Modifying a priority for at least one flow class of an application
US-2016353461-A1 · Dec 1, 2016 · US
Method for detecting intrusion in network
US9876808B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9876808-B2 |
| Application number | US-201514861665-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 22, 2015 |
| Priority date | Dec 18, 2014 |
| Publication date | Jan 23, 2018 |
| Grant date | Jan 23, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method for detecting an intrusion in a network is disclosed. The network includes a plurality of nodes for data transmission/reception and switches for relaying flow transmission/reception between the nodes, and an intrusion detection system (IDS) is combined with the network to form a system The method includes: installing SDN-enabled switches for flow sampling in the network to connect them to SDN controllers; determining, by the SDN controller, the number of network flows and the number of switches; deriving a sampling rate for each of the SDN-enabled switches; forwarding, by the switches, packet information sampled at respective sampling rates to the IDS; and identifying, by the IDS, malicious data based on the packet information to update the sampling rate of each of the SDN switches.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for detecting an intrusion in a network, the method performed by a system, said system comprising the network having a plurality of nodes for data transmission/reception and switches for relaying flow transmission/reception between the nodes, an intrusion detection system (IDS) combined with the network and a Software Defined Networking (SDN) controller, the method comprising: installing, by the SDN controller, SDN-enabled switches for flow sampling in the network to connect the network to the SDN controller; determining, by the SDN controller, information on the number of network flows and the number of the switches in the network; calculating, by the SDN controller, a function M(x), minimizing a maximum value of missing rates of malicious attacks in the IDS, based on an initial value of a rate at which a malicious attack takes place for each of the network flows, where x represents a sampling rate vector of the each of the SDN-enabled switches; calculating, by the SDN controller, a sampling rate for each of the SDN-enabled switches using a flow table which is created by the SDN controller based on the calculated function M(x); forwarding, by the SDN-enabled switches, packet information to the IDS according to the calculated sampling rate; identifying, by the IDS, malicious data based on the packet information; and updating, by the SDN controller, the sampling rate of the each of the SDN-enabled switches based on the identified malicious data. 2. The method of claim 1 , further comprising: calculating, by the SDN controller, a missing rate of the network flows with a constant IDS capacity. 3. The method of claim 1 , wherein the each of the SDN-enabled switches forwards, to the IDS, data packets based on the flow table. 4. The method of claim 1 , wherein the identifying of malicious data comprises when the IDS detects a malicious traffic, triggering a detection alarm to calculate a rate at which a malicious attack takes place for the malicious traffic. 5. The method of claim 4 , further comprising: estimating an estimated rate at which a malicious attack takes place for each of the network flows using the calculated rate. 6. The method of claim 5 , wherein the estimated rate is repeatedly estimated by the IDS a predetermined number times to calculate an average value of the repeated estimations, and the sampling rate for each of the SDN-enabled switches is calculated based on the calculated average value.
Assignees
Inventors
Classifications
using flow identification · CPC title
- H04L63/1416Primary
Event detection, e.g. attack signature detection · CPC title
the monitoring system or the monitored elements being virtualised, abstracted or software-defined entities, e.g. SDN or NFV · CPC title
- H04L63/1441Primary
Countermeasures against malicious traffic (countermeasures against attacks on cryptographic mechanisms H04L9/002) · CPC title
by monitoring network traffic (monitoring network traffic per se H04L43/00) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9876808B2 cover?
- A method for detecting an intrusion in a network is disclosed. The network includes a plurality of nodes for data transmission/reception and switches for relaying flow transmission/reception between the nodes, and an intrusion detection system (IDS) is combined with the network to form a system The method includes: installing SDN-enabled switches for flow sampling in the network to connect them…
- Who is the assignee on this patent?
- Gwangju Inst Science & Tech
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1416. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jan 23 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).