Multi-domain network security situation perception model and method based on SDN

A security posture and multi-domain network technology, applied in the field of network security and network management, can solve the problems of inconvenient layout and high cost, and achieve the effect of avoiding the difficulty of data fusion

Active Publication Date: 2016-04-13
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF3 Cites 25 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Through the description of the above background technology, it can be seen that the existing network security situational awareness model is not combined with SDN technology, and it is aimed at the traffic based on data packets or data packet integration flow in the traditional network represented by the patent document with the publication number 103581186A In terms of information, not only the router's software support for NetFlow is required, but also the additional configuration of hardware chips in the switch to support sFlow is required, which is costly and inconvenient to arrange.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Multi-domain network security situation perception model and method based on SDN
  • Multi-domain network security situation perception model and method based on SDN

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0050] SDN-based multi-domain network security situation awareness mainly includes: flow data extraction module, flow data anomaly detection module, security situation element extraction module, security situation assessment module, and network security situation assessment knowledge base.

[0051] The flow data extraction module is used to extract the network flow information of the backbone network and each security domain respectively, and complete data collection and feature extraction. A network flow refers to a collection of data packets with the same attribute in network traffic, for example, a network flow with the same destination IP address attribute. In specific cases, attributes can be specified or even combined as required. The concept of network flow has a very specific entity correspondence in the SDN network - flow table (item). As long as the controller checks all the flow entries on the switch and the number of times they match data packets, it can easily obt...

Embodiment approach

[0057] As the best implementation mode of the present invention, it comprises the following steps:

[0058] Step 1). At the end of the current time window, the controller extracts all existing network flow entities from the backbone network switch and the SDN switch at the exit of each security domain——flow entries and their matching information on data packets, such as The number of matches and the number of bytes.

[0059] Step 2). The flow data extraction module continues to perform flow statistics on the flow data of the backbone network and each security domain. Numbers, etc., and the probability statistics of the flow, such as statistics of the probability distribution of each flow according to the destination IP, or the probability distribution of the destination port flow, and then calculate the Shannon entropy of these probabilities and standardize them. Finally, these statistical information are combined in the form of vectors to form feature vectors of streaming da...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a multi-domain network security situation perception model and a multi-domain network security situation perception method based on SDN. The model comprises a streaming data extraction module, a streaming data abnormity detection module, a security situation factor extracting module, a security situation evaluation module and a network security situation evaluation knowledge base. According to the multi-domain network security situation perception model and method based on SDN, the flow table mechanism in OpenFlow is used, and thereby a controller can obtain the network flow information more timely and efficiently, and extra network loads are not added. Compared with obtaining the flow information based on data packets or data packet integrated flow in the traditional network, the method does not need the software support of the router to NetFlow, does not need to additionally configure a hardware chip in the exchanger to support sFlow either, thus the system is cost-saving and convenient to deploy.

Description

technical field [0001] The present invention relates to the field of network security and network management, in particular to a network security situation awareness model and method in an SDN-based multi-domain network. Background technique [0002] Network security issues have always existed, and software and hardware measures to deal with security threats have also been widely used. However, when faced with a large amount of threat detection data, network managers cannot quickly and accurately extract useful information for network security management decisions. For this reason, researchers applied the situational awareness technology that first appeared in the aviation field to the network, and proposed network security situational awareness. Managers deal with all kinds of security issues in the network in a timely manner. [0003] The Chinese patent document with the publication number of 103581186A and the publication date of February 12, 2014 discloses a network se...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/24
CPCH04L41/145H04L63/20
Inventor 唐勇王卫振汪文勇
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap