Network security audit and access system based on Openflow, network security audit method based on Openflow, and network security access method based on Openflow

A network security and security audit technology, applied in the field of network communication, can solve the problems of complex implementation technology and high equipment cost, and achieve the effect of simplifying the operation process and reducing the cost

Inactive Publication Date: 2016-02-17
陈鸣
View PDF4 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Aiming at the problems of complex implementation technology and high equipment cost in the network security audit/access control mechani

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network security audit and access system based on Openflow, network security audit method based on Openflow, and network security access method based on Openflow
  • Network security audit and access system based on Openflow, network security audit method based on Openflow, and network security access method based on Openflow
  • Network security audit and access system based on Openflow, network security audit method based on Openflow, and network security access method based on Openflow

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0040] The present invention will be further described below in conjunction with the drawings and embodiments.

[0041] A security audit method includes the following steps:

[0042] A. The basic steps to extract audit logs from flow information are as follows:

[0043] 1) When the SDN controller sends the controller-to-switch's Modify-state, Read-state, and Send-packet three subtypes to the switch, and the switch initiates Packet-in, Flow-removed, Port-status and When there are 4 kinds of asynchronous messages such as Error, the controller extracts relevant flow information to form a flow record;

[0044] 2) The flow record includes the timestamp, destination / source IP address, destination / source MAC address, transport layer protocol type, destination / source port number, OpenFlow switch ID, OpenFlow switch interface and event type when extracting flow information;

[0045] 3) The SDN controller uses "destination IP address" + "time stamp" as the row key to insert the above flow record...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

Provided are a network security audit and access system based on Openflow, a network security audit method based on Openflow, and a network security access method based on Openflow. The invention provides a solution in view of high equipment cost and difficulty in function expansion of a network security audit system and an access control system which are widely used in an IP network. An expensive dedicated device for generating flow is not required. By means of a characteristic based on flow operation of an Openflow switch, flow information extraction and access control are performed economically and conveniently. A function of searching a mass of audit flow records at a high speed can be provided by a cheap open-source cloud platform. The method may utilize soft definition and is based on safety strategy control so as to contribute to a decrease in network security equipment cost and simplification of operation procedures.

Description

technical field [0001] The invention belongs to the field of network communication, and specifically proposes a network security audit / access control system and method based on OpenFlow flows. Background technique [0002] At present, the Internet is an indispensable information infrastructure in modern society, but its openness makes it face all kinds of network threats all the time. Therefore, people have developed various network security mechanisms and equipment to improve network security. These security devices have many types, large quantities, and complex configurations, which not only pushes up the cost of the network system, but also frequently causes problems such as network failures and inefficient work. [0003] Network security auditing and access control are two widely used network security mechanisms. Network security audit forms a deterrent force that can trace the traces of network entities and make them responsible for the consequences of their actions b...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L12/911
CPCH04L63/10H04L47/70H04L63/08
Inventor 陈鸣吴泉峰
Owner 陈鸣
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap