×

Method for detecting intrusion in network

  • US 9,876,808 B2
  • Filed: 09/22/2015
  • Issued: 01/23/2018
  • Est. Priority Date: 12/18/2014
  • Status: Expired due to Fees
0
Associated Cases
0
Associated Defendants
0
Product Citations
0
Petitions
3
Forward Citations
1
Assignment
First Claim
Patent Images

1. A method for detecting an intrusion in a network, the method performed by a system, said system comprising the network having a plurality of nodes for data transmission/reception and switches for relaying flow transmission/reception between the nodes, an intrusion detection system (IDS) combined with the network and a Software Defined Networking (SDN) controller, the method comprising:

  • installing, by the SDN controller, SDN-enabled switches for flow sampling in the network to connect the network to the SDN controller;

    determining, by the SDN controller, information on the number of network flows and the number of the switches in the network;

    calculating, by the SDN controller, a function M(x), minimizing a maximum value of missing rates of malicious attacks in the IDS, based on an initial value of a rate at which a malicious attack takes place for each of the network flows, where x represents a sampling rate vector of the each of the SDN-enabled switches;

    calculating, by the SDN controller, a sampling rate for each of the SDN-enabled switches using a flow table which is created by the SDN controller based on the calculated function M(x);

    forwarding, by the SDN-enabled switches, packet information to the IDS according to the calculated sampling rate;

    identifying, by the IDS, malicious data based on the packet information; and

    updating, by the SDN controller, the sampling rate of the each of the SDN-enabled switches based on the identified malicious data.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×