Network security defense system based on software-defined network and working method of network security defense system

A defense system and network security technology, applied in the field of network security, can solve the problems of SDN controller unable to respond, high hardware requirements, etc., to achieve the effect of improving high cohesion characteristics, improving detection efficiency, and improving efficiency

Active Publication Date: 2015-04-22
常州麦拉风网络科技有限公司
View PDF5 Cites 44 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] However, in the specific implementation process of the software-defined network technical solution, it is found that the SDN controller has hi

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network security defense system based on software-defined network and working method of network security defense system
  • Network security defense system based on software-defined network and working method of network security defense system
  • Network security defense system based on software-defined network and working method of network security defense system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0027] figure 1 A structural block diagram of the network security defense system of the present invention is shown.

[0028] Such as figure 1As shown, a network security defense system includes: an SDN controller, an IDS decision server, and a distributed IDS device; When having the message of DDoS attack characteristic, report to IDS decision-making server (also can report to IDS decision-making server through SSL communication channel); Described IDS decision-making server formulates the processing corresponding to the message with DDoS attack characteristic according to reported information policy, and deliver the processing policy to the SDN controller for threat handling. The processing strategy will be described in the following examples.

[0029] Among them, the characteristics of DDoS attack are defined as: spoofing of link layer and Internet layer addresses, abnormal behavior of Internet layer and transport layer flag setting, and flood attack behavior of applicat...

Embodiment 2

[0114] A working method of a network security defense system based on Embodiment 1, by separating random inspection from threat processing, effectively reduces the workload of the SDN controller and improves detection efficiency and data transmission rate.

[0115] image 3 A flow chart of the working method of the network security defense system of the present invention is shown.

[0116] Such as image 3 As shown, the working method of the network security defense system of the present invention comprises the following steps:

[0117] Step S100, initialize the configuration; Step S200, enable the IDS device to perform DDoS threat sampling according to the preset interval time; and Step S300, formulate corresponding processing policies according to the threat detection and send them to the SDN controller for threat processing.

[0118] The present invention realizes the random inspection of DDoS by means of random inspection, which greatly reduces the burden of the SDN cont...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a network security defense system based on a software-defined network and a working method of the network security defense system. The network security defense system comprises an SDN controller, an IDS decision making server and an IDS device. The IDS device is suitable for spot-checking messages, and in other words, when the IDS device detects the messages with the DDoS attack characteristics, the messages are reported to the IDS decision making server; the IDS decision making server formulates a processing strategy corresponding to the messages with the DDoS attack characteristics according to reported information, and the processing strategy is issued to the SDN controller for threat processing. The messages are detected in a spot-checking mode, the burden on the SDN controller is greatly reduced, the burden on the server is further reduced in the mode that detection and decision making are separated, and the system is more suitable for network transmission of high-flow data.

Description

technical field [0001] The invention relates to the field of network security, in particular to a network security defense system and its working method. Background technique [0002] At present, with the expansion of the scale of the Internet, the latest report released by the National Computer Network Emergency Response Technology Coordination Center shows that: DDOS attack incidents are on the rise, and the network security of the country and enterprises is facing severe challenges. [0003] Among them, Distributed Denial of Service attack (Distributed Denial of Service, DDoS) is still one of the most important threats affecting the security of Internet operation. The number, size, and type of DDoS attacks have increased dramatically over the past few years. [0004] Software Defined Network (Software Defined Network, SDN) has the characteristics of real-time update of routing policies and rules, support for in-depth data packet analysis, etc., so it can provide faster a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/0218H04L63/0227H04L63/1441
Inventor 韩红章严莉李忠张杰
Owner 常州麦拉风网络科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap