-
公开(公告)号:US20170302690A1
公开(公告)日:2017-10-19
申请号:US15641841
申请日:2017-07-05
Applicant: Huawei Technologies Co., Ltd.
Inventor: Xiaoxin Wu , Jinming Li
Abstract: A method and an apparatus for improving network security. The method includes obtaining, by a control node, alarm information, where the alarm information includes address information of an attack source that attacks a subnet of at least two subnets and identification information of the attacked subnet of the at least two subnets, using, by the control node, the alarm information to sort the attack sources in descending order of threat levels, and using a sorting result as a blacklist, and sending, by the control node, the obtained blacklist to at least one subnet that is not attacked yet in the network system. The method and apparatus are applicable to collaborative defense among multiple subnets.
-
公开(公告)号:US09762594B2
公开(公告)日:2017-09-12
申请号:US14583367
申请日:2014-12-26
Applicant: Huawei Technologies Co., Ltd.
Inventor: Xiaoxin Wu , Jinming Li
CPC classification number: H04L63/1416 , G06F21/554 , H04L63/101 , H04L2463/146
Abstract: A method and an apparatus for improving network security are provided. The method includes obtaining, by a control node, alarm information, where the alarm information includes address information of an attack source that attacks a subnet of at least two subnets and identification information of the attacked subnet of the at least two subnets, using, by the control node, the alarm information to sort the attack sources in descending order of threat levels, and using a sorting result as a blacklist, and sending, by the control node, the obtained blacklist to at least one subnet that is not attacked yet in the network system. The method and apparatus are applicable to collaborative defense among multiple subnets.
-
公开(公告)号:US10972357B2
公开(公告)日:2021-04-06
申请号:US16665773
申请日:2019-10-28
Applicant: Huawei Technologies Co., Ltd.
Inventor: Donghui Wang , Jinming Li
Abstract: A software defined network (SDN) system, controller, and controlling method, where the SDN system includes at least one Nth level controller and at least two (N+1)th level controllers belonging to the Nth level controller, where the (N+1)th level controller is configured to receive a first message sent by a node belonging to the (N+1)th level controller, and when the first message is a cross-domain message according to status information of each node that is managed by the (N+1)th level controller, forward the first message to the Nth level controller to which the (N+1)th level controller belongs, and the Nth level controller receives the first message, and perform decision processing according to status information of the (N+1)th level controller that is managed by and belongs to the Nth level controller and status information of boundary nodes of the (N+1)th level controller belonging to the Nth level controller.
-
公开(公告)号:US10536321B2
公开(公告)日:2020-01-14
申请号:US15674969
申请日:2017-08-11
Applicant: Huawei Technologies Co., Ltd.
Inventor: Jinming Li , Chengchen Hu , Huanzhao Wang
Abstract: The present disclosure discloses a message attack defense method and apparatus. The method includes: receiving, by a controller, a report message sent by at least one switch; respectively storing, by the controller in a switch queue corresponding to each switch, the received report message that is sent by each switch; and performing, by the controller, round-robin scheduling on the switch queue corresponding to each switch.
-
Patent Agency Ranking
公开(公告)号:US10044759B2
公开(公告)日:2018-08-07
申请号:US14982363
申请日:2015-12-29
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Inventor: Jinming Li , Donghui Wang
IPC: H04L29/00 , H04L29/06 , H04L12/751
CPC classification number: H04L63/20 , H04L45/02 , H04L63/02 , H04L63/0236 , H04L63/0263
Abstract: Conflict detection and resolution methods and apparatuses relate to the field of communications technologies. The conflict detection method includes: acquiring, by a controller, a flow path of a data flow on a network, where the flow path is used to indicate a path along which the data flow reaches an address in a destination address range from an address in a source address range through at least two intermediate nodes on the network, a first flow table rule is added to or deleted from flow tables of the at least two intermediate nodes, and the first flow table rule is any flow table rule; and determining, by the controller, whether a conflict exists according to an address range of the flow path and an address range of a security policy.
-
公开(公告)号:US20170048113A1
公开(公告)日:2017-02-16
申请号:US15338712
申请日:2016-10-31
Applicant: Huawei Technologies Co., Ltd.
Inventor: Donghui Wang , Jinming Li
CPC classification number: H04L41/12 , H04L12/4641 , H04L41/044
Abstract: A software defined network (SDN) system, controller, and controlling method, where the SDN system includes at least one Nth level controller and at least two (N+1)th level controllers belonging to the Nth level controller, where the (N+1)th level controller is configured to receive a first message sent by a node belonging to the (N+1)th level controller, and when the first message is a cross-domain message according to status information of each node that is managed by the (N+1)th level controller, forward the first message to the Nth level controller to which the (N+1)th level controller belongs, and the Nth level controller receives the first message, and perform decision processing according to status information of the (N+1)th level controller that is managed by and belongs to the Nth level controller and status information of boundary nodes of the (N+1)th level controller belonging to the Nth level controller.
Abstract translation: 一种软件定义网络(SDN)系统,控制器和控制方法,其中SDN系统包括至少一个第N级控制器和属于第N级控制器的至少两个(N + 1)级控制器,其中(N + 1)级控制器被配置为接收属于第(N + 1)级控制器的节点发送的第一消息,并且当第一消息是根据每个节点的状态信息是跨域消息时 第(N + 1)级控制器将第一消息转发到第(N + 1)级控制器所属的第N级控制器,第N级控制器接收第一消息,并根据状态信息执行判定处理 由第N级控制器管理并属于第N级控制器的第(N + 1)级控制器的状态信息和属于第N级控制器的第(N + 1)级控制器的边界节点的状态信息。
-
公开(公告)号:US10785226B2
公开(公告)日:2020-09-22
申请号:US15667635
申请日:2017-08-03
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Inventor: Jinming Li , Yan Chen , Chengchen Hu
Abstract: The application relates to controlling access in a software-defined network (SDN). A controller in the SDN receives an access request from an application program. The controller determines whether an operation on a resource as specified in the access request belongs to a permission list corresponding to the application program. The permission list includes a list of permitted operations on the resource by the application program. When the operation as specified in the access request belongs to the permission list, the controller sends a reply message allowing access by the application program. In this way, accesses by the application program are restricted according to the permission list, and malicious attacks from the application program can be prevented to ensure network security.
-
公开(公告)号:US10728154B2
公开(公告)日:2020-07-28
申请号:US15892417
申请日:2018-02-09
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Inventor: Jinming Li , Chengchen Hu , Peng Zhang
IPC: H04L12/803 , H04L12/721 , H04L12/26 , H04L12/751 , H04L12/715 , H04L12/759 , H04L12/743
Abstract: The present disclosure relates to the communications field, and specifically, to a flow table processing method and an apparatus. The method includes: monitoring, by a switch, a flow table load of the switch; when the flow table load of the switch exceeds a preset threshold, determining, by the switch, a diffusion target of a target data flow according to a matching rule of a diffusive flow table; and when the determined diffusion target is a neighboring switch of the switch, forwarding, by the switch, the target data flow to the neighboring switch. When the flow table load of the switch exceeds the preset threshold, the switch may have been attacked. A data flow that fails to be matched to a flow entry is forwarded to the neighboring switch according to a diffusion probability, for processing by the neighboring switch.
-
公开(公告)号:US20150188937A1
公开(公告)日:2015-07-02
申请号:US14583367
申请日:2014-12-26
Applicant: Huawei Technologies Co., Ltd.
Inventor: Xiaoxin Wu , Jinming Li
IPC: H04L29/06
CPC classification number: H04L63/1416 , G06F21/554 , H04L63/101 , H04L2463/146
Abstract: A method and an apparatus for improving network security are provided. The method includes obtaining, by a control node, alarm information, where the alarm information includes address information of an attack source that attacks a subnet of at least two subnets and identification information of the attacked subnet of the at least two subnets, using, by the control node, the alarm information to sort the attack sources in descending order of threat levels, and using a sorting result as a blacklist, and sending, by the control node, the obtained blacklist to at least one subnet that is not attacked yet in the network system. The method and apparatus are applicable to collaborative defense among multiple subnets.
Abstract translation: 提供了一种用于提高网络安全性的方法和装置。 该方法包括:通过控制节点获取报警信息,其中报警信息包括攻击至少两个子网的子网的攻击源的地址信息和至少两个子网的被攻击子网的标识信息,使用 控制节点,以威胁级别降序对攻击源进行排序的报警信息,并使用排序结果作为黑名单,并由控制节点将获得的黑名单发送到至少一个未被攻击的子网 网络系统。 该方法和装置适用于多个子网之间的协同防御。
-
-
-
-
-
-
-
-
Search Results
19
records
(took 0.019 seconds)
