Method and device for blocking botnet control channel based on SDN (Software Defined Network) technology

A botnet and control channel technology, applied in the field of software-defined network security, can solve problems such as high operating pressure of cleaning equipment and large attack traffic

Inactive Publication Date: 2016-04-20
CHONGQING UNIV OF POSTS & TELECOMM
View PDF12 Cites 23 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, this is a passive response solution after a DDOS attack occurs. When a DDOS attack with a long

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for blocking botnet control channel based on SDN (Software Defined Network) technology
  • Method and device for blocking botnet control channel based on SDN (Software Defined Network) technology
  • Method and device for blocking botnet control channel based on SDN (Software Defined Network) technology

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 2

[0035] like figure 1 As shown, the device for blocking the control channel of a botnet based on SDN technology is composed of a system control module 10, a flow table policy module 11, and a traffic cleaning module 12. The specific deployment positions are as follows: figure 2 shown.

[0036] The system control module 10 can run independently on a dedicated server, or it can be deployed on the same server as the flow table policy module 11 or the traffic cleaning module 12. Users can access the WEB page provided by the system control module 10 through the HTTP protocol to realize key parameters. Configure, view the current system running status and other operations. The system control module 10 communicates with the flow table policy module 11 and the traffic cleaning module 12 through socket connections, so as to realize the delivery of system instructions and characteristic parameters and the upload of operating state parameters.

[0037] In addition to communicating with...

Embodiment 3

[0040] like image 3 As shown, for a botnet where the bot 32 is within the range of the SDN network 34 and the botnet controller 33 is in other networks 35, under normal circumstances the infected bot 32 can join the control channel of the botnet controller 33, upload user information and Receive instructions from the botnet controller.

[0041] When the system control module 10 , the flow table policy module 11 , and the traffic cleaning module 12 are connected and started, the user completes the configuration through the system control module 10 . The flow table policy module 11 sends the flow table for redirection to the SDN switch in the SDN network 34 through the SDN controller 30 . When the bot 32 sends a message to the botnet controller 33, because the network layer and transport layer characteristics of the message are consistent with those in the redirection flow table, the message will be redirected to the traffic cleaning module 12, and the traffic cleaning module ...

Embodiment 4

[0043] like Figure 4 As shown, for both the bot 42 and the botnet controller 43 are within the range of the SDN network 44, under normal circumstances the infected bot 42 can join the control channel of the botnet controller 43, upload user information and receive information from the botnet controller instructions.

[0044] When the system control module 10 , the flow table policy module 11 , and the traffic cleaning module 12 are connected and started, the user completes the configuration through the system control module 10 . The flow table policy module 11 sends the flow table for redirection to the SDN switch in the SDN network 46 through the SDN controller 40 . When the bot 45 sends a message to the botnet controller 44, since the network layer and transport layer characteristics of the message are consistent with those in the redirection flow table, the message will be redirected to the traffic cleaning module 12, and the traffic cleaning module 12 uses the depth The...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention sets forth a method and a device for blocking a botnet control channel based on an SDN (Software Defined Network) technology. The device comprises a system control module, a flow table strategy module and a traffic cleaning module. The system control module is used for receiving key parameters configured by a user and transmitting the key parameters to the flow table strategy module and the traffic cleaning module, and simultaneously displaying the running state of a current system to the user. The flow table strategy module calculates a flow table according to the user configured parameters and the current network topological structure, and transmits the flow table to an SDN switch through an SDN controller, thus redirecting the traffic conforming to control channel characteristics in a network to the traffic cleaning module. The traffic cleaning module precisely matches the received traffic by using a technology of deep packet detection and the like, filters the traffic conforming to control channel characteristics, and returns other traffic to the network to ensure normal communication.

Description

technical field [0001] The invention relates to the field of software-defined network security, and in particular designs a protection method and device for botnets. Background technique [0002] With the rapid expansion of the Internet, more and more computers are connected to the network. Some of the computers have not been updated with patches or installed anti-virus software in time. Computers with loopholes in these security measures provide opportunities for hackers, known as bots. A botnet is a network structure composed of a group of controlled bots. Hackers can take advantage of certain security holes or worms to attack a bot, and then implant bot tools into the host. The bot tools will connect to the botnet controller through the control channel and wait for the next command. The most effective way to destroy a botnet is to hijack its control channel, block the communication channel between the botnet controller and the bot, and make the botnet invalid from the ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L12/801
CPCH04L63/1458H04L47/10
Inventor 赵国锋刘一流曾帅徐川
Owner CHONGQING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap