An attack detection method and system for sdn network

An attack detection and network technology, applied in the field of network security, which can solve problems such as being vulnerable to man-in-the-middle attacks and not forcing the establishment of TLS secure channels.

Active Publication Date: 2021-09-03
武汉思普崚技术有限公司
View PDF8 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] In the existing SDN network, it is not mandatory to establish a TLS security channel between the controller and the switch, and the default state is disabled, which makes the network vulnerable, and there may be clear text communication between the controller and the switch, which can be intercepted by any third party Or modify the content of communication between the two parties, which is vulnerable to man-in-the-middle attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • An attack detection method and system for sdn network
  • An attack detection method and system for sdn network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0044] The preferred embodiments of the present invention will be described in detail below with reference to the accompanying drawings to be more readily understood by those skilled in the art, so as will be more clearly defined by those skilled in the art.

[0045] figure 1 A flowchart of an attack detection method of an SDN network provided herein, the method includes:

[0046] Get network traffic data, according to network features, identify the type of network;

[0047] Use the OpenFlow protocol to collect traffic statistics, analyze the feature vectors in network traffic data, polymerize the transmission rate, packet transmission rate, data transmission rate, data packet mean, duration standard, data packet by the feature vector One or several types of standard deviation, one-way flow table ratio;

[0048] The transmission rate, data packet transmission rate, data transmission rate, data packet mean, duration standard, poor data packet standard, poor data packet standard, p...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention provides an attack detection method and system for an SDN network. A secure encryption channel is established between a controller and a switch, and a trusted organization CA is added to perform authentication signatures on the controller and the switch to realize bidirectional authentication between the controller and the switch. , and perform key negotiation between the controller and the switch to achieve targeted improvement of SDN network vulnerabilities; by aggregating the eigenvectors of network traffic data, several key parameters are obtained to better help the system detect attacks.

Description

Technical field [0001] The present application relates to network security technology, and in particular, there is an attack detection method and system for an SDN network. Background technique [0002] The TLS secure channel is not enforced between the controller and the switch in the existing SDN network, and the default state is non-open state, making the network fragile, and there may be a flat text between the controller and the switch, any third party can be intercepted Or modify the communication content of both parties, it is easy to be attacked by middleman. There is a lack of verification of the certificate and the switch, and an attacker is easy to intercept the controller to send a request to the switch, and the controller is configured to communicate with the switch to obtain all the content between the switch and the controller. [0003] At the same time, how to better detect cyber attacks in the SDN network system is also a hot spot. [0004] Therefore, it is urgen...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/045H04L63/06H04L63/0823H04L63/0853H04L63/0869H04L63/1416H04L63/1433
Inventor 段彬
Owner 武汉思普崚技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap