Method for implementing abnormal traffic interception based on SDN

Abstract

Embodiments of the invention provide a method and a system for implementing abnormal traffic interception. The method mainly comprises the following steps: extracting abnormal traffic characteristic information in a network, developing an appropriate traffic interception policy according to the abnormal traffic characteristic information, and transmitting the abnormal traffic characteristic information and the traffic interception policy to an SDN (Software Defined Network) controller; generating a traffic interception matching table item of forwarding equipment by the SDN controller according to the abnormal traffic characteristic information and the traffic interception policy, and transmitting the traffic interception matching table item to SDN forwarding equipment; matching received characteristic information of a packet to be forwarded with the traffic interception matching table item by the SDN forwarding equipment, and after matching successfully, performing interception on the packet to be forwarded according to the traffic interception matching table item. The embodiments of the invention can effectively and flexibly intercept the abnormal traffic or attack of the network without affecting normal services of the network, and are applicable to enterprise networks, campus networks, data center networks, internet networks and other traditional networks or novel SDN networks for intercepting the abnormal traffic.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to an SDN-based method for realizing abnormal traffic interception. Background technique [0002] With the rapid development of the Internet, the openness and freedom of the network are getting higher and higher, and the importance of network security is also becoming more and more prominent. The current security solutions mostly use security defense technologies (such as firewall systems) and intrusion detection technologies (such as Intrusion detection system, intrusion prevention system, network audit system, database audit system, malicious code monitoring system, etc.), through security defense technology to prevent illegal users from entering the network, reduce network security risks, monitor and detect network anomalies through detection technology However, although the existing security methods have solved the security problems of the network and equipment to a cer...

AI Technical Summary

Problems solved by technology

[0002] With the rapid development of the Internet, the openness and freedom of the network are getting higher and higher, and the importance of network security is also becoming more and more prominent. The current security solutions mostly use security defense technologies (such as firewall systems) and intrusion detection technologies (such as Intrusion detection system, intrusion prevention system, network audit system, database audit system, malicious code monitoring system, etc.), through security defense technology to prevent illegal users from entering the network, reduce network security risks, monitor and detect network anomalies through detection technology However, although the existing security methods have solved the security problems of the network and equipment to a certain extent, they all have certain defects. For example, traditional firewalls are deployed at the edge of the network to reject those obviously suspicious external network traffic. , but still allows some intrusions masquerading as normal traffic to pass through, and not all threats come from the outside, so the firewall is still helpless against many attacks, especially attacks between internal networks

[0003] The detection system deployed in the bypass can detect the in-depth attacks that penetrate the firewall in time, but it cannot intercept suspicious packets in real time or the interception effect is not ideal. Most intrusion detection systems are passive

Images