A security policy adaptive generation management system and method based on SDN

Abstract

The invention provides an adaptive generation management system of a security strategy based on SDN. The adaptive generation management system is connected with an NFV resource pool and a virtual machine resource pool for providing adaptive generation management of the security strategy for a cloud environment; the adaptive generation management system comprises a security detection module, a data analysis and decision module, a unified security strategy management module and a switch module; the security detection module comprises a detection rule formulation module, a flow perception module, a packet detection module, a security event data collection module and other detection modules; the security detection module further comprises a detection information acquisition interface module used for providing interfaces for the flow perception module, the packet detection module, the other detection modules and the security event data collection module for acquiring external detection information; and the data analysis and decision module comprises a security strategy template base, a data mining analysis module, a security strategy formulation module, a security strategy storage module, a security strategy transmission module and a security strategy interface module.

Description

technical field [0001] The invention relates to the technical field of virtualization, in particular to an SDN-based security policy self-adaptive generation management system and method. Background technique [0002] The emergence of SDN (Software Defined Networking) has realized the flexible management and control of the network. Through the separation of network forwarding and control, the flexible and programmable network control is achieved, which meets the demand for flexible network changes according to application changes. SDN-based network policy management can be converted into specific control commands through the application software in the SDN application layer, and sent to the actual equipment of the network infrastructure to realize the management and control of the actual equipment. [0003] Based on the flexibility of the SDN control module, various network controls can be realized: for example, after receiving and sending buffer overflow traffic, the SDN sw...

AI Technical Summary

Problems solved by technology

[0006] 2) The existing policy management methods lack policy management related to network security;

[0007] 3), most of the existing policy management methods are one method for one control method, lack of unified management for multiple strategies at the same time;

[0008] 4) The existing policy control method cannot be combined with the security situation information in the cloud environment for self-adaptive adjustment, and lacks the function of linkage with security devices for on-demand protection

Images