Unlock instant, AI-driven research and patent intelligence for your innovation.

Attack surface protection method and system for virtual micro-isolation network

A virtual network and network technology, applied in the field of network security, can solve the problems of lack of control methods for traffic data, lack of dynamic deployment of security protection strategies, etc.

Inactive Publication Date: 2020-06-02
武汉思普崚技术有限公司
View PDF6 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The purpose of the present invention is to provide a method and system for protecting the attack surface of a virtual micro-isolated network, which solves the lack of control methods for traffic data between massive virtual machines in the prior art and the lack of dynamic deployment security protection strategies. Technical Issues in Detecting Attack Surfaces in

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Attack surface protection method and system for virtual micro-isolation network
  • Attack surface protection method and system for virtual micro-isolation network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0042] The preferred embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings, so that the advantages and features of the present invention can be more easily understood by those skilled in the art, so as to define the protection scope of the present invention more clearly.

[0043] figure 1 A flow chart of the attack surface protection method of the virtual micro-isolated network provided by this application, the method includes:

[0044] Obtain traffic data in the distributed virtual network, use the OpenFlow protocol to collect traffic statistics, analyze and extract feature vectors and flow entries in the traffic data, and obtain each virtual machine in the distributed virtual network according to the association relationship of the flow entries communication relationship;

[0045] Before obtaining the communication relationship of each virtual machine in the distributed virtual network, it also includes obtainin...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides an attack surface protection method and system for a virtual micro-isolation network. The method comprises the following steps: collecting, analyzing and extracting feature vectors and flow table entries in traffic data by using an OpenFlow protocol; obtaining a communication relationship between virtual machines in a distributed virtual environment, carrying out micro-isolation grouping on the virtual machines by using clustering processing; verifying whether a network attack behavior exists between the virtual machines in the communication relationship or not; dynamically deploying a security protection strategy for micro-isolation grouping of the virtual machine according to a verification result; checking data fragments through each virtual machine, extracting available attack vectors, analyzing whether the data fragments are abnormal or not, and whether a plurality of abnormal data fragments are logically associated or not, thereby determining and labeling abnormal points and adjusting a security protection strategy of related micro-isolation groups.

Description

technical field [0001] The present application relates to the technical field of network security, in particular to an attack surface protection method and system for a virtual micro-isolated network. Background technique [0002] Now it is more and more common to use virtualization technology to build data centers, which brings new security issues. In a virtualized network environment, a large amount of traffic data is forwarded through virtual switches instead of firewalls, making traditional security protection measures ineffective. The communication flow between virtual machines becomes uncontrollable, and the threats of internal virtual machines cannot be detected or controlled. There are a large number of virtual machines in a distributed virtual environment. How to dynamically deploy security protection policies is also a technical problem that needs to be solved urgently. [0003] At the same time, the current network communication is facing more and more hidden sec...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/0272H04L63/1416H04L63/1441H04L63/205
Inventor 段彬
Owner 武汉思普崚技术有限公司