SDN (self-defending network) anomaly detection and interception method and system

An anomaly detection and anomaly technology, applied in the field of network security, can solve the problems of high bandwidth consumption, large amount of data, data paralysis, etc., to reduce the amount of data processing and improve the detection rate.

Active Publication Date: 2015-04-29
SYSU CMU SHUNDE INT JOINT RES INST
View PDF7 Cites 28 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the amount of data obtained by distributed data collection is generally very large, and a server with strong computing power is required to process it.
In a large-scale, high-speed network, distributed collection of data will consume a lot of bandwidth, and a large amount of data will easily paralyze the central server

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • SDN (self-defending network) anomaly detection and interception method and system
  • SDN (self-defending network) anomaly detection and interception method and system
  • SDN (self-defending network) anomaly detection and interception method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0047] Such as figure 1 Shown, a kind of SDN anomaly detection and blocking method, described method is applied to SDN network, and described method comprises the following steps:

[0048] S1: Randomly sample the data flow at the port of the switch to obtain the sampled data packet;

[0049] S2: Take out the sample data in the sampling data packet, obtain multiple characteristic fields of the sample data, update the countable hash table corresponding to each characteristic field, and the value of the countable hash table is the specific value of each characteristic field in the current statistics the number of times the cycle has occurred;

[0050] S3: At the interval of the preset time window, calculate the entropy value of the countable hash table corresponding to each feature field in the time window; if the entropy value is greater than or equal to the preset abnormal judgment threshold, clear the abnormal counter, otherwise abnormal The counter counts up by 1; if the va...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an SDN (self-defending network) anomaly detection and interception method and system. The method is applied to an SDN network and comprises steps as follows: data streams are subjected to random sampling, and a sampling data package is obtained; sample data in the sampling data package are fetched, multiple characteristic fields of the sample data are obtained, and a countable hash table corresponding to each characteristic field is updated; an entropy value of the countable hash table corresponding to each characteristic field is calculated in a time window at the interval of the preset time window; if the entropy value is larger than or equal to the preset anomaly judgment threshold value, an anomaly counter is cleared, and otherwise, count of the anomaly counter is added with one; if the value of the anomaly counter is a preset counting threshold value, anomaly attacking is judged, and otherwise, processing is not performed; abnormal attack is intercepted according to a preset interception mechanism. The method and the system have the advantages of high detection efficiency and low data processing load.

Description

technical field [0001] The present invention relates to the technical field of network security, and more specifically, to an SDN anomaly detection and blocking method and system. Background technique [0002] The Internet has become an indispensable part of our lives, but network attacks are seriously affecting our online experience and the security of online information. Distributed network attacks such as DDoS, worms, and scanning are rampant. Traditional network attacks affect the modern Internet and the future Internet safety. Distributed coordinated attacks have the characteristics of wide range, concealment and synchronization. The traffic observed by the previous single-point IDS (Intrusion Detection System) is limited, and it is difficult to detect scattered and concealed attack traffic. [0003] The method of distributed data collection is used to obtain more data, and to detect hidden attacks from global vision, which can improve the detection rate. However, th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L43/022H04L63/1416H04L63/1441Y02D30/50
Inventor 陈晓帆黎志勇吴广锐余顺争
Owner SYSU CMU SHUNDE INT JOINT RES INST
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap