DDoS filtering method based on SDN network architecture

A filtering method and network architecture technology, applied in the field of network security, can solve problems such as network security issues, and achieve the effect of running colleges and universities, avoiding traffic data loss, and reducing burden

Inactive Publication Date: 2016-08-17
吴正明
View PDF3 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The purpose of the present invention is to provide a DDOS filtering method based on SDN network architecture, to solve the network security problems caused by a large number of DDoS attacks in the existing network, to realize fast, efficient and comprehensive identification and defense of DDoS attacks, and to reduce threats Distinguish between network topology changes after processing and link failures to provide corresponding message sending paths

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DDoS filtering method based on SDN network architecture
  • DDoS filtering method based on SDN network architecture
  • DDoS filtering method based on SDN network architecture

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0035] figure 1 A structural block diagram of the SDN network architecture of the present invention is shown.

[0036] Such as figure 1 As shown, the SDN network architecture of the present invention includes: an SDN controller, an IDS decision server, an IDS device (i.e. an intrusion detection device) and a traffic cleaning center; The channel is reported to the IDS decision server; the IDS decision server formulates a processing strategy corresponding to the message with DDoS attack characteristics according to the reported information, and then the message is shielded by the SDN controller or the OF The traffic on the access port of the switch is redirected to the traffic cleaning center for filtering; at the same time, the current SDN link status information is collected through the SDN controller to provide the corresponding packet sending path.

[0037] Among them, the characteristics of DDoS attack are defined as: spoofing of link layer and Internet layer addresses, a...

Embodiment 2

[0125] A DDOS filtering method based on the SDN network architecture based on Embodiment 1, through detection and centralized processing, effectively reduces the workload of the SDN controller, improves detection efficiency and data transmission rate, and collects SDN link status information to avoid traffic loss when a link fails.

[0126] The DDOS filtering method based on the SDN network architecture of the present invention includes the following steps: step S100, network initialization; step S200, distributed DDoS threat monitoring and / or collecting SDN link status information; and step S300, threat processing and / or determination Data distribution path.

[0127] Further, the devices involved in network initialization in the step S100 include: SDN controller, IDS decision server and IDS equipment; the steps of network initialization are as follows: Step S101, the IDS decision server and IDS equipment establish a dedicated SSL channel; S102, the SDN controller builds a ne...

Embodiment 3

[0153] The SDN framework of the present invention can define SDNQA (SDN Communication Quality Assurance Strategy), that is, an SDN communication quality assurance strategy.

[0154]The test environment and test contents of the SDN framework of the present invention are as follows:

[0155] Based on the OpenFlow 1.3 protocol, the communication between the Floodlight SDN controller, OF switch, IDS device and IDS decision server equipped with DDoS threat filtering and communication quality assurance components is tested.

[0156] Test whether the IDS device can monitor abnormal attack traffic in the network in real time, and report to the IDS decision server through the SSL channel.

[0157] Test whether the IDS decision server can formulate a strategy to deal with the corresponding attack threat based on the information reported by the IDS device, and issue it through the northbound interface of the SDN controller.

[0158] Test whether the SDN controller can generate and deliv...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a DDoS filtering method based on an SDN network architecture. The method comprises: step S100, network initialization; step S200, distributed DDoS threat monitoring and / or SDN link status information collection; and step S300, threat processing and / or data issuing path determination. When a network is subjected to large-scale DDoS threat, the method can achieve route-optimized flow forwarding according to real-time status of a link, at the same time carry out DDoS threat identification and processing response quickly and accurately, and ensure the quality of network communication comprehensively.

Description

technical field [0001] The invention relates to the field of network security, in particular to a DDoS filtering method based on an SDN network architecture. Background technique [0002] At present, high-speed and widely connected networks have become an important infrastructure of modern society. However, with the expansion of the scale of the Internet, the defects of the traditional normative system are increasingly emerging. [0003] The latest report released by the National Computer Network Emergency Response Technology Coordination Center (CNCERT / CC) shows that hacker activities are becoming more and more frequent, and attacks such as website backdoors, phishing, and malicious web malware are on the rise. Among them, distributed denial of service attacks ( Distributed Denial of Service (DDoS) is still one of the most important threats to Internet security. The number, size, and type of DDoS attacks have increased dramatically over the past few years. [0004] How t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
Inventor 吴正明张家华
Owner 吴正明
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap