Firewall based on intrusion detection system feedback in cloud environment and implementation method thereof

A technology of intrusion detection system and implementation method, applied in the direction of transmission system, electrical components, etc., can solve problems such as difficult to infer impact, unable to monitor internal host state or event, reduce, etc., achieve flexible detection, flexible attack, and reduce response delay Effect

Inactive Publication Date: 2019-12-13
NANJING UNIV
View PDF6 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

NIDS leads the visibility of network-based intrusion detection systems and significantly reduces the ability to monitor internal host status or events and must gather all information from network traffic to and from the host
Limited visibility gives attackers more room to manipulate IDS monitoring. Attackers can also purposefully craft network traffic, making it difficult to infer or extrapolate its impact on hosts

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Firewall based on intrusion detection system feedback in cloud environment and implementation method thereof
  • Firewall based on intrusion detection system feedback in cloud environment and implementation method thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0052] The technical solutions provided by the present invention will be described in detail below in conjunction with specific examples. It should be understood that the following specific embodiments are only used to illustrate the present invention and are not intended to limit the scope of the present invention. In addition, the steps shown in the flow diagrams of the figures may be performed in a computer system, such as a set of computer-executable instructions, and, although a logical order is shown in the flow diagrams, in some cases, the sequence may be different. The steps shown or described are performed in the order herein.

[0053] There are many researches on virtualization monitoring, which can be divided into two categories: internal monitoring and external monitoring. Firewall design based on intrusion detection system feedback in cloud environment is mainly aimed at external monitoring and blocking external network attacks on internal cloud platforms.

[0054...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a firewall based on intrusion detection system feedback in a cloud environment and an implementation method thereof. The firewall comprises a firewall part and an IDS part. Thefirewall part filters the network data for the first time according to a filtering rule; the IDS part further filters the data passing through the firewall and screens the data based on an IDS filtering rule; and a filtering strategy of the firewall part is updated through feedback information of the IDS part in the system. A firewall and an intrusion detection system (IDS) are combined, interlocking is implemented through the IDS and the firewall, attack defense is divided into two parts, and defense work is naturally divided into two parts. The firewall part is used for coarse-grained defense, the IDS part is used for fine-grained analysis of grouping information, double-layer defense is more effective and accurate, defense attacks are separated from a cloud service server, the qualityof cloud services is not affected, and the response delay of the cloud services is reduced; and an IDS-based feedback change rule is adopted, so that attacks can be flexibly detected.

Description

technical field [0001] The invention belongs to the technical field of cloud environment and firewall, and relates to a firewall based on feedback from an intrusion detection system in a cloud environment and an implementation method thereof. Background technique [0002] With the rapid development of cloud computing, more and more cloud computing companies have begun to pay attention to the importance of cloud security. As a part of cloud security, "how to defend against attacks from the Internet" is becoming a hot topic. While discussing this topic, we need to build a system that monitors network traffic through physical network cards, analyzes it, and classifies different types of network protocols. Based on the feedback from the IDS, the rules of the firewall are updated. With the help of IDS, the effectiveness of the firewall becomes better. The cloud system architecture consists of five parts: consumers, cloud service providers, cloud brokers, auditors and cloud ope...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/02H04L63/0236H04L63/0263H04L63/1441
Inventor 伏晓马啸雨骆斌
Owner NANJING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap