Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for preventing flood attacks in desktop virtualization

A desktop virtualization and flood attack technology, applied in the field of flood attack protection, can solve the problems of administrators and users trouble, crash, Kvm virtual machine does not have unified network attack and protection, etc., to achieve the effect of ease of use

Active Publication Date: 2015-02-18
MASSCLOUDS
View PDF5 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] KVM (Kernel-based Virtual Machine) is a full-featured desktop virtualization solution on the x86 platform under linux. The biggest advantage of kvm is that it is integrated with the linux kernel, so it has the advantages of open code and fast speed, but the kvm virtual machine During the running process, there is no unified network attack and protection solution. At present, the kvm-based desktop virtualization has the following deficiencies:
[0004] A firewall is an information security protection system that allows or blocks the transmission of data according to specific rules. However, in the kvm-based desktop virtualization platform, there is no complete set of solutions for the virtual machines in the platform. Ways to Protect Against Flood Attacks
[0005] 2. Traditional desktop firewalls are not available
All the found solutions to prevent flood attacks need to set up agents inside the virtual machine, which cannot fundamentally solve the protection of the entire platform against flood attacks
[0007] 3. Lack of management of protection against flood attacks based on desktop virtualization
Mandatory modification operations can only be performed by modifying the firewall rules in the server system of the platform, but unified management cannot be achieved
[0009] 4. The configuration of protection against flood attacks is opaque
[0010] The general method for protecting against flood attacks needs to install corresponding software on the client computer to prevent flood attacks, which brings troubles to administrators and users, requires a lot of energy on how to install and configure the software, and can easily cause users to The misoperation and misconfiguration of the system will cause the whole system to crash, which will bring unnecessary troubles, so the specific implementation method and process of flood attack protection, users do not need to know

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for preventing flood attacks in desktop virtualization
  • Method for preventing flood attacks in desktop virtualization
  • Method for preventing flood attacks in desktop virtualization

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0053]Below in conjunction with accompanying drawing and embodiment the present invention will be further described:

[0054] The present invention mainly provides a method for protecting against flood attacks for desktop virtualization, and the main problems to be solved are as follows:

[0055] 1. Provide a method for protecting the virtual machines in the virtual platform from TCP, UDP, and ICMP flood attacks

[0056] This method is mainly to provide an effective method of protecting against TCP flood attacks for the virtual machines of the desktop virtualization platform, by specifying TCP, UDP, and ICMP firewall rules for the virtual machines during the virtual machine creation process, and passing through the packet filtering rules of the bridge firewall , to filter a large number of forged TCP connection requests sent by the attacker, UDP data packets and a large number of ICMP data packets whose destination addresses cannot be connected, so as to achieve the effect of ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for preventing flood attacks in desktop virtualization. The method comprises the steps that a system configures a cluster safety strategy and a strategy for preventing or stopping initiation of the flood attacks; when network data packets enter a server, a system fire wall analyzes the network data packets and judges whether the data packets are input or forwarded; filtering is carried out again through an Ethernet fire wall Ebtables; if virtual machines are adopted as receiving ends of the network data packets, the data packets are filtered by netfilters of the virtual machines and enter the virtual machines, and if local systems are adopted as the receiving ends of the data packets, the data packets enter local programs to be processed or used. The method has the advantages that through the setting of a desktop virtualization platform and the virtual machines, the flood attacks of TCPs, UDPs and ICPMs can be effectively prevented, the virtual machines can share one filter rule, and if the filter rule is changed, all the virtual machines can be modified in an unified mode.

Description

technical field [0001] The invention relates to the technical field of application virtualization, in particular to a method for protecting against flood attacks in desktop virtualization. Background technique [0002] KVM (Kernel-based Virtual Machine) is a full-featured desktop virtualization solution on the x86 platform under linux. The biggest advantage of kvm is that it is integrated with the linux kernel, so it has the advantages of open code and fast speed, but the kvm virtual machine During the running process, there is no unified solution to network attack and protection. At present, the kvm-based desktop virtualization has the following deficiencies: [0003] 1. The kvm-based desktop virtualization platform lacks methods to protect against flood attacks [0004] A firewall is an information security protection system that allows or blocks the transmission of data according to specific rules. However, in the kvm-based desktop virtualization platform, there is no co...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/1441H04L63/1458
Inventor 卞功杰韩春超刘毅枫王进石磊
Owner MASSCLOUDS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products