SDN (software defined network) framework, system and working method combining DDoS (distributed denial of service) threat filtering and routing optimization

A working method and routing technology, applied in the field of network security, can solve network security problems and other problems, achieve the effect of reducing burden, ensuring communication quality, and reducing coupling correlation

Inactive Publication Date: 2015-04-22
NANJING XIAOZHUANG UNIV
View PDF6 Cites 33 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The purpose of the present invention is to provide an SDN network architecture to solve the network security problems caused by a large number of DDoS attacks in the existing network, so as to realize fast, efficient and comprehensive identification and defense against DDoS attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • SDN (software defined network) framework, system and working method combining DDoS (distributed denial of service) threat filtering and routing optimization
  • SDN (software defined network) framework, system and working method combining DDoS (distributed denial of service) threat filtering and routing optimization
  • SDN (software defined network) framework, system and working method combining DDoS (distributed denial of service) threat filtering and routing optimization

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0082] figure 2 A block diagram of the SDN network architecture of the present invention is shown.

[0083] Such as figure 2 As shown, a kind of SDN network framework, comprises: application plane, data plane and control plane; Wherein data plane, when any IDS device (ie intrusion detection device) in the data plane detects attack threat, notify application plane to enter into The attack type analysis process; the application plane is used to analyze the attack type, and customize the corresponding attack threat processing strategy according to the attack type; the control plane provides the attack threat processing interface for the application plane, and provides the optimal path calculation and / or Attack Threat Identification Interface.

[0084] The attack threat includes but not limited to: DDOS attack threat.

[0085] figure 2 In the application plane, attack type analysis, attack threat processing strategy, data plane attack behavior monitoring, attack threat shi...

Embodiment 2

[0088] image 3 A structural block diagram of the SDN system of the present invention is shown.

[0089] Such as image 3 As shown, an SDN system includes: a controller, an IDS decision server, a distributed IDS device, and a traffic cleaning center; when any IDS device detects a message with DDoS attack characteristics, it will report to the IDS decision server; the IDS decision server formulates a processing strategy corresponding to the message with DDoS attack characteristics according to the reported information, and then shields the message through the controller or accesses the port flow of the switch corresponding to the message Redirect to traffic cleaning center for filtering.

[0090] Among them, the characteristics of DDoS attack are defined as: spoofing of link layer and Internet layer addresses, abnormal behavior of Internet layer and transport layer flag setting, and flood attack behavior of application layer and transport layer.

[0091] Figure 4 It shows ...

Embodiment 3

[0180] Based on Embodiment 1 and Embodiment 2, a working method of an SDN system that integrates DDoS threat filtering and routing optimization can effectively reduce the workload of the controller through distributed detection and centralized processing, and improve detection efficiency and data transfer rate.

[0181] The working method of the SDN system integrating DDoS threat filtering and route optimization of the present invention includes the following steps: step S100, network initialization; step S200, distributed DDoS threat monitoring; and step S300, threat processing and / or route optimization.

[0182] Further, the devices involved in network initialization in step S100 include: a controller, an IDS decision server and distributed IDS devices;

[0183] The steps of network initialization are as follows:

[0184] Step S101, the IDS decision server establishes a dedicated SSL communication channel with each IDS device; Step S102, the controller builds a network devi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a SDN (software defined network) framework, system and working method combining DDoS (distributed denial of service) threat filtering and routing optimization. The SDN framework comprises an application plane, a data plane, and a control plane, wherein when an attack threat is detected by any IDS device located on the data plane, the application plane is notified to enter the attack type analysis process; the application plane is used for making analysis of the attack type and making the corresponding treatment strategy for the attack threat according to the attack type; the control plane provides an attack threat processing interface for the application plane and provides the optimal path algorithm and / or an attack threat identification interface for the data plane. According to the SDN framework, system and working method, when a network suffers from a large-scale DDoS threat, traffic forwarding of routing optimization can be realized according to the real-time conditions of a link, meanwhile, DDoS threat identification and response processing can be conducted quickly and accurately, and network communication quality can be comprehensively guaranteed.

Description

technical field [0001] The invention relates to the field of network security, in particular to a method and system for identifying and protecting against DDoS attacks based on an SDN architecture. Background technique [0002] At present, high-speed and widely connected networks have become an important infrastructure of modern society. However, with the expansion of the scale of the Internet, the defects of the traditional normative system are increasingly emerging. [0003] The latest report released by the National Computer Network Emergency Response Technology Coordination Center (CNCERT / CC) shows that hacker activities are becoming more and more frequent, and attacks such as website backdoors, phishing, and malicious web malware are on the rise. facing serious challenges. [0004] Among them, Distributed Denial of Service attack (Distributed Denial of Service, DDoS) is still one of the most important threats affecting the security of Internet operation. The number, ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/725H04L45/125
CPCH04L45/302H04L63/10
Inventor 张家华王江平李滢李朔
Owner NANJING XIAOZHUANG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap