CN112448929A - Dynamic side protection method and platform for communication network - Google Patents
Dynamic side protection method and platform for communication network Download PDFInfo
- Publication number
- CN112448929A CN112448929A CN201910822239.XA CN201910822239A CN112448929A CN 112448929 A CN112448929 A CN 112448929A CN 201910822239 A CN201910822239 A CN 201910822239A CN 112448929 A CN112448929 A CN 112448929A
- Authority
- CN
- China
- Prior art keywords
- host
- attack
- controller
- request
- data request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 title claims abstract description 37
- 238000000034 method Methods 0.000 title claims abstract description 27
- 238000001514 detection method Methods 0.000 claims abstract description 29
- 238000012545 processing Methods 0.000 claims description 8
- 230000008569 process Effects 0.000 claims description 5
- 238000010586 diagram Methods 0.000 description 12
- 238000004590 computer program Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 6
- 238000002955 isolation Methods 0.000 description 4
- 238000012546 transfer Methods 0.000 description 4
- 238000011161 development Methods 0.000 description 3
- 230000003993 interaction Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A method and platform for protecting a dynamic party of a communication network comprise the following steps: the switch forwards the received data request sent by the external host to the controller; the controller forwards the data request to an internal host; the internal host computer carries out attack detection on the data request, generates an attack report if the data request is the attack request and sends the attack report to the controller; and the controller formulates a protection strategy for the internal host according to the attack report. According to the scheme, the internal host can make an attack report in real time according to the data request sent by the external host, so that a protection strategy can be made in real time, and the protection flexibility of the power communication network is improved. The switch sends the data request and the attack report to the controller instead of judging and forwarding autonomously, so that the safety of protection of the power communication network is improved.
Description
Technical Field
The invention relates to the field of software defined networks, in particular to a dynamic party protection method and a dynamic party protection platform for a communication network.
Background
With the continuous promotion and development of the power communication network, the traditional power communication network cannot meet the requirement of full coverage of the communication network, and the flexibility and the safety of the existing power communication network cannot meet the requirement of 'simplified structure, ubiquitous safety and centralized control' required by the further development of the power communication network. With the rapid development of smart power grids, the dependence degree of a power system on an information system also shows a trend of increasing. The power system is even about to evolve into a physical system of power information. The transmission of massive information data will have an impact on the performance of the power communication network. In this situation, it is critical and necessary to protect the power communication network.
Disclosure of Invention
The invention provides a communication network dynamic party protection method and a platform, aiming at solving the problem that the power communication network faces attack threats in the prior art.
The technical scheme provided by the invention is as follows:
a method for dynamic side protection of a communication network comprises the following steps:
the switch forwards the received data request sent by the external host to the controller;
the controller forwards the data request to an internal host;
the internal host computer carries out attack detection on the data request, generates an attack report if the data request is the attack request and sends the attack report to the controller;
and the controller formulates a protection strategy for the internal host according to the attack report.
Preferably, the forwarding, by the switch, the received data request sent by the external host to the controller includes:
and according to the data request, a request forwarding flow table is formulated through a switch, and the request forwarding flow table is sent to the controller.
Preferably, the controller forwards the data request to the internal host, including:
according to the received request and a preset issued flow table, the exchanger forwards the data request to the target host;
the internal host comprises a destination host, and the internal host address in the received request is the destination host address.
Preferably, the performing attack detection on the data request by the internal host includes:
the internal host detects the data request, if the target host corresponding to the request is a data packet which is sent for the first time, the internal host forwards the data request through the switch and requests a forwarding flow table to the controller, the address in the issuing flow table is set as the address of the target host in the data packet, and the data packet is sent to the target host based on the issuing flow table;
otherwise, detecting whether the request is a network attack according to a set rule, if so, formulating an attack report and sending the attack report to a controller; otherwise, based on the issued flow table, the data packet is sent to the target host.
Preferably, the controller makes a protection policy for the internal host according to the attack report, including:
based on the attack report, the controller modifies the destination address in the issued flow table into a standby host address;
based on the modified flow table, the switch forwards the attack request to the standby host;
the standby host computer performs ignoring processing;
the internal host further includes a standby host.
Preferably, the standby host performs an ignoring process, including:
and the standby host receives the attack request, judges whether an attack address in the attack request is consistent with the address of the current standby host or not, and ignores the attack request if the attack address in the attack request is inconsistent with the address of the current standby host.
Preferably, the controller makes a protection policy for the internal host according to the attack report, further comprising:
based on the attack report, the controller modifies the destination address in the issued flow table into the address of the switch;
and the switch ignores the received attack request.
Preferably, the controller makes a protection policy for the internal host according to the attack report, and before the making, the method further includes:
and adding or deleting nodes in the communication network topology through the controller, and setting an internal host.
A communication network dynamic protection platform, the platform comprising: the system comprises a forwarding module, an attack detection module and a dynamic protection module;
the attack detection module is arranged on the internal host and used for judging whether the received data request of the external host is an attack request or not; the data request is used for sending a data request to a controller, and the data request is used for sending a data request to the controller;
the forwarding module is arranged on the switch and used for forwarding the data request of the external host to the internal host; the system is also used for sending an attack report formulated by the internal host to the controller;
the dynamic protection module is arranged on the controller and used for making a protection strategy for the internal host making the attack report according to the attack report;
the switch, the internal host and the controller are in communication connection.
Preferably, the internal host includes: a destination host and a standby host;
the target host and the standby host are connected with the switch and are provided with the attack detection module.
Preferably, the attack detection module includes: a judgment submodule and a forwarding submodule;
the judgment submodule is used for circularly receiving the data request sent by the external host and carrying out attack detection, and if the data request is an attack request of the external host to the current host, an attack report is formulated; otherwise, performing ignoring processing on the data request;
and the forwarding submodule is used for forwarding the attack report to the controller.
Preferably, a topology management module is further installed on the controller;
for viewing information of nodes in a communication network topology and adding and deleting said nodes.
Compared with the prior art, the invention has the beneficial effects that:
the invention provides a dynamic protection platform of a communication network, which comprises: the switch forwards the received data request sent by the external host to the controller; the controller forwards the data request to an internal host; the internal host computer carries out attack detection on the data request, generates an attack report if the data request is the attack request and sends the attack report to the controller; and the controller formulates a protection strategy for the internal host according to the attack report. According to the scheme, the internal host can make an attack report in real time according to the data request sent by the external host, so that a protection strategy can be made in real time, and the protection flexibility of the power communication network is improved. The switch sends the data request and the attack report to the controller instead of judging and forwarding autonomously, so that the safety of protection of the power communication network is improved.
Drawings
FIG. 1 is a flow chart of a method for dynamic protection of a communication network according to the present invention;
FIG. 2 is a schematic diagram of a dynamic protection platform of a communication network according to the present invention;
FIG. 3 is a block diagram of a module exchange for a transfer attack in an embodiment of the present invention;
FIG. 4 is a block diagram of a module swap for offline isolation in an embodiment of the present invention;
FIG. 5 is a flow chart of the present invention.
Detailed Description
For a better understanding of the present invention, reference is made to the following description taken in conjunction with the accompanying drawings and examples.
Example 1:
the embodiment provides a method for dynamic party protection in a communication network, and a flow chart of the method is shown in fig. 1.
S1: the switch forwards the received data request sent by the external host to the controller.
The method comprises the steps that when a data packet is forwarded by a switch for the first time, a controller is requested to issue a flow table, whether the flow table is modified by the controller or not is judged when the data packet is subsequently forwarded, if the flow table is modified, the data packet is normally forwarded, when a host is attacked, the data packet carrying attack information is forwarded to a target host after the switch, the target host detects the data packet and reports the attack detection to the controller after the attack information is found, the controller modifies the flow table of the switch after receiving warning, the attack is transferred or the target host is isolated, and when the subsequent data packet carrying the attack information arrives, the flow table of the switch is modified or the target host is offline, so that the function of protecting.
S2: the controller forwards the data request to an internal host.
S3: and the internal host computer carries out attack detection on the data request, generates an attack report if the data request is the attack request, and sends the attack report to the controller.
A flow chart based on SDN determination is shown in fig. 5, each module interaction in a protection process of transferring an attack is shown in fig. 3, an attacking host sends request data carrying a network attack to a forwarding module, the forwarding module requests a controller to forward a flow table, the controller issues the flow table, the data is forwarded to a destination host, an attack detection module of the destination host reports the network attack to a dynamic protection module after detecting the network attack, the dynamic protection module modifies the flow table to isolate a victim host, and the later network attack is transferred to a standby host and is ignored.
S4: and the controller formulates a protection strategy for the internal host according to the attack report.
The protection of the transfer attack mode comprises the following specific steps:
step 1: the attack host sends an attack data packet for the first time, the attack data packet is forwarded by the switch forwarding module, the forwarding module forwards the destination address for the first time and needs to request the controller to forward the flow table, after the flow table is issued by the controller, the data packet can be directly transmitted by the forwarding module, and then the data packet is sent to the destination host.
Step 2: the attack host circularly sends an attack data packet to the attacked host, an attack detection module of the target host runs in real time, the address of the attack data is judged by a judgment sub-module in the attack detection module to be consistent with the address of the current host, if the address is consistent, the request is a network attack and is reported to a dynamic protection module of the controller, the dynamic protection module modifies a flow table of a forwarding module of the switch, modifies the target address in the flow table into the address of the standby host, and transfers the network attack to the standby host; the judgment submodule in the attack detection module of the standby host analyzes that the destination address of the data packet is not the local computer and ignores the data packet, thereby realizing the protection of transfer attack.
The interaction of each module in the protection process of offline isolation is shown in fig. 3, an attacking host sends request data carrying network attack to a forwarding module, the forwarding module requests the controller to forward a flow table, the controller issues the flow table, then the data is forwarded to a target host, then an attack detection module of the target host reports the network attack to a dynamic protection module after detecting the network attack, the dynamic protection module modifies the flow table to isolate the victim host, and the network attack after modifying the flow table cannot be forwarded to the target host and is ignored.
The protection in the offline isolation mode comprises the following specific steps:
step 1: the attack host sends an attack data packet for the first time, the attack data packet is forwarded by the switch forwarding module, the forwarding module forwards the destination address for the first time and needs to request the controller to forward the flow table, after the flow table is issued by the controller, the data packet can be directly transmitted by the forwarding module, and then the data packet is sent to the destination host.
Step 2: the attack host circularly sends attack data packets to the attacked host, an attack detection module of the target host runs in real time, the address of the attack data and the address of the current host are judged by a judgment sub-module in the attack detection module, if the addresses are consistent, the request is a network attack and reports the network attack to a dynamic protection module of the controller, the dynamic protection module modifies a flow table of a forwarding module of the switch, the target address in the flow table is modified into the address of the switch, the data packets forwarded to the target host are not forwarded, and therefore the data packets subsequently received by the switch are ignored, and protection of offline isolation is achieved.
Example 2:
the embodiment provides a communication network dynamic protection platform, and a schematic structural diagram of the platform is shown in fig. 2.
The platform mainly comprises a switch, an internal host and a controller, and the three are in communication connection.
The switch is provided with a forwarding module, and the controller is provided with a dynamic protection module and a topology management module.
The internal host computer, including the purpose host computer and the standby host computer, is provided with an attack detection module.
The whole platform runs in each node of the power communication network, wherein the controller runs the topology management module and the dynamic protection module, is responsible for managing each node and link in the power communication network topology and dynamically protects the attacked node; the switch operation forwarding module is responsible for forwarding a data packet and a command packet in the power communication network; each host runs an attack detection module, and when being attacked, the attack detection module can detect attack information in time and report the attack information to the controller for protection; the standby host is used for replacing the host which is attacked and is not in time to maintain, and the robustness of the power communication network is guaranteed.
The topology management module in the controller mainly manages the topology structure in the network, and can check information, add nodes and delete nodes for nodes in the network; the dynamic protection module mainly adopts different strategies to protect against network attacks received in a network, can receive attack reports of a damaged host, and is mainly used for carrying out configuration modification on the forwarding module.
The forwarding module of the switch mainly forwards the data packet in the network, and forwards the datagram according to the flow table information in the module.
The attack detection module of the network host computer is in a real-time running state in the host computer, and the main function is to judge whether a large number of network requests received by the host computer are network attacks or not, and if the network requests are network attacks, a notification method of the dynamic protection module is called to inform the network attacks.
It is to be understood that the embodiments described are only a few embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The present invention is not limited to the above embodiments, and any modifications, equivalent replacements, improvements, etc. made within the spirit and principle of the present invention are included in the scope of the claims of the present invention which are filed as the application.
Claims (12)
1. A method for dynamic side protection in a communication network, comprising:
the switch forwards the received data request sent by the external host to the controller;
the controller forwards the data request to an internal host;
the internal host computer carries out attack detection on the data request, generates an attack report if the data request is the attack request and sends the attack report to the controller;
and the controller formulates a protection strategy for the internal host according to the attack report.
2. The method of claim 1, wherein the switch forwards the received data request sent by the external host to the controller, comprising:
and according to the data request, a request forwarding flow table is formulated through a switch, and the request forwarding flow table is sent to the controller.
3. The method of claim 2, wherein the controller forwarding the data request to an internal host comprises:
according to the received request and a preset issued flow table, the exchanger forwards the data request to the target host;
the internal host comprises a destination host, and the internal host address in the received request is the destination host address.
4. The method of claim 3, wherein the internal host performing attack detection on the data request comprises:
the internal host detects the data request, if the target host corresponding to the request is a data packet which is sent for the first time, the internal host forwards the data request through the switch and requests a forwarding flow table to the controller, the address in the issuing flow table is set as the address of the target host in the data packet, and the data packet is sent to the target host based on the issuing flow table;
otherwise, detecting whether the request is a network attack according to a set rule, if so, formulating an attack report and sending the attack report to a controller; otherwise, based on the issued flow table, the data packet is sent to the target host.
5. The method of claim 4, wherein the controller formulates a protection policy for the internal host based on the attack report, comprising:
based on the attack report, the controller modifies the destination address in the issued flow table into a standby host address;
based on the modified flow table, the switch forwards the attack request to the standby host;
the standby host computer performs ignoring processing;
the internal host further includes a standby host.
6. The method of claim 5, wherein the standby host performs an ignore process comprising:
and the standby host receives the attack request, judges whether an attack address in the attack request is consistent with the address of the current standby host or not, and ignores the attack request if the attack address in the attack request is inconsistent with the address of the current standby host.
7. The method of claim 4, wherein the controller formulates a protection policy for the internal host based on the attack report, further comprising:
based on the attack report, the controller modifies the destination address in the issued flow table into the address of the switch;
and the switch ignores the received attack request.
8. The method of claim 2, wherein the controller formulates a protection policy for the internal host based on the attack report, further comprising:
and adding or deleting nodes in the communication network topology through the controller, and setting an internal host.
9. A platform for dynamic protection of communication networks, the platform comprising: the system comprises a forwarding module, an attack detection module and a dynamic protection module;
the attack detection module is arranged on the internal host and used for judging whether the received data request of the external host is an attack request or not; the data request is used for sending a data request to a controller, and the data request is used for sending a data request to the controller;
the forwarding module is arranged on the switch and used for forwarding the data request of the external host to the internal host; the system is also used for sending an attack report formulated by the internal host to the controller;
the dynamic protection module is arranged on the controller and used for making a protection strategy for the internal host making the attack report according to the attack report;
the switch, the internal host and the controller are in communication connection.
10. The platform of claim 9, wherein the internal host comprises: a destination host and a standby host;
the target host and the standby host are connected with the switch and are provided with the attack detection module.
11. The platform of claim 10, wherein the attack detection module comprises: a judgment submodule and a forwarding submodule;
the judgment submodule is used for circularly receiving the data request sent by the external host and carrying out attack detection, and if the data request is an attack request of the external host to the current host, an attack report is formulated; otherwise, performing ignoring processing on the data request;
and the forwarding submodule is used for forwarding the attack report to the controller.
12. The platform of claim 9, wherein a topology management module is further installed on the controller;
for viewing information of nodes in a communication network topology and adding and deleting said nodes.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910822239.XA CN112448929A (en) | 2019-09-02 | 2019-09-02 | Dynamic side protection method and platform for communication network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910822239.XA CN112448929A (en) | 2019-09-02 | 2019-09-02 | Dynamic side protection method and platform for communication network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112448929A true CN112448929A (en) | 2021-03-05 |
Family
ID=74735109
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910822239.XA Pending CN112448929A (en) | 2019-09-02 | 2019-09-02 | Dynamic side protection method and platform for communication network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112448929A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113660252A (en) * | 2021-08-12 | 2021-11-16 | 江苏亨通工控安全研究院有限公司 | Active defense system and method |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103051605A (en) * | 2012-11-21 | 2013-04-17 | 国家计算机网络与信息安全管理中心 | Data packet processing method, device and system |
| CN104601557A (en) * | 2014-12-29 | 2015-05-06 | 广东顺德中山大学卡内基梅隆大学国际联合研究院 | Method and system for defending malicious websites based on software-defined network |
| WO2017143897A1 (en) * | 2016-02-26 | 2017-08-31 | 华为技术有限公司 | Method, device, and system for handling attacks |
| CN108429731A (en) * | 2018-01-22 | 2018-08-21 | 新华三技术有限公司 | Anti-attack method, device and electronic equipment |
| CN108810001A (en) * | 2018-06-20 | 2018-11-13 | 郑州云海信息技术有限公司 | A kind of security service control system and method based on SDN |
| CN108848087A (en) * | 2018-06-06 | 2018-11-20 | 浙江农林大学暨阳学院 | DAD process malice NA message suppressing method suitable for SEND agreement |
-
2019
- 2019-09-02 CN CN201910822239.XA patent/CN112448929A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103051605A (en) * | 2012-11-21 | 2013-04-17 | 国家计算机网络与信息安全管理中心 | Data packet processing method, device and system |
| CN104601557A (en) * | 2014-12-29 | 2015-05-06 | 广东顺德中山大学卡内基梅隆大学国际联合研究院 | Method and system for defending malicious websites based on software-defined network |
| WO2017143897A1 (en) * | 2016-02-26 | 2017-08-31 | 华为技术有限公司 | Method, device, and system for handling attacks |
| CN108429731A (en) * | 2018-01-22 | 2018-08-21 | 新华三技术有限公司 | Anti-attack method, device and electronic equipment |
| CN108848087A (en) * | 2018-06-06 | 2018-11-20 | 浙江农林大学暨阳学院 | DAD process malice NA message suppressing method suitable for SEND agreement |
| CN108810001A (en) * | 2018-06-20 | 2018-11-13 | 郑州云海信息技术有限公司 | A kind of security service control system and method based on SDN |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113660252A (en) * | 2021-08-12 | 2021-11-16 | 江苏亨通工控安全研究院有限公司 | Active defense system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103051557B (en) | Data flow processing method and system, controller, switching equipment | |
| JP4974964B2 (en) | Intelligent failover in a load-balanced network environment | |
| US10764119B2 (en) | Link handover method for service in storage system, and storage device | |
| TWI410084B (en) | Intelligent failover in a load-balanced networking environment | |
| CN104660565A (en) | Hostile attack detection method and device | |
| CN102904818A (en) | Method and device for updating ARP (Address Resolution Protocol) information table | |
| CN105634956A (en) | Message forwarding method, device and system | |
| CN104506513A (en) | Firewall flow graph backup method, firewall and firewall system | |
| CN103891206A (en) | Method and device for synchronizing network data flow detection status | |
| CN110351388B (en) | Application method based on Internet of things architecture system | |
| CN103746920A (en) | Method for realizing data transmission based on gatekeeper | |
| CN103973476A (en) | Gateway, and gateway hot backup system and method | |
| CN105790825A (en) | Method and apparatus for carrying out hot backup on controllers in distributed protection | |
| CN104506548A (en) | Data packet redirecting device as well as safety protection method and system for virtual machine | |
| CN112448929A (en) | Dynamic side protection method and platform for communication network | |
| CN101202756B (en) | Method and apparatus of message processing | |
| CN113507431B (en) | Message management method, device, equipment and machine-readable storage medium | |
| CN100544304C (en) | The method and the device that enhance security features are provided in the PDU switched environment | |
| RU2693903C1 (en) | Method, apparatus and processing system for expanded port | |
| CN111695115A (en) | Industrial control system network attack tracing method based on communication delay and security evaluation | |
| CN106464511A (en) | Service protecting method and device | |
| CN104079679B (en) | Realize the method that mac address table is consistent | |
| CN101616080B (en) | Packet order preserving method of resilient packet ring, device and network equipment | |
| CN102413034B (en) | Method for controlling label notice message and maintaining LSP (Label Switching Path), and LSR (Label Switching Router) | |
| CN105791205A (en) | Method and device for preventing DDOS attack |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |