A method of active defense against Trojan horses based on virtual environment
An active defense and virtual environment technology, applied in the field of network security, can solve problems such as server-side attacks
Active Publication Date: 2019-06-18
ZHEJIANG UNIV
View PDF4 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0010] 7. Limit file sharing with the network outside the firewall;
The fundamental problems that lead to this situation are: first, before the server is directly exposed to attacks, the client can directly connect to the server; second, the server must passively accept a large number of attacks, and a large amount of resources are used to process attack requests
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0031] The purpose and effects of the present invention will become more apparent by describing the present invention in detail below with reference to the accompanying drawings.
[0032] Such as figure 1 and figure 2 Shown, the active defense Trojan method of the present invention based on virtual environment comprises the following steps:
[0033] 1. The construction of the virtual controller, this step mainly includes the following two situations:
[0034] (1) During system initialization or operation, a virtual controller is automatically constructed: C={c i |i=1,2,…,n}, where n is the number of virtual controllers to be constructed, c i is the i-th virtual controller;
[0035] (2) During operation, when all virtual controllers c i The amount of tasks in the work queue is greater than the threshold Task max , to automatically create a new virtual controller c i+1 . Threshold Task max It can be determined freely according to the actual situation, for example, it c...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses an active Trojan horse defense method based on a virtual environment. According to the method, based on the existing DDoS defense base, a virtual controller is firstly added between a client and a server side which thus is directly exposed in front of the client. The request of the client is mapped to the virtual controller from the original direct access to the server side, the virtual controller performs behavior detection based on the existing detection technology, and the detection result determines that whether the client has the right to access the server side. If the virtual controller determines that the request is a DDoS attack behavior, the request of the client cannot reach the server side, and thereby the security of the server side is effectively protected. Meanwhile, the virtual controller has the self-establishing and destroying capability which ensures that the virtual controller has very strong resource virtualization capability, thus the DDoS attack can be effectively resisted.
Description
technical field [0001] The invention relates to the technical field of network security, in particular to a DDoS active defense method based on a virtual controller. Background technique [0002] With the prosperity of the Internet, network intrusion incidents occur frequently, and various attack methods emerge in an endless stream. Among them, denial of service attack (DoS) has become the most common network attack because of its wide attack range, strong concealment, simple and effective, destructive and difficult to defend. One of the methods greatly affects the effective services of the network and the host system, especially the distributed denial of service attack DDoS, which has a long incubation period, a high degree of attack concurrency, stronger concealment, and greater destructiveness, which seriously threatens the security of the Internet. [0003] Currently, common methods for defending against DDoS attacks include: [0004] 1. Ensure that all servers use the ...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06G06F9/455
CPCG06F9/45533H04L63/12H04L63/1416H04L63/1458
Inventor 吴春明陈双喜
Owner ZHEJIANG UNIV