| 发明名称 | Preventing network tomography in software defined datacenter networks | ||
| 摘要 | Technologies are provided for preventing abuse of software-defined datacenter networks. In some examples, an SDN abuse prevention module within a control layer of an SDN may use graph analysis rules and monitor network paths over time to detect and prevent abusive network conformation change command series. Instance-generated network paths may be analyzed to determine if the paths attempt to repeatedly traverse one or more sensitive network paths. If so, the paths may be implemented or denied based on, among other things, the time scale within which they attempt to repeatedly traverse the sensitive network paths. | ||
| 申请公布号 | US9356956(B2) | 申请公布日期 | 2016.05.31 |
| 申请号 | US201314356150 | 申请日期 | 2013.06.06 |
| 申请人 | EMPIRE TECHNOLOGY DEVELOPMENT LLC | 发明人 | Kruglick Ezekiel |
| 分类号 | H04L29/06;H04L1/00;H04L12/28;H04L12/751;H04L12/721 | 主分类号 | H04L29/06 |
| 代理机构 | Turk IP Law, LLC | 代理人 | Turk IP Law, LLC |
| 主权项 | 1. A method to prevent network tomography in a software-defined datacenter network, the method comprising: computing a time threshold for a sensitive path based on at least one of an amount of traffic congestion in the software-defined datacenter network and a security level associated with the sensitive path, wherein the sensitive path is a path selected to carry traffic in the software-defined datacenter network based on at least one of an identity and a security level of a user of the software-defined datacenter network, and the time threshold for the sensitive path is a minimum time duration between one attempt to traverse the sensitive path and a next attempt to traverse the sensitive path; detecting a first core network route generated by a first instance and traversing the sensitive path at a first time; detecting a second core network route generated by a second instance and traversing another path not including the sensitive path at a second time after the first time; detecting that a third core network route traverses the sensitive path at a third time after the second time; determining a time duration between the first time and the third time; determining whether to implement the third core network route based on one or more criteria, the one or more criteria including at least whether the time duration between the first time and the third time exceeds the time threshold for the sensitive path; in response to a determination that the time duration between the first time and the third time is more than or equal to the time threshold for the sensitive path, implementing the third core network route; and in response to a determination that the time duration between the first time and the third time is less than the time threshold for the sensitive path, refraining from implementing the third core network route. | ||
| 地址 | Wilmington DE US | ||