Safety management method and device based on NFV (Network Function Virtualization)

A security management and security technology, applied in the field of communication network, can solve problems such as complex network architecture

Active Publication Date: 2016-08-10
CHINA UNITED NETWORK COMM GRP CO LTD
View PDF7 Cites 32 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Embodiments of the present invention provide a method and device for security management based on network function virtualization NFV, which are used to provide the security policy required for the entire NFV network, and further solve the problems caused by network protection in units of virtual machines and the like in the prior art. Architecturally complex issues

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Safety management method and device based on NFV (Network Function Virtualization)
  • Safety management method and device based on NFV (Network Function Virtualization)
  • Safety management method and device based on NFV (Network Function Virtualization)

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0035] The NFV-based security management method provided by the embodiment of the present invention may be executed by an NFV-based security management device.

[0036] like Figure 5 As shown, the NFV-based security management method provided by the embodiment of the present invention includes the following steps:

[0037] Step S101: Determine the changed target node in the NFV service network domain.

[0038] During the operation of the NFV network, the network will be changed according to certain requirements. For example, the network operator may add new nodes in the business network domain according to the requirements, or the network operation may change due to failures and other reasons. node. The so-called node can be a certain network element in the service network domain, for example, it can be a VNF, a virtual computing network element in NFVI, a physical computing network element, etc., or a virtual machine in the service network domain (that is, a virtual machine ...

Embodiment 2

[0070] In order to let network managers know the current status of the network, the embodiment of the present invention sends a security alarm prompt to the NFV operation support entity after generating a corresponding security policy. Such as Figure 6 As shown, on the basis of Embodiment 1, after step S104 and before step S105, the method for security management based on network function virtualization NFV provided by the embodiment of the present invention further includes the following steps:

[0071] Step S106: Sending a security warning prompt to the NFV operation support entity (including OSS and BSS).

[0072] Specifically, it sends a security alarm prompt to the OSS in the NFV operation support entity.

[0073] In the method for security management based on network function virtualization NFV provided by the embodiment of the present invention, after the security management device generates a corresponding security policy, it sends a security alarm prompt to the NFV ...

Embodiment 3

[0075] An embodiment of the present invention provides an apparatus for NFV-based security management, which is used to execute the method for NFV-based security management shown in any one of the foregoing embodiments (embodiment 1 or embodiment 2).

[0076] Such as Figure 7 As shown, the NFV-based security management device includes: a data acquisition module, a security monitoring module, and a security orchestration module;

[0077] The data acquisition module 71 is configured to determine the changed target node in the NFV service network domain, and acquire the network data transmitted by the target node, and send the acquired network data to the security monitoring module;

[0078] The security monitoring module 72 is configured to analyze whether there is an unsafe event in the network data acquired by the data acquisition module 71, and if there is an unsafe event, generate a corresponding security policy and send the security policy to the Security orchestration mo...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a safety management method and device based on NFV (Network Function Virtualization), and relates to the technical field of network engineering. The safety management method and device based on the NFV are used for providing a needed security policy for a whole NFV network, so as to solve the problem in the prior art that a network architecture is complex since a virtual machine and so on is used as a unit to carry out protection. The safety management method based on the network function virtualization NFV comprises the following steps: determining a changed target node in an NFV service network domain; acquiring network data transmitted by the target node; analyzing whether an unsafe event exists in the network data, if so, then generating a corresponding security policy; and transmitting the security policy to a functional entity of an NFV management layout domain, so that the functional entity can configure the target node according to the security policy.

Description

technical field [0001] The present invention relates to the technical field of communication networks, in particular to a security management method and device based on network function virtualization (NFV). Background technique [0002] Nowadays, NFV (Network Function Virtualization, network function virtualization) technology has brought about earth-shaking changes in how operators build their own networks and implement new services. It can reduce network construction and operation and maintenance costs, and provide network Advantages such as elastic scalability and shortened network online time. However, in terms of security, NFV still has many threats: more trust domains, more vulnerable to attacks, multi-tenant resource sharing, limited network isolation and other issues. [0003] In order to deal with the security threats in the NFV network, in the existing technology, virtual machines are mostly used as units of protection. If each virtual machine in the NFV network ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/20
Inventor 苗杰赫罡高功应
Owner CHINA UNITED NETWORK COMM GRP CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap