Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A security flow control device and method for a mimetic switch

A technology of flow control device and switch, applied in data exchange network, data exchange through path configuration, digital transmission system, etc., can solve problems such as low efficiency and difficulty in distribution and assignment, so as to improve security and increase attacks effect of difficulty

Active Publication Date: 2020-09-15
河南信大网御科技有限公司 +1
View PDF13 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] In view of the above, it is necessary to provide a security flow control device and method for a mimic switch. The present invention solves the problems of difficulty in packet distribution, fingerprint conversion, distribution and assignment and low efficiency in traffic forwarding of a mimic switch.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A security flow control device and method for a mimetic switch
  • A security flow control device and method for a mimetic switch
  • A security flow control device and method for a mimetic switch

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0045] Such as figure 1 and figure 2 As shown, a security flow control device for a mimetic switch, including:

[0046]The security situation awareness module is used to maintain the message feature database and formulate security policies; the message feature database records the message feature tuples related to the security of the mimic switch, and the security policy is a dynamic rule formulated by the current security situation , including message filtering mechanism, external fingerprint and internal fingerprint mapping relationship information;

[0047] The drainage module formulates dynamic drainage strategies, maintains the data path of the security traffic of the mimic switch between the physical port of the mimic switch and the data transfer module, and maintains the data path between the data transfer module and the virtual port of the heterogeneous executive body;

[0048] The data transfer module executes the message parsing process on the traffic from the phy...

Embodiment 2

[0058] Such as image 3 and Figure 4 As shown, the difference between this embodiment and Embodiment 1 is that: the data transfer module sets an executive agent, and the executive agent includes a main executive and a distribution agent module, and the distribution agent module receives data from the physical port of the mimic switch The traffic is redirected to the main executive body and establishes connection with each heterogeneous executive body; the main executive body manages the configuration information, and distributes the configuration information to each heterogeneous executive body through the distribution agent module. Wherein, the main executive is elected from the pool of heterogeneous executives according to the election algorithm specified by the security situation awareness module. In particular, the distribution agent module redirects the traffic from the physical port of the mimic switch to the main executive and establishes SSH connections with each het...

Embodiment 3

[0064] Such as Figure 5 As shown, the difference between this embodiment and embodiment 2 is that a specific common security message is provided, such as protocol messages such as ARP and ICMP, the security flow control method:

[0065] ①Assume that the traffic enters from the physical port 17 of the mimic switch;

[0066] ②The message is captured by the drainage rules of the drainage module and redirected to the data transfer module;

[0067] ③The data transfer module analyzes the external fingerprint carried by the message, that is, the frame mark, and knows that the message enters from port 17, and needs to send it to the corresponding port 17 of the main executive;

[0068] ④The data transfer module completes the fingerprint transformation according to the mapping relationship between the internal fingerprint and the external fingerprint;

[0069] ⑤The message is sent from the data transfer module, carrying the VLAN tag that can be identified by the internal fingerprint...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention proposes a security flow control device and method for a mimic switch, wherein the device includes a security situation awareness module, a drainage module and a data transfer module, and using the device to perform a security flow control method includes the following steps: Step 1: Security situation awareness The module selects the characteristics of the security traffic packets to be controlled and formulates security policies; Step 2: The traffic diversion module obtains the security traffic packet characteristics from the physical port of the mimic switch or the virtual port of the heterogeneous executive body, and formulates a dynamic traffic drainage strategy according to the packet characteristics ; Step 3: The data transfer module completes the analysis of the message and then forwards it to the physical port of the mimic switch or the virtual port of the heterogeneous executive body. The security flow control method of the mimic switch provided by the present invention solves the problems of difficulty in development and low efficiency of message diversion, fingerprint conversion and distribution and assignment links in traffic forwarding of the mimic switch, and also greatly increases the attack difficulty of attackers.

Description

technical field [0001] The invention belongs to the field of network security protection, and in particular relates to a security flow control device and method for a mimic switch. Background technique [0002] As the cyberspace security situation becomes increasingly severe, cyberspace mimicry defense technology emerges as the times require. Mimic defense technology is an active defense mechanism that does not rely on prior knowledge by building a dynamic redundant system architecture and operating mechanism. [0003] A typical mimic defense model consists of an input agent, a functionally equivalent heterogeneous executive, an output arbiter and a feedback controller. The input agent completes the copy and distribution of external input information, the heterogeneous executive body obtains the external input information distributed by the input agent to calculate the output result, the output arbitrator performs multi-mode arbitrator according to the output result and is ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/931H04L12/935H04L12/937H04L12/46H04L12/801H04L12/833H04L47/31H04L49/111
CPCH04L63/20H04L63/168H04L49/70H04L49/30H04L49/253H04L12/4641H04L47/10H04L47/31
Inventor 宋帅康吕青松郭义伟徐虹魏亚祥邵文超冯志峰党凯剑
Owner 河南信大网御科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products