Dynamically adjusting route or link topology to minimize self-interference
US-2015341140-A1 · Nov 26, 2015 · US
Method, apparatus, and system for cooperative defense on network
US10298600B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10298600-B2 |
| Application number | US-201514985807-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 31, 2015 |
| Priority date | Nov 12, 2013 |
| Publication date | May 21, 2019 |
| Grant date | May 21, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The present disclosure provides a method, an apparatus, and a system for cooperative defense on a network. Alarm information sent by a security device of a first subnet that is being attacked is received by a controller; the controller generates flow table information according to the alarm information, and forwards the flow table information to a switching device of the first subnet and a switching device of at least one second subnet, which is equivalent to that, after detecting an attack, a security device of a subnet generates alarm information, and shares, by using the controller, the alarm information with a switching device of the subnet and a switching device of another subnet that is not being attacked, to form networkwide cooperative defense, thereby enhancing network security.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for cooperative defense on a network with an attacked subnet and a second subnet controlled by a controller, the method comprising: receiving, by a controller, feature information of an attack information sent by a security device of the attacked subnet; generating, by the controller according to the feature information, flow table information, wherein the flow table information indicates the data flow of the attack information; and forwarding, by the controller, the flow table information to a switching device of the attacked subnet and a switching device of the second subnet; receiving, by the controller, a first defense rule generated by the security device of the attacked subnet according to the attack information, and the first defense rule is an access rule for an external network to access the attacked subnet; and sending, by the controller, the first defense rule to a security device of the second subnet, so that the security device of the second subnet performs, according to the first defense rule, filtering on a data flow that accesses the second subnet; and generating, by the controller according to the feature information, a second defense rule, wherein the second defense rule is an access rule for an external network to access the attacked subnet or the second subnet; and sending, by the controller, the second defense rule to the security device of the attacked subnet and a security device of the second subnet, so that the security device of the attacked and the security device of the second subnet performs filtering on a data flow according to the second defense rule. 2. The method of claim 1 , further comprising rejecting, by the switching device of the attacked subnet and the switching device of the second subnet, a data that matches the flow table information. 3. A method for cooperative defense on a network, the network comprises a controller, a first subnet, and a second subnet, and the controller controls the first subnet and the second subnet, the method comprises: receiving, by a security device of the first subnet, attack information; generating, by the security device of the first subnet according to the attack information, a first defense rule, wherein the first defense rule is an access rule for an external network to access the first subnet; and sending, by the security device of the first subnet, alarm information to the controller, wherein the alarm information comprises feature information of the attack information and the first defense rule; receiving, by the controller, a first defense rule generated by the security device of the attacked subnet according to the attack information, and the first defense rule is an access rule for an external network to access the attacked subnet; and sending, by the controller, the first defense rule to a security device of the second subnet, so that the security device of the second subnet performs, according to the first defense rule, filtering on a data flow that accesses the second subnet; and generating, by the controller according to the feature information, a second defense rule, wherein the second defense rule is an access rule for an external network to access the attacked subnet or the second subnet; and sending, by the controller, the second defense rule to the security device of the attacked subnet and a security device of the second subnet, so that the security device of the attacked and the security device of the second subnet performs filtering on a data flow according to the second defense rule. 4. A method for cooperative defense on a network, further comprising: receiving, by the controller, alarm information sent by a security device of a first subnet, wherein the first subnet is a subnet that is being attacked, the alarm information is a defense rule generated by the security device of the first subnet according to attack information, and the defense rule is an access rule for an external network to access the first subnet; and sending, by the controller, the defense rule to a security device of the at least one second subnet, so that the security device of the at least one second subnet performs filtering on a data flow according to the defense rule; receiving, by the controller, a first defense rule generated by the security device of the attacked subnet according to the attack information, and the first defense rule is an access rule for an external network to access the attacked subnet; and sending, by the controller, the first defense rule to a security device of the second subnet, so that the security device of the second subnet performs, according to the first defense rule, filtering on a data flow that accesses the second subnet; and generating, by the controller according to the feature information, a second defense rule, wherein the second defense rule is an access rule for an external network to access the attacked subnet or the second subnet; and sending, by the controller, the second defense rule to the security device of the attacked subnet and a security device of the second subnet, so that the security device of the attacked and the security device of the second subnet performs filtering on a data flow according to the second defense rule. 5. A method for cooperative defense on a network, comprising: receiving, by a security device of a first subnet, attack information; generating, by the security device of the first subnet according to the attack information, a defense rule, wherein the defense rule is an access rule for an external network to access the first subnet; and sending, by the security device of the first subnet, the defense rule to a controller; sending, by the controller, the defense rule to a security device of at least one second subnet; receiving, by the controller, a first defense rule generated by the security device of the attacked subnet according to the attack information, and the first defense rule is an access rule for an external network to access the attacked subnet; and sending, by the controller, the first defense rule to a security device of the second subnet, so that the security device of the second subnet performs, according to the first defense rule, filtering on a data flow that accesses the second subnet; and generating, by the controller according to the feature information, a second defense rule, wherein the second defense rule is an access rule for an external network to access the attacked subnet or the second subnet; and sending, by the controller, the second defense rule to the security device of the attacked subnet and a security device of the second subnet, so that the security device of the attacked and the security device of the second subnet performs filtering on a data flow according to the second defense rule. 6. An apparatus for cooperative defense on a network, comprising: a receiver, configured to receive alarm information sent by a security device of a first subnet, wherein the first subnet is being attacked, and the alarm information is a feature information of attack information; a processor, configured to generate flow table information according to the feature information of the attack information, wherein the flow table information indicates the data flow corresponding to the flow table information belongs to the attack information; and a transmitter, configured to forward the flow table information to a switching device of the first subnet and a switching device of at least one second subnet, so that the switching device of the first subnet and the switching device of the at least one second subnet perform filtering on a data flow according to the flow table information; wherein the alarm information further comprises a first defense rule generated by the security device of the fir
Assignees
Inventors
Classifications
- H04L12/6418Primary
Hybrid transport · CPC title
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
Traffic logging, e.g. anomaly detection · CPC title
- H04L63/1416Primary
Event detection, e.g. attack signature detection · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10298600B2 cover?
- The present disclosure provides a method, an apparatus, and a system for cooperative defense on a network. Alarm information sent by a security device of a first subnet that is being attacked is received by a controller; the controller generates flow table information according to the alarm information, and forwards the flow table information to a switching device of the first subnet and a swit…
- Who is the assignee on this patent?
- Huawei Tech Co Ltd
- What technology area does this patent fall under?
- Primary CPC classification H04L12/6418. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue May 21 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).