Method and apparatus for improving network security

What is claimed is: 1. A method for improving network security in a network comprising a control node in communication with a first subnet and a second subnet, the method comprising: obtaining, by the control node, alarm information comprising information of a respective attack source attacking the first subnet and identification information of the first subnet; determining threat information of the respective attack source; obtaining a threat value of the respective attack source according to the threat information; determining a value of an association between the respective attack source and the first subnet based on an attack relationship between the respective attack source and the first subnet by determining the value of the association between the respective attack source and the first subnet according to r s =[(I−aW) −1 −I]·b s , where r s represents the value of the association between one of each attack source and the first subnet, b s represents a Boolean vector of the attack relationship between the respective attack source and the first subnet, s represents an identifier of the respective attack source, a represents the threat value of the respective attack source, I represents an identity matrix, and W represents an address of the respective attack source; determining, for the first subnet, a danger level imposed by the respective attack source on the first subnet using the threat value of the respective attack source and the value of the association; obtaining a blacklist based on the danger level imposed by the respective attack source; and sending, by the control node, the blacklist to the second subnet. 2. The method for improving network security of claim 1 , wherein the threat information comprises a duration of an attack launched by the respective attack source, an amount of data from the respective attack source, a number of subnets attacked by the respective attack source, and a number of ports attacked by the respective attack source. 3. The method for improving network security of claim 1 , wherein obtaining the blacklist based on the danger level imposed by the respective attack source comprises: sorting the respective attack source in descending order of danger level imposed by the respective attack source within the blacklist to obtain a sorting result; and obtaining the blacklist based on the sorting result, the blacklist including the respective attack source and a threat level corresponding to the respective attack source. 4. The method for improving network security of claim 1 , wherein the alarm information is obtained from an OPENFLOW asynchronization message received from the first subnet. 5. The method for improving network security of claim 1 , wherein the second subnet has not been attacked by the respective attack source. 6. The method for improving network security of claim 1 , wherein the threat information of the respective attack source is determined using the alarm information. 7. A control node for improving network security, and configured to communicate with a first subnet and a second subnet, and the control node comprising: a processor; and a storage medium coupled to the processor and comprising instructions that are executable by the processor and that cause the processor to be configured to: obtain alarm information comprising information of a respective attack source attacking the first subnet and identification information of the first subnet; determine threat information of the respective attack source; obtain a threat value of the respective attack source according to the threat information; determine a value of an association between the respective attack source and the first subnet according to an attack relationship between the respective attack source and the first subnet by determining the value of the association between the respective attack source and the first subnet according to r s =[(I−aW) −1 −I]·b s , wherein r s represents the value of the association between one of each attack source and the first subnet, b s represents a Boolean vector of the attack relationship between the respective attack source and the first subnet, s represents an identifier of the respective attack source, a represents the threat value of the respective attack source, I represents an identity matrix, and W represents an address of the respective attack source; determine, for an attacked subnet, a danger level imposed by the respective attack source on the first subnet using the threat value of the respective attack source and the value of the association; obtain a blacklist based on the danger level imposed by the respective attack source; and send the blacklist to the second subnet. 8. The control node for improving network security of claim 7 , wherein the threat information comprises a duration of an attack launched by the respective attack source, an amount of data from the respective attack source, a number of subnets attacked by the respective attack source, and a number of ports attacked by the respective attack source. 9. The control node for improving network security of claim 7 , wherein the instructions further cause the processor to be configured to: obtain the blacklist based on the danger level imposed by the respective attack source; sort the respective attack source in descending order of danger level imposed by the respective attack source within the blacklist to obtain a sorting result; and obtain the blacklist based on the sorting result, the blacklist including the respective attack source and a threat level corresponding to the respective attack source. 10. The control node for improving network security of claim 7 , wherein the alarm information is obtained from an OPENFLOW asynchronization message received from the first subnet. 11. The control node for improving network security of claim 7 , wherein the second subnet has not been attacked by the respective attack source. 12. The control node for improving network security of claim 7 , wherein the threat information of the respective attack source is determined using the alarm information. 13. A non-transitory computer readable medium storing codes for improving network security that, when executed by a processor of a computer, cause the processor to: obtain alarm information comprising information of a respective attack source attacking a first subnet and identification information of the first subnet; determine threat information of the respective attack source, obtain a threat value of the respective attack source according to the threat information; determine a value of an association between the respective attack source and the first subnet according to an attack relationship between the respective attack source and the first subnet by determining the value of the association between the respective attack source and the first subnet according to r s =[(I−aW) −1 −I]·b s , wherein r s represents the value of the association between one of each attack source and the first subnet, b s represents a Boolean vector of the attack relationship between the respective attack source and the first subnet, s represents an identifier of the respective attack source, a represents the threat value of the respective attack source, I represents an identity matrix, and W represents an address of the respective attack source; determine, for an attacked subnet, a danger level imposed by the respective attack source on the first subnet using the threat value of the respective attack source and the value of the association; obtain a blacklist based on the danger level imposed by the respective attack source; and send the black