| 发明名称 |
METHOD FOR DETECTING INTRUSION IN NETWORK |
| 摘要 |
A method for detecting an intrusion in a network is disclosed. The network includes a plurality of nodes for data transmission/reception and switches for relaying flow transmission/reception between the nodes, and an intrusion detection system (IDS) is combined with the network to form a system The method includes: installing SDN-enabled switches for flow sampling in the network to connect them to SDN controllers; determining, by the SDN controller, the number of network flows and the number of switches; deriving a sampling rate for each of the SDN-enabled switches; forwarding, by the switches, packet information sampled at respective sampling rates to the IDS; and identifying, by the IDS, malicious data based on the packet information to update the sampling rate of each of the SDN switches. |
| 申请公布号 |
US2016182541(A1) |
申请公布日期 |
2016.06.23 |
| 申请号 |
US201514861665 |
申请日期 |
2015.09.22 |
| 申请人 |
GWANGJU INSTITUTE OF SCIENCE AND TECHNOLOGY |
发明人 |
LIM Hyuk;KIM Jong-Won;NARANTUYA Jargalsaikhan;HA Tae-Jin;JEONG Chi-Wook |
| 分类号 |
H04L29/06;H04L12/26 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method for detecting an intrusion in a network, wherein the network comprises a plurality of nodes for data transmission/reception and switches for relaying flow transmission/reception between the nodes, and an intrusion detection system (IDS) is combined with the network to form a system, the method comprising:
installing SDN-enabled switches for flow sampling in the network to connect them to a SDN controller; determining, by the SDN controller, the number of network to flows and the number of switches; deriving a sampling rate for each of the SDN-enabled switches; forwarding, by the switches, packet information to the IDS according to the sampling rate; and identifying, by the IDS, malicious data based on the packet information to update the sampling rate of each of the SDN switches. |
| 地址 |
Gwangju KR |
