A detection method and device for network security in a cloud computing network

Abstract

The invention discloses a method for detecting network security in a cloud computing network. The method includes: after learning that a virtual machine is started, checking whether the current security information of the virtual machine has been modified; repair operation. The invention also discloses a detection device for network security in a cloud computing network. By adopting the method and the device of the invention, it can effectively prevent virtual machines with security risks from pairing with virtual machine monitors (VMMs) belonging to the same physical host. and other virtual machines, as well as the entire cloud computing network.

Description

technical field [0001] The invention relates to network security technology in the field of cloud computing, in particular to a method and device for detecting network security in a cloud computing network. Background technique [0002] In cloud computing technology, virtualization technology can be used to implement multiple virtual machines running on the same physical host at the same time, and data packets between virtual machines belonging to the same physical host are forwarded without going through a physical switch. That is to say, the communication flow between virtual machines belonging to the same physical host is not monitored and managed by physical switches or other network devices in the network. The virtual machine initiates internal attacks such as abnormal traffic, which in turn threatens the security of the entire cloud computing network. [0003] In the prior art, in order to prevent a virtual machine from initiating an attack to other virtual machines b...

AI Technical Summary

Problems solved by technology

However, this method has the following defects: since the virtual switch needs to forward the data packets during the monitoring process, too many resources of the physical host will be consumed, and it is not convenient to flexibly implement specific security policies for the virtual machine

[0007] However, in the existing technology, only the communication traffic of the virtual machine is monitored, filtered, and protected, but it is impossible to detect and take measures in time for security threats or attacks outside the monitoring and filtering rules, specifically including the following two aspects :

[0008] First, the virtual machine's own security protection software or security configuration cannot be detected in time after it is maliciously uninstalled or disabled

The virtual machine will install and configure the corresponding self-protection mechanism when it is created. Once the malicious user uninstalls or disables the relevant security protection software, it may cause the unprotected virtual machine to be infected with viruses and Trojan horses to threaten the security of VMM or other virtual machines. , thus affecting the security of the entire cloud computing network

[0009] Second, normal virtual machines cannot be detected in time after they are infected with viruses, Trojan horses, or execute certain malicious codes.

After a normal virtual machine is inadvertently infected with a virus, a Trojan horse, or executes a malicious code, it will cause security issues such as covert channel attacks, virtual machine escape, or root access to the physical host, which in turn will cause the attacker to directly control the VMM, thereby threatening the entire Cloud Computing Network Security

In addition, after a normal virtual machine is infected with a virus, a Trojan horse, or executes a malicious code, the virtual machine may maliciously occupy a large amount of system resources, which may cause other virtual machines belonging to the same physical host to fail to operate normally.

Images