Cloud-based active immune security defense method and device

Abstract

The invention relates to a cloud-based active immune security defense method and device. The method mainly comprises the following steps: an immune library management module establishes a mirror imagevirtual machine system which is completely consistent with an off-cloud instance system in an initial state in cloud; the immune cleaning module pushes the in-cloud mirror image system to the out-of-cloud instance system for replacement, the operation and maintenance instance system and the in-cloud mirror image system are kept completely consistent, and meanwhile, inconsistent heterogeneous software is identified; the immune updating module carries out security upgrading on the in-cloud mirror image system; and the immune agent module operates in a hardware remote guidance state in the cloudexternal instance system, receives a cleaning instruction issued by the cloud immune cleaning module, and executes a cleaning action. According to the invention, high security of the system can be realized, risks of continuous penetration and invasion of advanced threats on a system attack surface exposed in a network environment and an operation environment for a long time are reduced, white lists of abnormal programs such as backdoors, Trojans and the like are identified, the system is periodically restored to an initial state, cloud and terminals are isolated in a one-way manner, and active immunization is realized.

Description

technical field [0001] The invention relates to a system security active defense method and device, in particular to a cloud-based active immune security defense method and device, belonging to the field of information security. Background technique [0002] Currently, security attacks are on the rise. The usual security defense strategy is to build a security system, such as improving the quality of the code to reduce vulnerabilities. Strategies to increase code security by reducing system design or coding errors are often impractical, because the system will come online with vulnerabilities known to developers or that may be generated in the future, and these vulnerabilities are likely to be attacked discovered and utilized. The defender uses various means to reduce system vulnerabilities and improve system security. But for a long time, in the confrontation of network security attack and defense, the attacker has always taken the initiative, while the defender has fa...

AI Technical Summary

Problems solved by technology

[0004] Traditional passive defense methods such as access control, intrusion detection, and anti-virus have been unable to deal with potential attack threats, especially advanced persistent attacks such as Trojan horses and backdoors that have been latent in the system for a long time and wake up at another time

Passive defense methods cannot deal with zero-day vulnerabilities, unknown attacks, and internal attacks. Attackers have enough time to find vulnerabilities and wait for an opportunity to intrude and obtain data

Images