Distributed denial of service (DDOS) attack protection method, device and system for cloud computing system

A distributed denial and cloud system technology, applied in the computer field, can solve problems such as inapplicable DDOS attacks, achieve the effect of improving security and reliability, and protecting against DDOS attacks

Active Publication Date: 2011-05-04
HUAWEI TECH CO LTD
View PDF3 Cites 19 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] With the development of cloud system technology, a cloud system may include tens of thousands of virtual machines, so that the security protection of each virtual machine in the cloud system is also increasingly concerned, effectively preventing DDOS attacks between virtual machines in the cloud system It is particularly imp

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Distributed denial of service (DDOS) attack protection method, device and system for cloud computing system
  • Distributed denial of service (DDOS) attack protection method, device and system for cloud computing system
  • Distributed denial of service (DDOS) attack protection method, device and system for cloud computing system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0056] An embodiment of the cloud system distributed denial of service attack protection method of the present invention may include: the protection node in the cloud computing system monitors the data flow injected into the virtual machine; if it detects that the data flow injected into the virtual machine is abnormal, extract the For the data stream of the virtual machine, the extracted data stream is sent to the traffic cleaning device for traffic cleaning; the data stream after the traffic cleaning is received by the traffic cleaning device; and the cleaned data stream is injected into the virtual machine.

[0057] see image 3 , the specific steps may include:

[0058] 310. The protection node in the cloud computing system monitors the data flow injected into the virtual machine;

[0059] Wherein, the cloud computing system includes a guard node and a plurality of virtual machines, and the data flows exchanged between each virtual machine pass through the guard node.

...

Embodiment 2

[0071] In order to better understand the technical solutions of the embodiments of the present invention, the process of DDOS attack protection of a virtual machine Ai in the cloud computing system by the virtual machine management node in the cloud computing system is taken as an example to describe in more detail below.

[0072] see Figure 4 , which can include:

[0073] 401. The virtual machine management node in the cloud computing system monitors the data flow injected into the virtual machine Ai;

[0074] In one application scenario, the virtual machine management node in the cloud computing system can manage one or more virtual machines (including the virtual machine Ai) located on the same or different physical hosts in the cloud computing system.

[0075] The data traffic between the external network and the virtual machines in the cloud computing system, and the data traffic between the virtual machines in the cloud computing system pass through the virtual machine...

Embodiment 3

[0099] Referring to Fig. 5 , a protection node 500 in a cloud computing system provided by an embodiment of the present invention, wherein the cloud computing system includes a protection node and a plurality of virtual machines, and the data flow interacted between each virtual machine passes through the protection node, and the cloud computing system The internal protection node 500 may specifically include: a monitoring module 510 , an extracting and sending module 520 , a receiving module 530 and an injecting module 540 .

[0100] Wherein, the monitoring module 510 is used to monitor the data flow injected into the virtual machine;

[0101] In one application scenario, the protection node 500 in the cloud computing system can be a virtual machine management node in the cloud computing system (the virtual machine management node in the cloud computing system can manage one or more physical The virtual machine on the host computer) may also be a device deployed between the v...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention discloses a distributed denial of service (DDOS) attack protection method, device and system for a cloud computing system, wherein the DDOS attack protection method for the cloud computing system comprises the following steps: using a protection node in the cloud computing system to monitor data traffic injected into virtual machines, wherein the cloud computing system comprises the protection node and a plurality of the virtual machines, and interactive data streams among the virtual machines pass through the protection node; extracting the data stream to be injected into the virtual machine if monitoring an abnormality in the data traffic injected to the virtual machine; sending the extracted data stream to a traffic cleaning device for carrying out traffic cleaning; receiving the data streams subject to the traffic cleaning through the traffic cleaning device; and injecting the cleaned data streams into the virtual machines. By utilizing the scheme provided by the embodiment of the invention, the DDOS attack among the virtual machines in the cloud computing system can be effectively protected.

Description

technical field [0001] The invention relates to the field of computer technology, in particular to a cloud system distributed denial of service attack protection method, a cloud computing system internal protection node and a cloud computing system internal protection system. Background technique [0002] Distributed denial of service (DDOS, Distributed Denial of Service) attack mainly means that the attacker uses the main control host as a springboard (possibly multi-level and multi-layer), and controls a large number of infected and controlled hosts to form an attack network to attack the victim host on a large scale. large-scale denial of service attacks. [0003] DDOS attacks can use the attack network to initiate Internet (Internet) Control Message Protocol (ICMP, Internet Control Message Protocol) flood (Flood), User Datagram Protocol (UDP, User Datagram Protocol) flood, synchronization (SYN, Synchronize) to the victim host Flood and other attacks, DDOS attacks can of...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/00
CPCH04L63/1458G06F9/45533G06F9/45558G06F2009/45587H04L63/1425H04L67/10H04L2463/142
Inventor 蒋武
Owner HUAWEI TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap