An intrusion detection method for network data in xen virtualization environment
A virtualization environment and intrusion detection technology, which is applied in the field of intrusion detection of network data in a Xen virtualization environment, can solve problems such as inability to defend against intrusion of network data, inability to obtain network data of virtual machine devices, etc., and achieve the effect of filtering
Active Publication Date: 2018-02-02
长城超云(北京)科技有限公司
View PDF2 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0003] At present, due to the complexity and diversity of the virtualized network, it is impossible to obtain the network data of the virtual machine device inside the Host host machine, and it is impossible to prevent intrusion of the network data; moreover, in the current traditional network environment, The main body of intrusion prevention is still IP, and the IP of virtual machine equipment can be changed dynamically. How to deal with the variability of virtualized network in the virtual network environment and carry out intrusion defense; so far there is no effective solution
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0033] In order to better understand the technical problems solved by the present invention and the technical solutions provided, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. The specific embodiments described here are only used to explain the implementation of the present invention, but not to limit the present invention.
[0034] In a preferred embodiment, figure 1 It exemplarily shows a schematic flowchart of an intrusion detection method for network data in a Xen virtualization environment; including: .
[0035] Step 1: On the host machine, use Open vSwitch to build a network architecture and create a bridge;
[0036] Step 2: Establish a virtual machine device, and add the virtual machine device to the network bridge;
[0037] Step 3: Match the real network interface to the virtual interface of the virtual machine device, and keep the correspondence between the real network interface and th...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention relates to the technical field of cloud computing, and specifically discloses a method for detecting intrusion of network data in a Xen virtual environment. The method comprises the following steps: creating a network bridge by using Open vSwitch on a host computer; establishing virtual machine equipment, and adding the virtual machine equipment into the network bridge; making a real network interface correspond to the virtual interface of the virtual machine equipment; bridging the virtual interface of the virtual machine equipment with the network bridge, and creating a virtual port for each piece of virtual machine equipment simultaneously; performing communication of the network data via the virtual port of corresponding virtual machine equipment; and after the Open vSwitch receives data packets transmitted from each data port, forwarding the header information of the data packets to a controller, filtering and processing the header information through the controller, and deciding a subsequent processing or forwarding port of the data packets. An intrusion defense main body is set as the virtual machine equipment, so that failure in intrusion defense due to IP (Internet Protocol) address change is avoided; and the intrusion of the network data of the virtual machine equipment can be monitored effectively, detected and defended.
Description
technical field [0001] The invention relates to the technical field of cloud computing, in particular to an intrusion detection method for network data in a Xen virtualization environment. Background technique [0002] Xen is an open source virtual machine device monitor developed by the University of Cambridge. It is intended to run up to 100 fully featured operating systems on a single computer. The operating system must be explicitly modified ("ported") to run on Xen (but provide compatibility with user applications). This enables Xen to achieve high-performance virtualization without special hardware support. [0003] At present, due to the complexity and diversity of the virtualized network, it is impossible to obtain the network data of the virtual machine device inside the Host host machine, and it is impossible to prevent intrusion of the network data; moreover, in the current traditional network environment, The main body of intrusion prevention is still IP, and ...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06G06F9/455
CPCG06F9/45504H04L63/14H04L63/1416
Inventor 张涛
Owner 长城超云(北京)科技有限公司