MALICIOUS ATTACK DETECTION METHOD AND APPARATUS

摘要

Disclosed in embodiments of the present invention are a malicious attack detection method and apparatus, and the method comprises: a controller receives a Packet-in message sent from a first switch, and the Packet-in message includes the source host identity and the destination host identity of a data packet of a flow table item that the first switch has not found; when judging that a host identified by the destination host identity does not exist in a Software Definition Network (SDN), the controller sends an abnormal flow table item to the first switch, and the abnormal flow table item includes the source host identity; the controller receives the times of triggering sent from the first switch, and the times of triggering is sent from the first switch after the timeout of the abnormal flow table item and indicates the times of triggering of the abnormal flow table item; the controller judges whether there is a malicious attack existing in a source host identified by the source host identity according to the times of triggering. The embodiments of the present invention can detect malicious attacks to hosts, reduce data processing amount of the controller and improve controller performance.