Intrusion prevention method applied to cloud virtual network, device, network device and system

A virtual network, intrusion prevention technology, applied in the field of network security, can solve the problems of traffic management, inability to mitigate intrusion, inability to provide intrusion solutions, etc., to achieve the effect of dynamic defense

Inactive Publication Date: 2016-08-17
CHINA MOBILE COMM GRP CO LTD
View PDF3 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] However, there are some problems in the above-mentioned existing proposed solutions, such as: only focusing on traffic management, and the Snort can only perform intrusion detection, and cannot alleviate the occurrence of intrusion, that is, it cannot provide a corresponding comprehensive intrusion solution, etc.
In general, for the cloud virtual network environment, existing technologies cannot provide a complete, flexible and efficient intrusion prevention system

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Intrusion prevention method applied to cloud virtual network, device, network device and system
  • Intrusion prevention method applied to cloud virtual network, device, network device and system
  • Intrusion prevention method applied to cloud virtual network, device, network device and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] In an embodiment of the present invention, the network flow generated by cloud resources is monitored, and the network flow data obtained by monitoring is stored in a log file; when it is determined that the network flow data in the log file matches the Snort rule, an alarm is generated information; analyze the alarm information, generate an OpenFlow rule item according to the analyzed data, and send the OpenFlow rule item to OVS; the OpenFlow rule item is used for OVS to update the flow table.

[0033] The present invention will be described in further detail below in conjunction with the accompanying drawings and specific embodiments.

[0034] figure 1 A flow chart is implemented for the intrusion prevention method in the cloud virtual network described in the embodiment of the present invention, such as figure 1 As shown, the method includes:

[0035] Step 101: Monitor the network traffic generated by cloud resources, and store the monitored network traffic data in...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an intrusion prevention method applied to a cloud virtual network. The method includes the following steps that: network flow generated by cloud resources is monitored, and network flow data obtained through monitoring are stored in a log file; when it is determined that the network flow data in the log file are matched with Snort rules, alarm information is generated; and the alarm information is analyzed, an OpenFlow rule term is generated according to data obtained through analysis, and the OpenFlow rule term is sent to an OVS, wherein the OpenFlow rule term is used for the OVS to update a flow table. The invention also discloses a network device for realizing the method and a system.

Description

technical field [0001] The invention relates to network security technology in a cloud virtual network environment, and in particular to an intrusion prevention method, device, network device and system in a cloud virtual network. Background technique [0002] Traditional intrusion prevention systems (IPS) are suitable for ordinary network environments, but not for cloud virtual network environments. In order to solve this problem, various implementation schemes have been proposed, including: an intrusion prevention system based on the network exchange model OpenFlow and Snort, the system performs the corresponding intrusion detection function by the Snort; the OpenFlow is used to dynamically change flow table, and forward specific packets to a dedicated Snort Intrusion Detection System (IDS) for flow monitoring. [0003] However, there are some problems in the above-mentioned existing proposed solutions, such as: only focusing on traffic management, and the Snort can only ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L29/08H04L12/46H04L12/26
Inventor 陈学波钱海洋
Owner CHINA MOBILE COMM GRP CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap