Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Active defense method based on path and IP address hopping in SDN network

An active defense and IP address technology, applied in data exchange networks, digital transmission systems, electrical components, etc., can solve problems such as exposure and poor defense capabilities, and achieve the effect of increasing difficulty and reducing usability

Inactive Publication Date: 2019-09-03
HUAZHONG UNIV OF SCI & TECH +1
View PDF6 Cites 26 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Aiming at the defects of the prior art, the purpose of the present invention is to solve the technical problem that the prior art SDN network mobile target defense method has poor defense capabilities due to data packet IP exposure and data packet transmission information being tracked

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Active defense method based on path and IP address hopping in SDN network
  • Active defense method based on path and IP address hopping in SDN network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0039] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0040] Such as figure 1 As shown, an active defense method based on path and IP address hopping in an SDN network, the method includes the following steps:

[0041] S1. The source host sends the data packet to the first switch;

[0042]S2. Look up the flow table of the switch, and judge whether the data packet successfully matches the flow table item, if so, forward it to the next-hop switch according to the matching flow table item, and enter step S5; otherwise, the switch passes the information of the data packet header through the Packet- The In message is sent to the controller and enters ste...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an active defense method based on path and address hopping in an SDN network, and belongs to the field of mobile target defense. The method comprises the following steps: S1, asource host sending a data packet to a first switch; S2, judging whether the data packet is successfully matched with the flow table item or not, if yes, forwarding the data packet to a next hop switch, and entering a step S5; otherwise, the switch sending the Packet-In message to the controller, and executing the step S3; S3, the controller selecting a data packet transmission path and a virtualIP at the same time; S4, the controller generating a flow table rule according to the selected transmission path and the virtual IP, and issuing a flow table and a reverse flow table to each switch;and S5, judging whether the switch is a final switch or not, if yes, sending the data packet to a target host, and otherwise, entering the step S2. By utilizing the separation characteristic of the SDN network data layer and the control layer and the idea of active operation change in the MTD, the IP and the transmission path of the data packet are changed on the premise of not influencing the normal communication of the network, and the difficulty of an attacker in acquiring information is increased, so that the active defense capability of the system is improved.

Description

technical field [0001] The invention belongs to the field of mobile target defense, and more specifically relates to an active defense method based on path and address hopping in an SDN (Software Defined Network, software-defined network) network. Background technique [0002] Moving target defense (Moving Target Defense, MTD) is to use the dynamic and unpredictable network environment to increase the attack difficulty of the attacker and avoid the risk of being attacked as much as possible. In traditional network defense technologies, network configurations are generally static. Attackers can scout the network at any time to plan attacks, while defenders must remain on alert to defend against attacks, creating an unequal attack and defense situation. Constructing an active and dynamic network environment can narrow the gap between attack and defense asymmetry, but it will lead to reduced system availability, thus limiting the capability of MTD. [0003] The emergence of SD...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/751H04L12/741H04L12/721H04L45/02H04L45/74
CPCH04L45/38H04L45/74H04L45/02
Inventor 徐鹏金海张芝袁斌
Owner HUAZHONG UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products