Flow attack defense system based on SDN cloud security function service tree model

A technology of security functions and defense systems, applied in the network field, to solve problems such as insufficient security guarantees for interactions

Inactive Publication Date: 2019-04-12
SUN YAT SEN UNIV
View PDF6 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] With the rapid development of cloud computing and virtualization, more and more governments and enterprises reduce costs and improve business flexibility by deploying their servers in the cloud, but this also brings a series of new problems and challenges
With the disintegration of traditional network security boundaries, the interaction between various cloud services carried by hosts is not sufficiently secure, and the security isolation between various cloud services still needs to be paid attention to

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Flow attack defense system based on SDN cloud security function service tree model

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0021] Such as figure 1 As shown, a traffic attack defense system based on the SDN cloud security function service tree model, including cloud security resource management module 2, cloud security resource scheduling module 4, security function service tree policy customization module 3, security function service chain path customization module 5 and the global security data monitoring module 1;

[0022] According to the user's own security requirements for the current network situation, by calling the security function service chain path customization module 5 and the security function service tree policy customization module 3, the user completes the customization of the cloud security service tree model that meets his own security requirements, and then the system calls the update The underlying cloud security resource management module 2 and cloud security resource scheduling module 4 complete the deployment and scheduling of the underlying virtual machines of the system, ...

Embodiment 2

[0024] In this embodiment, the cloud security resource management module 2 uses KVM technology in the cloud environment to realize the virtualization of general server computing resources to generate a virtual machine resource pool, and uses NFV technology to integrate firewalls, load balancers, deep packet analysis, Various types of network security functions such as intrusion detection / defense and coarse-grained attack detection run on a general-purpose VM, and various security functions implemented on a general-purpose VM can be freely combined and matched according to user needs, thereby achieving flexible Security function service chain orchestration policy.

[0025] As a preferred embodiment, the cloud security resource scheduling module 4 includes a virtual machine scheduling module 8 and a traffic scheduling module 9, and the virtual machine scheduling module 8 implements deployment and scheduling of VMs across data centers, and solves Hot migration problem; the traffi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a flow attack defense system based on an SDN cloud security service tree model. The system comprises a cloud security resource management module, a cloud security resource scheduling module, a security service tree policy customization module, a security service chain path customization module and a global security data monitoring module. By utilizing the flexibility of separation of a data plane and a control plane of an SDN, and easy extensibility provided by a virtual cloud environment, a cloud security service tree framework model is built. Flow to be detected is guided into an entry of a cloud security service tree; deep packet analysis of coarse granularity is carried out at the entry; if the flow is normal flow, the flow is rapidly forwarded to a destinationreceiver; and if the flow is abnormal flow, the flow is introduced into security service chains of subsequent tree branches to carry out fine granularity detection and processing. By utilizing massivecloud security resources and flexible resource scheduling, various granularities of network flow attacks of unknown types are detected and an attack elimination strategy capable of being flexibly customized is provided.

Description

technical field [0001] The present invention relates to the field of network technology, and more specifically, relates to a traffic attack defense system that implements a cloud security service tree model on an SDN network. Background technique [0002] With the rapid development of cloud computing and virtualization, more and more governments and enterprises reduce costs and improve business flexibility by deploying their servers in the cloud, but this also brings a series of new problems and challenge. With the collapse of traditional network security boundaries, the interaction between various cloud services carried by host machines is not sufficiently secure, and the security isolation between various cloud services still needs to be paid attention to. Furthermore, the security requirements required by each tenant and each business are also different. The security situation of a more complex cloud computing environment urgently requires an overall solution capable of...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/24
CPCH04L41/00H04L63/1416H04L63/1425H04L63/1441H04L63/20
Inventor 余顺争罗经伦
Owner SUN YAT SEN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap