Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for auditing SDN

A network and audit report technology, applied in data exchange networks, digital transmission systems, electrical components, etc., can solve problems such as missed reports, lack of global vision, maliciousness, etc.

Inactive Publication Date: 2014-11-26
国都兴业信息审计系统技术(北京)有限公司
View PDF3 Cites 24 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0011] 2) Potential safety hazards brought by opening up
Openness is a double-edged sword. Third-party applications and various plug-ins may carry various risks such as malicious functions, undeclared functions, and security vulnerabilities.
[0012] 3) Potential safety hazards caused by rule conflicts
Traffic in an SDN network can be scheduled globally, but current security devices generally do not have the ability to have a global view, and cannot fully restore and analyze cross-device flows, resulting in false positives

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for auditing SDN
  • Method for auditing SDN
  • Method for auditing SDN

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0039] Example 1: figure 2It is the scheme of the present invention, based on the audit model of SDN network, wherein the dotted line box is the existing equipment, and the solid line box is the scheme device of the present invention, wherein:

[0040] The probe deployment step is to deploy probes on the SDN network control plane and forwarding plane according to the management decision, that is, the monitoring step; the management decision is based on the network’s own status, audit report recommendations or SLA (service level agreement) and other comprehensive formulations;

[0041] The monitoring step is used to monitor and collect statistics on SDN network traffic and events. Specifically, the audit content of the control plane includes but is not limited to application authentication, network element identity authentication, virus / attack detection and protection, security / control policy conflicts, configuration errors, etc. The collection / audit methods of the control pla...

Embodiment 2

[0055] Embodiment 2: as Figure 4 The control plane audit steps shown,

[0056] In this embodiment, the typical application authentication of the SDN control plane is taken as an example. The monitoring equipment of the control plane collects all data containing authentication information through the DPI deep message detection technology (the method of DPI collection may specifically be based on the DPI identification step Predetermined feature words are used to identify authentication-related information, and the DPI control step collects and sends the identified data), and sends it to the control plane audit control sub-step (audit control device 103 in the figure) for processing, wherein the collected data receiving / storage unit The received data is cached, and the audit analysis unit performs audit analysis on the data according to predetermined rules (such as based on authentication results / time / application type, etc.), and the analysis results are sent to the audit compr...

Embodiment 3

[0057] Embodiment 3: as Figure 5 The forwarding plane audit steps are shown.

[0058] In this embodiment, the flow of the forwarding plane flowing through the first port of the first device 101, the second port and the third port of the second device 102 is collected by means of bypass monitoring / statistics. First, the management platform is based on customer requirements or management It is required to deploy probes / monitors on the forwarding plane. This embodiment is mainly deployed on some ports of the first device 101 and the second device 102. The first port, the second port and the third port flow are collected, and the collected data is transmitted to the audit control step (audit control device 103 in the figure) through the interface of the monitor and the audit control step, wherein the collected data receiving / storage unit is to the received data Perform caching, the audit analysis unit performs audit analysis on the data according to predetermined rules (such as ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for auditing an SDN, and belongs to the field of information auditing. The method comprises the steps that 1 probes / monitoring modules used for conducting monitoring and counting on the flow and events of the SDN are arranged on a control plane and a transmitting plane of the SDN through a management platform respectively; 2 the monitoring module arranged on the control plane is used for collecting data and sending the data to an audit control module, a control plane sub-module in the audit control module is used for receiving / storing the data and conducting further audit analysis according to a preset rule, and an audit result / log / report is output to an audit comprehensive processing module; 3 the monitoring module arranged on the transmitting plane is used for collecting data and transmitting the data to the audit control module, a transmitting plane sub-module in the audit control module is used for receiving / storing the data and conducting further audit analysis according to a preset rule, and an audit result / log / report is output to the audit comprehensive processing module.

Description

technical field [0001] The invention relates to a method for auditing an SDN network, belonging to the field of information auditing, in particular to a method and a device for auditing an SDN network (Software Defined Network, software-defined network). Background technique [0002] With the rapid development of the Internet and the scale of data centers, especially under the impact of virtualization technology, operators and operators of large data centers have encountered more and more challenges, such as: network equipment does not have open interfaces, it is difficult to implement The automation of operation and maintenance activities makes it difficult to reduce operating costs; relying on the response of network equipment suppliers cannot meet the rapidly changing business needs of business departments; the interoperability between network equipment is not good, which easily leads to supplier lock-in; the network scale is difficult Rapid expansion and reduction (Scale...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/24H04L12/26
Inventor 宋晓丽张佃徐亚非王建国杨文勃
Owner 国都兴业信息审计系统技术(北京)有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com