公开(公告)号：US09876808B2

公开(公告)日：2018-01-23

申请号：US14861665

申请日：2015-09-22

Applicant: GWANGJU INSTITUTE OF SCIENCE AND TECHNOLOGY

Inventor： Hyuk Lim ,  Jong-Won Kim ,  Jargalsaikhan Narantuya ,  Tae-Jin Ha ,  Chi-Wook Jeong

IPC: H04L29/06 ,  H04L12/26

CPC classification number: H04L63/1416 ,  H04L43/024 ,  H04L43/026

Abstract: A method for detecting an intrusion in a network is disclosed. The network includes a plurality of nodes for data transmission/reception and switches for relaying flow transmission/reception between the nodes, and an intrusion detection system (IDS) is combined with the network to form a system The method includes: installing SDN-enabled switches for flow sampling in the network to connect them to SDN controllers; determining, by the SDN controller, the number of network flows and the number of switches; deriving a sampling rate for each of the SDN-enabled switches; forwarding, by the switches, packet information sampled at respective sampling rates to the IDS; and identifying, by the IDS, malicious data based on the packet information to update the sampling rate of each of the SDN switches.