An information system intrusion detection method based on docker virtualization

Abstract

The invention relates to an information system invasion detection method based on Docker virtualization. The method comprises the steps as follows: obtaining a data source by monitoring data packets in a network between a host and a container; and finishing the collecting work of the data via a captured data flow so as to differentiate normal information and exotic invasion via the study and classification of a support vector machine to realize the detection of exotic invasion. The beneficial effects of the method of the invention are as follows: (1) the invasion detection system is encapsulated to the container of the docker in the form of software app, so that the characteristics of the Docker are well used and the space is saved; (2) the container with the invasion detection system is combined with the host to form a host mode to share a network environment with the host, while other containers performs network communication with the host in a bridge mode, and the invasion detection system could directly stop the operation of the container which is invaded or directly recycle and delete the container which is invaded via the host while detecting the invasion.

Description

technical field [0001] The invention relates to an information system intrusion detection method based on Docker virtualization. Background technique [0002] Docker is an advanced LXC-based container engine open sourced by PaaS provider dotCloud. The source code is hosted on Github, based on the go language and open source in compliance with the Apache2.0 protocol. Docker has been very popular since 2013. Its success is mainly due to solving several problems: (1) Complex environment management: from various OS to various middleware to various Apps, a product can be successfully released , As a developer, there are too many things to care about, and it is difficult to manage. This problem is common in the software industry and needs to be faced directly. Docker can simplify the deployment of multiple application instances, such as web applications, background applications, database applications, and big data applications such as Hadoop clusters, message queues, etc. can be...

AI Technical Summary

Problems solved by technology

Docker has been very popular since 2013. Its success is mainly due to solving several problems: (1) Complex environment management: from various OS to various middleware to various Apps, a product can be successfully released , as a developer, there are too many things to care about, and it is difficult to manage. This problem is common in the software industry and needs to be faced directly

However, whether it is KVM or Xen, it seems to Docker that it is a waste of resources, because what users need is an efficient operating environment rather than an OS. GuestOS is a waste of resources and difficult to manage. The lighter LXC is more flexible and faster

(4) Portability of LXC: LXC already exists in the Kernel of Linux 2.6, but it was not designed for cloud computing at the beginning. The lack of standardized description methods and the portability of containers determine the environment it builds Difficult to distribute and standardize management (compared to the concept of image and snapshot like KVM)

(1) The isolation of Docker is still somewhat lacking compared to virtualization solutions such as KVM, and all containers share a part of the runtime library

Images