Multi-attribute self-adjusting network transformation system and method based on SDN

A network transformation and self-adjustment technology, applied in the field of network security, can solve the problems of poor hopping timeliness, reduced hopping unpredictability, and poor hopping defense effectiveness, so as to maximize defense benefits, ensure timeliness and pertinence Effect

Pending Publication Date: 2022-01-14
佳缘科技股份有限公司
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] 2) Due to the limited jumping space and fixed jumping period, the effectiveness of jumping defense is poor: the limitation of the optional attack surface dimension and value range in network jumping leads to

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Multi-attribute self-adjusting network transformation system and method based on SDN
  • Multi-attribute self-adjusting network transformation system and method based on SDN
  • Multi-attribute self-adjusting network transformation system and method based on SDN

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] In order to enable those skilled in the art to better understand the technical solutions of the present invention, the present invention will be further described in detail below in conjunction with specific embodiments.

[0029] Such as figure 1 , figure 2 As shown, the present invention provides a multi-attribute self-regulating network conversion system based on SDN, specifically including: deployed in SDN (Software Defined Network):

[0030] The detection agent is used to collect request data packets, calculate and count distribution probabilities of source IP addresses and destination IP addresses of request packets.

[0031] The controller includes a detection and analysis module, a conversion strategy generation module and a cache space maintenance module; the detection and analysis module is used to compare the similarity of the distribution of source IP addresses and destination IP addresses in adjacent time intervals, and determine scanning attack targets an...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a multi-attribute self-adjusting network transformation system and method based on an SDN. The method comprises the following steps: collecting a request data message, and carrying out calculation and statistics on distribution probabilities of a source IP address and a destination IP address of the request message; comparing similarity of distribution of the source IP address and the destination IP address in adjacent time intervals, and determining a scanning attack target and scanning strategies; generating different IP address conversion strategies according to different scanning strategies; and executing the IP address conversion strategies to complete active migration of the IP address and a port number. According to the invention, a jump strategy is triggered based on threat perception, so that the pertinence of network jump strategy selection is improved; and moderate protection of end nodes is realized by adaptively adjusting jump end information and a jump period.

Description

technical field [0001] The invention belongs to the field of network security, and in particular relates to an SDN-based network conversion system and method. Background technique [0002] As attacks become more intelligent and automated, attackers spend 95% of their time collecting target network information and planning attack methods. Therefore, as the forerunner technology and the initial stage of various attack methods, network scanning plays an irreplaceable role in the effective implementation of network attacks. Network scanning is a detection method to obtain node information in the target network by sending detection messages to nodes within a selected range. Scanning content includes Internet Protocol (IP) address scanning and port scanning. 1) IP address scanning: The attacker detects the reachability and IP address of the end node on an unknown network by sending an ICMP response request message. 2) Port scanning: When the attacker locks the IP address of the...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L61/2503H04L61/2557H04L61/255H04L9/40
CPCH04L61/2503H04L61/2557H04L61/255H04L63/1416H04L63/1425
Inventor 朱伟华王明阳
Owner 佳缘科技股份有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products