Search

EP-4742594-A1 - SOFTWARE-DEFINED-NETWORK-BASED CLOUD-EDGE COLLABORATIVE DEFENSE SYSTEM AND METHOD FOR UNKNOWN ATTACKS

EP4742594A1EP 4742594 A1EP4742594 A1EP 4742594A1EP-4742594-A1

Abstract

The present application relates to the technical field of network security. Disclosed are a software-defined-network-based cloud-edge collaborative defense system and method for unknown attacks. The system comprises a main station deployed at a cloud end and a plurality of edge stations deployed at an edge end. A software defined security platform comprises a main controller, a security controller and a security component resource pool. Any one of the edge stations comprises an edge controller. The security controller is configured to receive network security information uploaded by the main controller and/or any one of the edge controllers, identify an unknown attack on the basis of the network security information, generate a corresponding defense strategy and issue the defense strategy to the security component resource pool, the main controller and/or any one of the edge controllers. The security component resource pool is configured to virtualize a security protection function into a security component, and configure the main station and/or any one of the edge stations with the security component on the basis of the network security information or the defense strategy. The problem of traditional static and rigid defense measures and strategies being unable to meet the requirements for defending against unknown attacks is solved.

Inventors

  • ZHANG, BO
  • LYU, Zhuo
  • LI, Nuannuan
  • ZHANG, TAO
  • MA, YUANYUAN
  • CHEN, LU
  • Xi, Zesheng
  • HE, CHUAN
  • WANG, Yunfan
  • YU, Xinsheng
  • XIE, GUANGWEI

Assignees

  • State Grid Smart Grid Research Institute Co., Ltd.
  • State Grid Henan Electric Power Company
  • Electric Power Research Institute of State Grid Henan Electric Power Company
  • State Grid Corporation of China

Dates

Publication Date
20260513
Application Date
20240819

Claims (11)

  1. A cloud-edge collaborative defense system for an unknown attack based on software-defined networks, characterized by the system comprises: a main station deployed in a cloud end and a plurality of edge stations deployed at an edge end; a control plane of the main station includes a software-defined security platform, the software-defined security platform including: a main controller, a security controller, and a security component resource pool; any edge station includes: an edge controller; the security controller is configured to receive network security information uploaded by the main controller and/or any edge controller, identify the unknown attack according to the network security information, generate a corresponding defense strategy according to the identified unknown attack, and send the defense strategy to the security component resource pool, the main controller, and/or any edge controller; the security component resource pool is configured to virtualize a security protection function into a security component, and configure the security component for the main station and/or any edge station according to the network security information or the defense strategy.
  2. The cloud-edge collaborative defense system for the unknown attack based on software-defined networks according to claim 1, wherein a data plane of the main station includes an infrastructure layer, the software-defined security platform interacts with the infrastructure layer through a southbound interface based on a programmability of a software-defined network architecture, the infrastructure layer includes a network device, the main controller is configured to control and manage the network device, and to transmit and interact with the edge controller through the network device and a preset communication protocol, the main controller is further configured to obtain a real-time traffic and a network topology of a main station network boundary, and the edge controller is configured to obtain a real-time network traffic and a security event of a corresponding edge station.
  3. The cloud-edge collaborative defense system for the unknown attack based on software-defined networks according to claim 1, wherein the edge station further includes an edge intelligent device, and the security component includes: a security admission component, a security access component, and a security monitoring component; the security admission component is configured to perform identity authentication and access control on the edge intelligent device; the security access component is configured to encrypt a network traffic of the edge intelligent device and use tunneling technology for data transmission; the security monitoring component is configured to perform traffic monitoring, obtain the security event and alarm information, and upload the security event and the alarm information to the security controller.
  4. The cloud-edge collaborative defense system for the unknown attack based on software-defined networks according to claim 1, wherein the security controller is further configured to acquire an attack feature database and an attack defense strategy database, identify the unknown attack using a machine learning algorithm according to the attack feature database and the network security information, and generate a defense strategy corresponding to the unknown attack using the machine learning algorithm according to the attack defense strategy database and the unknown attack.
  5. The cloud-edge collaborative defense system for the unknown attack based on software-defined networks according to claim 2, wherein the main controller is further configured to send the defense strategy to the network device and dynamically adjust network configuration and behavior.
  6. The cloud-edge collaborative defense system for the unknown attack based on software-defined networks according to claim 3, wherein the edge intelligent device is configured to intercept and handle the unknown attack according to the defense strategy and the security component configured by the security controller, obtain unknown attack information, and send the unknown attack information to edge intelligent devices of other edge stations.
  7. A cloud-edge collaborative defense method for an unknown attack based on software-defined networks, adopting the cloud-edge collaborative defense system for the unknown attack based on software-defined networks according to any one of claims 1 to 6, applied to the security controller, characterized by the method comprises: receiving the network security information uploaded by the main controller and/or any edge controller; identifying the unknown attack according to the network security information; generating the corresponding defense strategy according to the identified unknown attack; sending the defense strategy to the security component resource pool, the main controller and/or any edge controller, wherein the security component resource pool is configured to virtualize the security protection function into the security component; and controlling the control security component resource pool to configure the security component for the main station and/or any edge station according to the network security information or the defense strategy.
  8. The cloud-edge collaborative defense method for the unknown attack based on software-defined networks according to claim 7, wherein the receiving the network security information uploaded by the main controller and/or any edge controller, comprises: receiving real-time traffic information and network topology of a main station network boundary uploaded by the main controller; and/or, receiving real-time network traffic and a security event of a corresponding edge station uploaded by any edge controller.
  9. The cloud-edge collaborative defense method for the unknown attack based on software-defined networks according to claim 8, wherein the controlling the control security component resource pool to configure the security component for the main station and/or any edge station according to the network security information or the defense strategy, comprising: controlling the security component resource pool to configure the security component for the main station according to the defense strategy or real-time traffic information and a network topology of the main station network boundary; and/or, controlling the security component resource pool to configure the security component for any edge station according to the defense strategy or the real-time network traffic and the security event of the edge station.
  10. The cloud-edge collaborative defense method for the unknown attack based on software-defined networks according to claim 9, wherein after the controlling the security component resource pool to configure the security component for any edge station according to the defense strategy or the real-time network traffic and the security event of the edge station, the method further comprises: obtaining the security event and the alarm information from any edge station using the security component; identifying the unknown attack according to an attack feature database, the network security information, the security event, and the alarm information using a machine learning algorithm.
  11. A computer readable storage medium, characterized by the computer readable storage medium comprises computer instructions, and the computer instructions, when executed on a computer, cause the computer to execute the cloud-edge collaborative defense method for the unknown attack based on software-defined networks according to any one of claims 7 to 10.

Description

CROSS REFERENCE TO RELATED APPLICATION(S) The present disclosure is based on and claims priority to Chinese Patent Application No. 202410321312.6, filed on March 20, 2024, entitled "a cloud-edge collaborative defense system and method for an unknown attack based on software-defined networks", the entire contents of which are incorporated herein by reference in its entirety. TECHNICAL FIELD The present disclosure relates to the field of network security technologies, and in particular, to a cloud-edge collaborative defense system and a method for an unknown attack based on software-defined networks. BACKGROUND In new business terminal access scenarios, unknown attack targets are random and diverse, attack paths are dynamically variable, and attack methods are heterogeneous and diverse. Existing security access and attack defense systems lack flexibility in deployment methods and protection capabilities, and cannot adjust defense strategy in a timely and effective manner, resulting in poor effectiveness of defense against unknown attacks. The processing power of edge devices in existing cloud-edge collaborative defense systems is insufficient to provide rapid and accurate identification of unknown attacks, and to formulate corresponding defense strategies against such attacks, thus failing to effectively defend against unknown attacks. Therefore, existing technologies have the problem that traditional static and rigid defense measures and strategies cannot meet the requirements of defense against unknown attacks. SUMMARY In view of this, the present disclosure provides a cloud-edge collaborative defense system and method for an unknown attack based on software-defined networks, in order to solve the problem that traditional static and rigid defense measures and strategies cannot meet the requirements of defense against unknown attacks. In a first aspect, the present disclosure provides a cloud-edge collaborative defense system for an unknown attack based on software-defined networks, the system includes: a main station deployed in a cloud end and a plurality of edge stations deployed at an edge end. A control plane of the main station includes a software-defined security platform, the software-defined security platform includes a main controller, a security controller, and a security component resource pool. Any edge station includes an edge controller. The security controller is configured to receive network security information uploaded by the main controller and/or any edge controller, identify the unknown attack according to the network security information, generate a corresponding defense strategy according to the identified unknown attack, and send the defense strategy to the security component resource pool, the main controller, and/or any edge controller. The security component resource pool is configured to virtualize a security protection function into a security component and configure the security component for the main station and/or any edge station according to the network security information or defense strategy. In embodiments of the present disclosure, a software-defined network architecture is adopted to uniformly manage the cloud end and the edge end through the security controller. By interacting and cooperating with the security controller, the main controller, the edge controller, and the security component resource pool, the system achieves real-time monitoring of cloud-edge network security information, timely identification of unknown cloud-edge attacks, and flexible adjustment of defense strategy. As a result, it is possible to solve the problem that traditional static and rigid defense measures and insufficient processing capabilities of edge devices in cloud-edge collaborative environment make it difficult to quickly identify and respond to unknown attacks. Improved response speed and network security are achieved through centralized management and sending of defense strategy. By separating the data plane and control plane, the system enables network control and data forwarding to be performed independently, thereby improving network flexibility and facilitating expansion and upgrades. As a result, the problem of traditional static and rigid defense measures and strategies being unable to meet the requirements for defending against unknown attacks is solved. In an optional implementation, a data plane of the main station includes an infrastructure layer. The software-defined security platform interacts with the infrastructure layer through a southbound interface based on a programmability of the software-defined network architecture. The infrastructure layer includes a network device. The main controller is configured to control and manage the network device and to transmit data and interact with the edge controller through the network device and a preset communication protocol. The main controller is further configured to obtain a real-time traffic and a network topology of the