Unlock instant, AI-driven research and patent intelligence for your innovation.

Method and device for security processing of data stream

A technology for secure processing and data flow, applied in the field of communication, which can solve the problems of low security performance and heavy load.

Active Publication Date: 2015-06-10
HUAWEI TECH CO LTD
View PDF3 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Embodiments of the present invention provide a data stream security processing method and device to solve the problem of low security performance and heavy load of software modules in the prior art to a certain extent

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for security processing of data stream
  • Method and device for security processing of data stream
  • Method and device for security processing of data stream

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0077] Figure 1A It is a flow chart of the data stream security processing method provided by Embodiment 1 of the present invention, as shown in Figure 1A As shown, it specifically includes the following steps:

[0078] Step 101. Obtain feature information of a data stream, where the feature information includes source and destination information of the data stream;

[0079] Step 102. Determine the security level of the data flow according to the feature information;

[0080] When a data flow needs to be forwarded, the controller can obtain the characteristic information of the data flow and the link status of the current network device (such as port congestion, forwarding line speed, etc.), and then determine the link status and the characteristic information of the data flow For the security level of the data flow, the method for determining the security level is not limited in the present invention.

[0081] Step 103. Determine a forwarding path for transmitting the data...

Embodiment 2

[0104] Embodiment 2 is based on Embodiment 1, and is a specific description of determining different path search mechanisms according to different security levels in Embodiment 1. The path search mechanism in Embodiment 1 can be the shortest path search mechanism and the shortest safe path search mechanism. and the fastest detection path search mechanism, the path search mechanism of the present invention is not limited to the above three path search mechanisms.

[0105] The determination of the security level can be specifically exemplified in the following two ways, but is not limited to the following two ways.

[0106] Method 1: Divide the security level based on the source of the data flow. A specific example is to divide the security level according to the reliability of the data flow source. Different security levels correspond to different path search mechanisms. The specific division is shown in Table 1. .

[0107] Table 1. Mode 1 security level classification

[010...

Embodiment 3

[0196] Embodiment 3 is a combination of Embodiment 1 and Embodiment 2, and a specific description of the data flow security processing method. image 3 The flow chart of the data flow security processing method provided by Embodiment 3 of the present invention, as shown in image 3 As shown, it specifically includes the following steps:

[0197] Step 301, obtaining network topology information;

[0198] The network topology information includes the status information of the security device and the forwarding device, as well as the connection relationship between them. At the same time, the security capability information of the security device can be obtained. The security capability information includes the security capability information of layers 2-3 and the layer 2-7 security capability information.

[0199] Step 302, acquiring characteristic information of the data flow, and determining the security level of the data flow;

[0200] Step 303, determine according to the ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A data stream security processing method and apparatus are disclosed. The data stream security processing method of the present invention includes: acquiring feature information of a data stream (101), where the feature information includes source information and destination information of the data stream; determining a security level of the data stream (102) according to the feature information; determining (103), according to the security level, a forwarding path for transmitting the data stream; and delivering (104) information used for indicating the forwarding path to devices in the forwarding path. A forwarding path is determined according to the security level, where a forwarding path may go through a security device to implement a corresponding security function of the forwarding path, thereby improving data stream forwarding security. The method and apparatus may be used in a software defined network, SDN, for example using OpenFlow.

Description

technical field [0001] Embodiments of the present invention relate to communication technologies, and in particular to a method and device for securely processing data streams. Background technique [0002] Software defined network (SDN for short) technology is an emerging network architecture that separates control and forwarding. The two main devices in SDN technology are the central controller (also called controller) and network devices. [0003] On the basis of SDN technology, the existing data flow security processing method is that the data flow first passes through the software module inside the controller for security detection, and then the controller issues a forwarding path that only passes through the forwarding device. [0004] In the above-mentioned existing data flow security processing methods, the security performance of the security detection by the software module is not high. In addition, the controller not only needs to decide the transmission path of t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/24
CPCH04L63/105H04L65/60H04L45/64H04L45/12H04L45/123H04L63/164H04L63/16
Inventor 王东晖李金明
Owner HUAWEI TECH CO LTD