when an arrival packet_in number is equal to a set value every time, the packet_in arrival rate in the time period is calculated; then, whether the packet_in arrival rate is abnormal or not is judged; the flow on the switch corresponding to packet_in is precisely detected by utilization of a reverse neural network classifier; a neural network, an intermediate layer of which is 50*50, is established; six characteristic values are calculated; training is carried out by taking the six characteristic values as input of the classifier; and, if the output value of the neural network is between 0.5 and 1, the fact that the flow is a ddos attack is determined. By means of the self-adaptively started ddos defense method and system based on the trust value in the SDN disclosed by the invention, the characteristics of the SDN, such as flow table information of a data layer and control of the controller in a control layer to the whole network, are sufficiently utilized; and thus, the ddos attack in the SDN can be effectively defensed.

Description

technical field [0001] The invention belongs to the technical field of next-generation network security, and relates to a DDoS defense method and system based on self-adaptive startup of trust value in SDN. Background technique [0002] As an important factor affecting detection efficiency and system performance, there is little research on the start-up mechanism of the defense system. At present, most ddos ​​defense systems use a mechanism based on periodically checking flow entries to start ddos ​​detection. In most methods, the controller periodically collects the collection of flow entries. The disadvantage of periodicity is obvious. If the period is too long, it will cause untimely detection of ddos, and if the period is too short, it will increase the load on the controller. Different from the above methods, the present invention proposes an adaptive startup mechanism based on the arrival rate of packet_in. [0003] At present, most researches focus on the detection...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1425H04L63/145
Inventor 袁云飞王玉峰
Owner NANJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com