Security service chain dynamic arrangement device

Abstract

The invention discloses a security service chain dynamic arrangement device, and relates to the technical field of network security. The device comprises a flow classification module, a security function virtual machine management module, a lightweight virtual security resource management platform, a network management module and a flow table generation module. The flow classification module is used for generating a flow classification result flow table; the security function virtual machine management module performs management operation on the security function virtual machine; the lightweight virtual security resource management platform realizes operations of creating, starting, deleting and the like of the security function virtual machine; the network management module realizes network configuration of the security function virtual machine; the flow table generation module is used for generating a flow traction flow table. According to the invention, through a security function service chain mode, differentiated security protection capabilities can be provided for different flows according to security requirements and network states, fine-grained, definable and diversified security protection ways are provided for the network. The method has the broad application prospect.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a security service chain dynamic orchestration device. Background technique [0002] Existing network security protection measures include multi-layer security protection equipment such as host security, network security, application security, and security management, realizing the improvement from single-device protection to in-depth security defense capabilities for the entire network. However, there is still a certain gap in dealing with high-intensity confrontation under the conditions of future informationized warfare. Mainly manifested in the following aspects: [0003] (1) The static and passive border security protection system is the main one. Once the existing security protection equipment is installed and deployed, it will be in a static state, lacking the ability to continuously upgrade, dynamically maintain security policies, and dynamically deploy and adju...

AI Technical Summary

Problems solved by technology

[0003] (1) The static and passive border security protection system is the main one. Once the existing security protection equipment is installed and deployed, it will be in a static state, lacking the ability to continuously upgrade, dynamically maintain security policies, and dynamically deploy and adjust security functions on demand in complex network environments;

[0004] (2) The management and control interfaces of safety protection equipment are not unified, which adds a lot of inconvenience for operators to use and configure safety protection equipment

[0008] However, there is still a lack of technology that can meet the above needs in the prior art

Images