Method for disposing inbreak detection system

Abstract

The invention relates to an intrusion detection system deployment method, including that: an abnormity monitoring module monitors and identifies an abnormal virtual machine; when abnormity is identified, a deployment actuator is indicated to locally start up and operate an intrusion detection virtual machine; the deployment actuator acquires an abnormal virtual machine mark from the abnormity monitoring module and sets up the connection between a virtual switcher and an intrusion detection virtual machine according to the abnormal virtual machine mark; and the virtual switcher sends the message sending to or coming from the abnormal virtual machine to the intrusion detection virtual machine through a special detection virtual network card so as to carry out intrusion detection analysis. The intrusion detection system deployment method, based on virtual machine technology, realizes the flexible deployment of the intrusion detection system and identifies the abnormal virtual machine by monitoring the abnormity values of the virtual machines so as to pertinently start up the intrusion detection virtual machine to conduct intrusion detection to the massage transmitted by the intrusion detection virtual machine. The intrusion detection system can be deployed more flexibly in a network system, thus reducing the intrusion detection load and improves intrusion detection accuracy and efficiency.

Description

technical field [0001] The invention relates to a virtual machine-based intrusion detection system deployment technology, in particular to an intrusion detection system deployment method. Background technique [0002] Intrusion Detection Systems (hereinafter referred to as: IDS), as an important part of network security, has been successfully applied in the network environment of governments, enterprises and major companies, and plays an extremely important role. IDS mainly includes functional modules such as sensors, intrusion analysis modules, intrusion response modules, and management consoles. When it works, it uses sensors to intercept the original data packets containing messages in the network, and transmits them to the intrusion analysis module to find intrusion traces and other sensitive information. , and provide it to the intrusion response module and the management console to complete the response to the intrusion. At present, how to deploy IDS to accurately and...

AI Technical Summary

Problems solved by technology

[0011] (3) IDS is deployed inside and outside the firewall: it can detect all attacks from inside and outside, but it will significantly increase the cost

In a shared network, although IDS can directly monitor all network traffic, this sharing method also increases security risks, because computers connected to this network can detect network reports from other computers as long as they set their network cards to promiscuous mode. It can also intercept the IDS alarm information; in the switched network, there are problems such as the need for additional hardware support, performance degradation, and topology changes.

[0015] Thirdly, with the continuous growth of Internet business and the continuous expansion of the network scale of various companies and enterprises, a single deployment method su

Images