SDN-based (software defined network based) online intrusion prevention method and system

An intrusion prevention and feature information technology, applied in the field of network information security, can solve problems such as large amount of data, inability to analyze attacks, increase the burden on the controller or central server, etc., to achieve comprehensive detection results

Inactive Publication Date: 2017-05-31
SOUTH CHINA UNIV OF TECH
View PDF6 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, these methods also have their own shortcomings. For example, analyzing abnormal traffic by collecting data requires a large enough amount of data and obvious data characteristics, which will cause a relatively lagging security response; a single data analysis method can only analyze certain types of attacks. The effect is good, and it is impossible to analyze all possible types of attacks; a large amount of data traffic gathers the central server, and in a large network architecture, it will consume a lot of bandwidth and increase the burden on the controller or the central server

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • SDN-based (software defined network based) online intrusion prevention method and system
  • SDN-based (software defined network based) online intrusion prevention method and system
  • SDN-based (software defined network based) online intrusion prevention method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0044] Below, in conjunction with accompanying drawing and specific embodiment, the present invention is described further:

[0045] Such as figure 1 As shown, an online intrusion prevention method based on SDN is applied to the SDN network, including the following specific steps:

[0046] Step 101, monitor the host, obtain initial detection alarm data, and send the detection alarm data to the detection server;

[0047] Specifically, the traffic passing on the backbone network path of the host is monitored by a detection sensor to detect an attack, and the detection sensor is a detection sensor of a traditional intrusion detection system.

[0048] Step 102, according to the received detection alarm data, acquire the feature information group corresponding to the detection alarm data;

[0049] Step 103 , for each feature information group, and according to all feature information groups within a preset time period, obtain a corresponding security situation evaluation value. ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an SDN-based (software defined network based) online intrusion prevention method and system; the method comprises: S1, monitoring a main unit to acquire initial detection alarm data, and transmitting the data to a detection server; S2, acquiring characteristic information sets corresponding to the detection alarm data according to the received detection alarm data; S3, acquiring a corresponding security situation estimated value for each characteristic information set according to all characteristic information sets within a preset period; S4, making corresponding intercept stream entries according to the security situation estimated values, and issuing the intercept stream entries. The SDN-based online intrusion prevention method and system have the advantages that distributed alarm information is processed centrally and analyzed comprehensively, comprehensive, timely and reliable detection is guaranteed, and diverse active response strategies can be taken in time for real-time security states of different devices.

Description

technical field [0001] The present application relates to the field of network information security, in particular to an SDN-based online intrusion prevention method and system. Background technique [0002] SDN (Software Defined Network) is an emerging software-based network architecture and technology. Its biggest feature is that it separates logic and data forwarding: the underlying network equipment is only responsible for data forwarding, while the network control function is passed through Software-based controller implementation. The SDN architecture proposed by ONF (Open NetWorking Foundation) is divided into three layers, which are application layer, control layer and data forwarding layer from top to bottom. Logical centralized control, flexible programming interface and other characteristics enable SDN to have stronger network automation management and control functions than traditional networks, and provide a new optional way to solve traditional network problem...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/24H04L29/06
CPCH04L41/0631H04L63/0227H04L63/1408H04L63/1441
Inventor 项来陆以勤覃健诚刘一强
Owner SOUTH CHINA UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap