Cloud computing environment-based distributed network security pre-warning method

Abstract

The invention discloses a cloud computing environment-based distributed network security pre-warning method, which belongs to the technical field of network security. The method comprises that: a plurality of management domains are set, wherein each management domain comprises a control central node and more than one security proxy node, and the control central nodes are in peer connection; the security proxy nodes discover abnormal events through peripheral equipment, extract event information, generate warning messages and transmit warning information to the corresponding control central nodes; the control central nodes receive the warning messages transmitted by the corresponding security proxy nodes and the other control central nodes and combine the central nodes meeting a combination condition into a task group; the security proxy nodes in the task group are in the peer connection and one security proxy node serves as a task coordination central node to coordinate the security proxy nodes in the group to complete tasks together; and the task group is in data connection with the control central nodes through the task coordination central node.

Description

technical field [0001] The invention relates to a distributed network, in particular to a distributed network security early warning method based on a cloud computing environment, and belongs to the technical field of network security. Background technique [0002] At present, the development trend of network malicious code technology has the main characteristics of explosive transmission, self-organizing structure and distributed cooperation. Incalculable potential security risks. Cyber ​​hackers can use the distributed platform built by malicious codes to carry out large-scale network intrusions and attacks, including stealing or destroying sensitive information, launching large-scale denial of service attacks, engaging in economic crimes, and even paralyzing backbone network services. In order to solve this problem, intrusion detection systems, firewalls, vulnerability scanners, anti-virus gateways and other security protection facilities are deployed in almost all netwo...

AI Technical Summary

Problems solved by technology

First, there is no adaptability. The current network early warning models all adopt a fixed topology architecture, which does not have the ability to adapt to the network security situation, and is not suitable for large-scale network environments. Second, the survivability is low. Most networks The early warning model adopts the architecture of a single early warning center, which has a high risk of single point failure, and will cause network congestion near the early warning center; third, the data flow control capability is weak, and the mainstream network early warning models all adopt centralized sharing of security data structure, cannot dynamically select the data sets that need to be interacted with according to the attack type, and the utilization rate of hardware resources and network bandwidth is low; fourth, the coordination is poor, and the alarm data of heterogeneous security protection facilities cannot be effectively aggregated. There is also a lack of effective solutions for data exchange in security domains

Images