Openflow-based flow depth correlation analysis method and system

A technology of correlation analysis and flow analysis, which is applied in the field of computer networks, can solve problems such as failure to meet security event behavior analysis and analysis requirements of multiple dimensions of network traffic, and achieve the effect of satisfying security event behavior analysis

Inactive Publication Date: 2015-10-28
北京云杉世纪网络科技有限公司
View PDF6 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In view of the fact that the existing technology cannot meet the analysis requirements of various dimensions of network traffic, especially the defect

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Openflow-based flow depth correlation analysis method and system
  • Openflow-based flow depth correlation analysis method and system
  • Openflow-based flow depth correlation analysis method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0088] Example of SYN Flood attack detection on a virtual network in a cloud environment:

[0089] There are a large number of users in the cloud environment. Because the resources rented by these users share a large resource pool, once a cloud host has a security problem, such as becoming a bot for hackers to attack, it will have a great impact on the business of other users in the cloud. influences. Utilizing the present invention can provide convenient means for cloud operators to quickly and effectively know where and how attacks occur.

[0090] Taking a cloud host in a cloud environment as a hacker's hacker (a computer remotely controlled by a hacker) and starting to launch a SYN Flood attack to the external network as an example, this embodiment can quickly identify the attack behavior:

[0091] 1) The cloud host captured by the hacker launches a SYN Flood attack;

[0092] 2) In order to cover up the attack behavior, hackers forged a large number of fake source address...

Embodiment 2

[0100] Examples of security vulnerability scanning and detection in cloud environments:

[0101] A cloud host in the cloud environment has a security risk, and a port scan is performed on the virtual machine inside the cloud platform. The flow analysis controller calls the application analysis module to analyze the received flow information, finds that the connection frequency initiated by the cloud host exceeds the threshold, calls the alarm module to notify the administrator, and generates a report to display on the interface. Specifically include:

[0102] 1) A host starts port scanning to other hosts, sniffing machines with security vulnerabilities in the cloud.

[0103] 2) The scanning packets sent by the attacking host to each host are not many, and it is difficult to find security abnormal behaviors through large-scale traffic analysis and inspection, which will be covered up by a large number of normal traffic.

[0104] 3) The stream acquisition module records all tr...

Embodiment 3

[0110] Examples of business dynamic expansion decision-making in cloud environment:

[0111] With the dynamic expansion of the business in the cloud environment, the amount of resources cannot meet the business needs and needs to be adjusted dynamically. Using the method of this embodiment, accurate quantitative analysis can be realized, and the feedback can be fed back to the cloud platform according to the established strategy, so that the amount of resources can be dynamically adjusted. Specifically include:

[0112] 1) The user deploys the business system, regularly obtains connection statistics and reports them to the controller.

[0113] 2) The information reported to the controller includes multiple information such as normal connection, connection not established normally, bandwidth usage rate, and concurrent connection.

[0114] 3) The stream acquisition module records all traffic, and imports it from the kernel to the user space module, and then passes it to the st...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an openflow-based flow depth correlation analysis method. The method includes the steps: an openflow flow collector records a received data packet according to flows, compresses flow information, and sends the compressed flow information to a flow analysis controller; the flow analysis controller performs integration of the received flow information on the basis of a connecting state; the flow analysis controller analyzes the integrated information from multiple dimensions to obtain an analysis result; the analysis result and a preset threshold are compared, a warning is sent out if the analysis result exceeds the preset threshold, and a form is generated. The invention also provides an openflow-based flow depth correlation analysis system. The system includes a flow analysis controller and at least one openflow flow collector. Through adoption of the method and the system, flows can be collected, classified and combined, and the requirements of applications of log analysis and security analysis are satisfied.

Description

technical field [0001] The invention relates to the technical field of computer networks, in particular to an openflow-based flow depth correlation analysis method and system. Background technique [0002] The data analysis methods in the traditional network are based on packet sampling, connection-based and NetFlow, etc., as follows: (1) The method based on packet sampling. The method samples the packets transmitted on the data link according to a certain algorithm, and extracts a part of the packets for analysis. (2) Connection-based method. This method reassembles the packets on the link according to flow, and records the state of the connection, and then analyzes each connection. (3) The method based on NetFlow. This method summarizes the flow information on each link to the server through the NetFlow protocol of Cisco, and then analyzes it. [0003] However, the above data analysis methods have the following functional defects: (1) The packet sampling method in the ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/24H04L12/801H04L29/08H04L29/12
CPCH04L41/0631H04L41/14H04L47/10H04L2101/618H04L67/5651
Inventor 张天鹏张志明骆怡航
Owner 北京云杉世纪网络科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap