Method, apparatus, and system for cooperative defense on network

    公开(公告)号:US10298600B2

    公开(公告)日:2019-05-21

    申请号:US14985807

    申请日:2015-12-31

    Abstract: The present disclosure provides a method, an apparatus, and a system for cooperative defense on a network. Alarm information sent by a security device of a first subnet that is being attacked is received by a controller; the controller generates flow table information according to the alarm information, and forwards the flow table information to a switching device of the first subnet and a switching device of at least one second subnet, which is equivalent to that, after detecting an attack, a security device of a subnet generates alarm information, and shares, by using the controller, the alarm information with a switching device of the subnet and a switching device of another subnet that is not being attacked, to form networkwide cooperative defense, thereby enhancing network security.

    SDN network system, controller, and controlling method

    公开(公告)号:US11637755B2

    公开(公告)日:2023-04-25

    申请号:US17205357

    申请日:2021-03-18

    Abstract: A software defined network (SDN) system, controller, and controlling method, where the SDN system includes at least one Nth level controller and at least two (N+1)th level controllers belonging to the Nth level controller, where the (N+1)th level controller is configured to receive a first message sent by a node belonging to the (N+1)th level controller, and when the first message is a cross-domain message according to status information of each node that is managed by the (N+1)th level controller, forward the first message to the Nth level controller to which the (N+1)th level controller belongs, and the Nth level controller receives the first message, and perform decision processing according to status information of the (N+1)th level controller that is managed by and belongs to the Nth level controller and status information of boundary nodes of the (N+1)th level controller belonging to the Nth level controller.

    Conflict detection and resolution methods and apparatuses

    公开(公告)号:US10917437B2

    公开(公告)日:2021-02-09

    申请号:US16015208

    申请日:2018-06-22

    Abstract: Conflict detection and resolution methods and apparatuses relate to the field of communications technologies. The conflict detection method includes: acquiring, by a controller, a flow path of a data flow on a network, where the flow path is used to indicate a path along which the data flow reaches an address in a destination address range from an address in a source address range through at least two intermediate nodes on the network, a first flow table rule is added to or deleted from flow tables of the at least two intermediate nodes, and the first flow table rule is any flow table rule; and determining, by the controller, whether a conflict exists according to an address range of the flow path and an address range of a security policy.

    SDN Network System, Controller, and Controlling Method

    公开(公告)号:US20200059412A1

    公开(公告)日:2020-02-20

    申请号:US16665773

    申请日:2019-10-28

    Abstract: A software defined network (SDN) system, controller, and controlling method, where the SDN system includes at least one Nth level controller and at least two (N+1)th level controllers belonging to the Nth level controller, where the (N+1)th level controller is configured to receive a first message sent by a node belonging to the (N+1)th level controller, and when the first message is a cross-domain message according to status information of each node that is managed by the (N+1)th level controller, forward the first message to the Nth level controller to which the (N+1)th level controller belongs, and the Nth level controller receives the first message, and perform decision processing according to status information of the (N+1)th level controller that is managed by and belongs to the Nth level controller and status information of boundary nodes of the (N+1)th level controller belonging to the Nth level controller.

    Method and apparatus for improving network security

    公开(公告)号:US10476897B2

    公开(公告)日:2019-11-12

    申请号:US15641841

    申请日:2017-07-05

    Abstract: A method and an apparatus for improving network security. The method includes obtaining, by a control node, alarm information, where the alarm information includes address information of an attack source that attacks a subnet of at least two subnets and identification information of the attacked subnet of the at least two subnets, using, by the control node, the alarm information to sort the attack sources in descending order of threat levels, and using a sorting result as a blacklist, and sending, by the control node, the obtained blacklist to at least one subnet that is not attacked yet in the network system. The method and apparatus are applicable to collaborative defense among multiple subnets.

    Data stream security processing method and apparatus
    6.
    发明授权
    Data stream security processing method and apparatus 有权
    数据流安全处理方法和装置

    公开(公告)号:US09401928B2

    公开(公告)日:2016-07-26

    申请号:US14564963

    申请日:2014-12-09

    Abstract: Embodiments of the present invention provide a data stream security processing method and apparatus. In the embodiments of the present invention, security levels of data streams are determined according to different feature information of the data streams, and forwarding paths corresponding to the data streams are determined according to the security levels, where a forwarding path may go through a security device to implement a corresponding security function of the forwarding path, thereby improving data stream forwarding security and lightening load of a central controller.

    Abstract translation: 本发明的实施例提供了一种数据流安全处理方法和装置。 在本发明的实施例中,根据数据流的不同特征信息来确定数据流的安全级别,并且根据安全级别来确定与数据流相对应的转发路径,其中转发路径可以经过安全性 实现转发路径的相应安全功能,从而提高中央控制器的数据流转发安全性和减轻负载。

    SDN Network System, Controller, and Controlling Method

    公开(公告)号:US20210211359A1

    公开(公告)日:2021-07-08

    申请号:US17205357

    申请日:2021-03-18

    Abstract: A software defined network (SDN) system, controller, and controlling method, where the SDN system includes at least one Nth level controller and at least two (N+1)th level controllers belonging to the Nth level controller, where the (N+1)th level controller is configured to receive a first message sent by a node belonging to the (N+1)th level controller, and when the first message is a cross-domain message according to status information of each node that is managed by the (N+1)th level controller, forward the first message to the Nth level controller to which the (N+1)th level controller belongs, and the Nth level controller receives the first message, and perform decision processing according to status information of the (N+1)th level controller that is managed by and belongs to the Nth level controller and status information of boundary nodes of the (N+1)th level controller belonging to the Nth level controller.

    FLOW TABLE PROCESSING METHOD AND APPARATUS
    8.
    发明申请

    公开(公告)号:US20180167325A1

    公开(公告)日:2018-06-14

    申请号:US15892417

    申请日:2018-02-09

    Abstract: The present disclosure relates to the communications field, and specifically, to a flow table processing method and an apparatus. The method includes: monitoring, by a switch, a flow table load of the switch; when the flow table load of the switch exceeds a preset threshold, determining, by the switch, a diffusion target of a target data flow according to a matching rule of a diffusive flow table; and when the determined diffusion target is a neighboring switch of the switch, forwarding, by the switch, the target data flow to the neighboring switch. When the flow table load of the switch exceeds the preset threshold, the switch may have been attacked. A data flow that fails to be matched to a flow entry is forwarded to the neighboring switch according to a diffusion probability, for processing by the neighboring switch.

    METHOD FOR CONTROLLING PERMISSION OF APPLICATION PROGRAM AND CONTROLLER

    公开(公告)号:US20170359350A1

    公开(公告)日:2017-12-14

    申请号:US15667635

    申请日:2017-08-03

    Abstract: The application relates to controlling access in a software-defined network (SDN). A controller in the SDN receives an access request from an application program. The controller determines whether an operation on a resource as specified in the access request belongs to a permission list corresponding to the application program. The permission list includes a list of permitted operations on the resource by the application program. When the operation as specified in the access request belongs to the permission list, the controller sends a reply message allowing access by the application program. In this way, accesses by the application program are restricted according to the permission list, and malicious attacks from the application program can be prevented to ensure network security.

Patent Agency Ranking