CN102916940A - Method and system for realizing network safety of cloud data center - Google Patents
Method and system for realizing network safety of cloud data center Download PDFInfo
- Publication number
- CN102916940A CN102916940A CN2012103502299A CN201210350229A CN102916940A CN 102916940 A CN102916940 A CN 102916940A CN 2012103502299 A CN2012103502299 A CN 2012103502299A CN 201210350229 A CN201210350229 A CN 201210350229A CN 102916940 A CN102916940 A CN 102916940A
- Authority
- CN
- China
- Prior art keywords
- network
- performance index
- data center
- cloud data
- network performance
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention provides a method and a system for realizing the network safety of a cloudy data center. The method comprises the following steps: detecting abnormal information in a safety factor pointed in the cloud data center network; utilizing the prediction of an expert system on the abnormal information or reasoning a corresponding solution. Through the port scanning, the network performance evaluation and application progress monitor, the potential risk and the security leakage of the cloud data center can be found; a solution can be provided for customers intelligently by means of a network safety generating system designed through a manual intelligent technology, thereby the safety of network environment of the cloud data center is largely improved.
Description
Technical field
The present invention relates to computer application field, be specifically related to a kind of method and system that realize cloud data center network safety.
Background technology
Development along with Information technology, cloud computing progressively becomes the Hot spots for development of industry, and the cloud computing service platform of domestic and international all big enterprises also begins to put into one after another a plurality of fields such as science, education, culture, health, government, high-performance calculation, ecommerce, Internet of Things to be used.
In cloud data center, it is essential that the network environment of safety is not only, and become the prerequisite of enterprise's success.Hacker attacks, data tampering, network environment are destroyed, and will the whole production and operating activities of enterprise be had an immense impact on.
Summary of the invention
The technical problem to be solved in the present invention provides a kind of method and system that realize cloud data center network safety, to solve intelligently potential unusual of cloud data center network.
In order to solve the problems of the technologies described above, the invention provides a kind of method that realizes cloud data center network safety, comprising:
Abnormal information in the detection cloud data center network in the safety factor of appointment;
Utilize expert system for described abnormal information prediction or infer corresponding solution.
Further, said method also has following characteristics: the abnormal information in the described detection cloud data center network in the safety factor of appointment comprise following one or more:
The open port of scanning destination host detects unusual port information;
Obtain network performance index and/or the predict future network performance index constantly of current time, detect the network performance index that surpasses the setting threshold scope;
Obtain application process information and/or the predict future application process information constantly moved on the given server, detect unusual application process information.
Further, said method also has following characteristics: the open port of described scanning destination host comprises:
Scan the open port of destination host by transmission control protocol contiguous function Port Scanning Technology.
Further, said method also has following characteristics:
The described network performance index that obtains current time obtains with Simple Network Management Protocol,
Described predict future network performance index is constantly predicted by Etta's gold prediction algorithm.
Further, said method also has following characteristics:
Described predict future application process information is constantly predicted by Etta's gold prediction algorithm.
In order to address the above problem, the present invention also provides a kind of system that realizes cloud data center network safety, comprising:
The first module, the abnormal information in the detection cloud data center network in the safety factor of appointment;
The second module is used for utilizing expert system for described abnormal information prediction or infers corresponding solution.
Further, said system also has following characteristics: described the first module comprises following one or more unit:
First module is used for the open port of scanning destination host, detects unusual port information;
Second unit for the network performance index that obtains current time and/or predict future network performance index constantly, detects the network performance index that surpasses the setting threshold scope;
Unit the 3rd is used for obtaining application process information and/or the predict future application process information constantly moved on the given server, detects unusual application process information.
Further, said system also has following characteristics:
Described first module, concrete being used for scanned the open port of destination host by transmission control protocol contiguous function Port Scanning Technology.
Further, said system also has following characteristics:
Described second unit is the network performance index that obtains current time with Simple Network Management Protocol, is to come predict future network performance index constantly by Etta's gold prediction algorithm.
Further, said system also has following characteristics:
Described Unit the 3rd is to come predict future application process information constantly by Etta's gold prediction algorithm.
To sum up, the invention provides a kind of method and system that realize cloud data center network safety, at first utilize scanning tools to collect the details of destination host or network for the hacker, and then leak or the tender spots of discovery goal systems, then according to the position of tender spots, describe the network intrusions process of launching attack in detail, pass through TCP, potential hazard and the security breaches of cloud data center are found in network performance evaluation and application process monitoring, and provide solution by the network security production system by artificial intelligence technology design for client intelligent, greatly improved the fail safe of cloud data center network environment.
Description of drawings
Fig. 1 is a kind of flow chart of realizing the method for cloud data center network safety of the embodiment of the invention;
Fig. 2 is expert system structure figure;
Fig. 3 is the schematic diagram of system of the realization cloud data center network safety of the embodiment of the invention.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, hereinafter in connection with accompanying drawing embodiments of the invention are elaborated.Need to prove, in the situation that do not conflict, the embodiment among the application and the feature among the embodiment be combination in any mutually.
Fig. 1 is a kind of flow chart of realizing the method for cloud data center network safety of the embodiment of the invention, and as shown in Figure 1, the method for the present embodiment comprises:
Abnormal information in S10, the detection cloud data center network in the safety factor of appointment;
S20, utilize expert system for the prediction of described abnormal information or infer corresponding solution.
Wherein, step S10 comprises following one or more situations:
A: the open port of scanning destination host, detect unusual port information;
At first obtain the information such as network interface card, the machine IP, subnet mask, the IP scope of cloud data lan hub is tried to achieve in calculating, the host ip scope, the range of port number that arrange according to the user carry out TCP connect () (transmission control protocol contiguous function) scanning, by comparing common protocol port tabulation, the suspicious port information that main frame is open is transferred to expert system and is solved.The connect () system call of directly using operating system to provide is connected to judge its open state with the port of destination host, and is simple, quick at a high speed.
B: network performance evaluation, namely to the quantitatively evaluating of cloud data center network device security performance.Obtain network performance index and/or the predict future network performance index constantly of current time, detect the network performance index that surpasses the setting threshold scope.
At first use SNMP (Simple Network Management Protocol, Simple Network Management Protocol), by accessing total MIB (Management Information Base, management information bank), obtain each network equipment (server network interface card, switch, router) performance index constantly, comprise: packet loss, Packet Error Rate, bandwidth availability ratio, flow, transmission rate etc., then use Etta's gold prediction algorithm that the moment in future network performance index is predicted.Current time or the following unusual network performance index information that constantly surpasses the setting threshold scope are submitted to expert system to be solved.
Etta's gold prediction algorithm is as follows:
Take moment t as independent variable, network performance index y is dependent variable, and the define grid performance function is with several (such as 10) historical juncture t
iAnd corresponding performance sample value y
iSubstitution Etta gold interpolation table is as follows:
t
0?a
0,0(y
0)
t
1?a
1,0(y
1) a
1,1
t
2?a
2,0(y
2) a
2,1 a
2,2
……?……
t
m-1?a
m-1,0(y
m-1)a
m-1,1?a
m-1,2…a
m-1,m-1
Wherein, first two columns is that m is to historical sample value, i.e. a
I, 0=y
i=y (t
i), i=0,1 ..., m-1, each row of residue can be calculated by Etta's gold interpolation formula:
That is:
Calculate line by line, the element of trying to achieve at last the lower right corner in Etta's gold interpolation table is the future constantly predicted value of t, i.e. y (t)=a
M-1, m-1
The snmp protocol that use is widely used in various servers, storage and the network equipment obtains the property indices of the network equipment, has applicability, real-time, agility.In addition, by Etta's gold interpolative prediction algorithm the moment in future network performance index is predicted, the high order Interpolation Process is converted into the repeatedly double counting of linear interpolation, calculating simplicity, time complexity be low, be convenient to programming, take memory space little, predict the outcome accurately.
C: be the monitoring to cloud data center software environment: obtain application process information and/or the predict future application process information constantly moved on the given server, detect unusual application process information.
At first, use snmp protocol, obtain the application process information of moving on the given server, comprise process name, memory location, committed memory size, running status etc.Then, process title and process blacklist are compared, find system vulnerability, the service that safety verification is not tight, illegal third party software or progress information, report expert system.At last, according to the Etta gold prediction algorithm identical with previous step the situation of the moment in future process committed memory is predicted, the progress information of long-time a large amount of occupying system resources is transferred to expert system solve.
Use the snmp protocol that generally is applicable to the operating systems such as Linux, Windows, obtain the application process information of moving on the given server, and by rule match, in time find illegal process and suspicious process, have universality, promptness, intelligent, high efficiency.
For the expert system in the present embodiment, as shown in Figure 2, at first invite Internet security expert's Joint Designing knowledge base, be used for depositing the knowledge rule with solving network security problem, knowledge rule adopts the formal representation of " if (prerequisite); so (result) ", such as " if process name=Trojan.exe, so kills process " etc.Then the design synthesis database is used for storing the worldwide fact of Solve problems and asserting.Inference engine of expert system in the embodiment of the invention adopts the forward reasoning control strategy, by seeking prerequisite with true in the database or asserting the rule that is complementary, pick out corresponding solution, for the client provides solution, have authority, intelligent, scientific.
The embodiment of the invention considers the each side factor of network environment, carries out security evaluation.Traditional cloud data center network management software is just enumerated every network environment situation (such as open-ended degree, packet loss, Packet Error Rate, transmission rate, bandwidth etc.) one by one.Although these data have shown the security situation of network to a certain extent, for the client of non-IT specialty, they are difficult to find the unusual part of system in the middle of these complicated data, let alone to solve unusually.The method of the present embodiment is carried out comprehensive assessment with the each side safety factor of network environment, notes abnormalities, for the client provides instruction.
Traditional network performance index Forecasting Methodology adopt nearest neighbor algorithm, weighted mean method or spline-fit method to predict, or accuracy is too low, or time complexity is too high, can't satisfy the requirement of cloud computing system.Etta's gold prediction algorithm is converted into the high order Interpolation Process the repeatedly double counting of linear interpolation, and time complexity is low, and calculating simplicity is convenient to programming, takies memory space little, predicts the outcome accurately.In addition, because the prediction accuracy of Etta's gold prediction algorithm is only determined by the mode of choosing of sample point, selecting the segmentation of sample point more is that number meticulous, sample point is more, then predicted value is just more for accurate, so can choose mode by selecting different sample points, satisfy the demand of various cloud data center, have higher universality.
The present embodiment is introduced artificial intelligence technology.Traditional computer program just order is carried out instruction, and expert system then has diverse architecture.By with the knowledge of network safety filed, think deeply and the method for dealing with problems by rights (form of knowledge rule) be stored in the computer, native system can carry out reasoning the control counterdie apery class expert of inference machine, for the client provides solution, have intelligent, authoritative and scientific.
Fig. 3 is the schematic diagram of system of the realization cloud data center network safety of the embodiment of the invention, and as shown in Figure 3, the system of the present embodiment comprises:
The first module, the abnormal information in the detection cloud data center network in the safety factor of appointment;
The second module is used for utilizing expert system for described abnormal information prediction or infers corresponding solution.
Wherein, described the first module comprises following one or more unit:
First module is used for the open port of scanning destination host, detects unusual port information;
Second unit for the network performance index that obtains current time and/or predict future network performance index constantly, detects the network performance index that surpasses the setting threshold scope;
Unit the 3rd is used for obtaining application process information and/or the predict future application process information constantly moved on the given server, detects unusual application process information.
Described first module, concrete being used for scanned the open port of destination host by transmission control protocol contiguous function Port Scanning Technology.
Described second unit is the network performance index that obtains current time with Simple Network Management Protocol, is to come predict future network performance index constantly by Etta's gold prediction algorithm.
Described Unit the 3rd is to come predict future application process information constantly by Etta's gold prediction algorithm.
One of ordinary skill in the art will appreciate that all or part of step in the said method can come the instruction related hardware to finish by program, described program can be stored in the computer-readable recording medium, such as read-only memory, disk or CD etc.Alternatively, all or part of step of above-described embodiment also can realize with one or more integrated circuits.Correspondingly, each the module/unit in above-described embodiment can adopt the form of hardware to realize, also can adopt the form of software function module to realize.The present invention is not restricted to the combination of the hardware and software of any particular form.
Below only be the preferred embodiments of the present invention; certainly; the present invention also can have other various embodiments; in the situation that do not deviate from spirit of the present invention and essence thereof; those of ordinary skill in the art work as can make according to the present invention various corresponding changes and distortion, but these corresponding changes and distortion all should belong to the protection range of the appended claim of the present invention.
Claims (10)
1. method that realizes cloud data center network safety comprises:
Abnormal information in the detection cloud data center network in the safety factor of appointment;
Utilize expert system for described abnormal information prediction or infer corresponding solution.
2. the method for claim 1 is characterized in that: the abnormal information in the described detection cloud data center network in the safety factor of appointment comprise following one or more:
The open port of scanning destination host detects unusual port information;
Obtain network performance index and/or the predict future network performance index constantly of current time, detect the network performance index that surpasses the setting threshold scope;
Obtain application process information and/or the predict future application process information constantly moved on the given server, detect unusual application process information.
3. method as claimed in claim 2 is characterized in that: the open port of described scanning destination host comprises:
Scan the open port of destination host by transmission control protocol contiguous function Port Scanning Technology.
4. method as claimed in claim 2 is characterized in that:
The described network performance index that obtains current time obtains with Simple Network Management Protocol,
Described predict future network performance index is constantly predicted by Etta's gold prediction algorithm.
5. method as claimed in claim 2 is characterized in that:
Described predict future application process information is constantly predicted by Etta's gold prediction algorithm.
6. system that realizes cloud data center network safety comprises:
The first module, the abnormal information in the detection cloud data center network in the safety factor of appointment;
The second module is used for utilizing expert system for described abnormal information prediction or infers corresponding solution.
7. system as claimed in claim 6, it is characterized in that: described the first module comprises following one or more unit:
First module is used for the open port of scanning destination host, detects unusual port information;
Second unit for the network performance index that obtains current time and/or predict future network performance index constantly, detects the network performance index that surpasses the setting threshold scope;
Unit the 3rd is used for obtaining application process information and/or the predict future application process information constantly moved on the given server, detects unusual application process information.
8. system as claimed in claim 7 is characterized in that:
Described first module, concrete being used for scanned the open port of destination host by transmission control protocol contiguous function Port Scanning Technology.
9. system as claimed in claim 7 is characterized in that:
Described second unit is the network performance index that obtains current time with Simple Network Management Protocol, is to come predict future network performance index constantly by Etta's gold prediction algorithm.
10. system as claimed in claim 7 is characterized in that:
Described Unit the 3rd is to come predict future application process information constantly by Etta's gold prediction algorithm.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012103502299A CN102916940A (en) | 2012-09-19 | 2012-09-19 | Method and system for realizing network safety of cloud data center |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012103502299A CN102916940A (en) | 2012-09-19 | 2012-09-19 | Method and system for realizing network safety of cloud data center |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102916940A true CN102916940A (en) | 2013-02-06 |
Family
ID=47615174
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012103502299A Pending CN102916940A (en) | 2012-09-19 | 2012-09-19 | Method and system for realizing network safety of cloud data center |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102916940A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105184886A (en) * | 2015-09-01 | 2015-12-23 | 浪潮集团有限公司 | Cloud data center intelligence inspection system and cloud data center intelligence inspection method |
| CN107515820A (en) * | 2016-06-17 | 2017-12-26 | 阿里巴巴集团控股有限公司 | Monitoring server method and device, detection service device |
| CN108243216A (en) * | 2016-12-26 | 2018-07-03 | 华为技术有限公司 | Method, end side equipment, cloud side apparatus and the end cloud cooperative system of data processing |
| CN109544743A (en) * | 2018-11-20 | 2019-03-29 | 国网山东省电力公司济宁供电公司 | A kind of recognition of face access system based on intelligent machine room data center |
| CN112883383A (en) * | 2021-03-04 | 2021-06-01 | 北京明略昭辉科技有限公司 | Vulnerability security defense method and system and computer equipment |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1725705A (en) * | 2005-05-09 | 2006-01-25 | 杭州华为三康技术有限公司 | Method for detecting flow attacking message characteristic of network equipment |
| CN101329564A (en) * | 2008-07-25 | 2008-12-24 | 北京劲源信科技有限公司 | Computer room management system |
| CN101719842A (en) * | 2009-11-20 | 2010-06-02 | 中国科学院软件研究所 | Cloud computing environment-based distributed network security pre-warning method |
| CN102111420A (en) * | 2011-03-16 | 2011-06-29 | 上海电机学院 | Intelligent NIPS framework based on dynamic cloud/fire wall linkage |
| CN102123149A (en) * | 2011-03-04 | 2011-07-13 | 哈尔滨工程大学 | Service-oriented large-scale network security situational assessment device and method |
| CN102185709A (en) * | 2011-04-22 | 2011-09-14 | 赛特斯网络科技(南京)有限责任公司 | Integrated network quality of service assurance and management system |
| CN102291390A (en) * | 2011-07-14 | 2011-12-21 | 南京邮电大学 | Method for defending against denial of service attack based on cloud computation platform |
| CN102387163A (en) * | 2011-12-16 | 2012-03-21 | 穆成坡 | Network server defense method based on risk balance |
-
2012
- 2012-09-19 CN CN2012103502299A patent/CN102916940A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1725705A (en) * | 2005-05-09 | 2006-01-25 | 杭州华为三康技术有限公司 | Method for detecting flow attacking message characteristic of network equipment |
| CN101329564A (en) * | 2008-07-25 | 2008-12-24 | 北京劲源信科技有限公司 | Computer room management system |
| CN101719842A (en) * | 2009-11-20 | 2010-06-02 | 中国科学院软件研究所 | Cloud computing environment-based distributed network security pre-warning method |
| CN102123149A (en) * | 2011-03-04 | 2011-07-13 | 哈尔滨工程大学 | Service-oriented large-scale network security situational assessment device and method |
| CN102111420A (en) * | 2011-03-16 | 2011-06-29 | 上海电机学院 | Intelligent NIPS framework based on dynamic cloud/fire wall linkage |
| CN102185709A (en) * | 2011-04-22 | 2011-09-14 | 赛特斯网络科技(南京)有限责任公司 | Integrated network quality of service assurance and management system |
| CN102291390A (en) * | 2011-07-14 | 2011-12-21 | 南京邮电大学 | Method for defending against denial of service attack based on cloud computation platform |
| CN102387163A (en) * | 2011-12-16 | 2012-03-21 | 穆成坡 | Network server defense method based on risk balance |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105184886A (en) * | 2015-09-01 | 2015-12-23 | 浪潮集团有限公司 | Cloud data center intelligence inspection system and cloud data center intelligence inspection method |
| CN107515820A (en) * | 2016-06-17 | 2017-12-26 | 阿里巴巴集团控股有限公司 | Monitoring server method and device, detection service device |
| CN107515820B (en) * | 2016-06-17 | 2021-02-05 | 阿里巴巴集团控股有限公司 | Server monitoring method and device and detection server |
| CN108243216A (en) * | 2016-12-26 | 2018-07-03 | 华为技术有限公司 | Method, end side equipment, cloud side apparatus and the end cloud cooperative system of data processing |
| WO2018121282A1 (en) * | 2016-12-26 | 2018-07-05 | 华为技术有限公司 | Data processing method, end device, cloud device, and end-cloud collaboration system |
| CN108243216B (en) * | 2016-12-26 | 2020-02-14 | 华为技术有限公司 | Data processing method, end-side device, cloud-side device and end cloud cooperative system |
| US11861499B2 (en) | 2016-12-26 | 2024-01-02 | Huawei Technologies Co., Ltd. | Method, terminal-side device, and cloud-side device for data processing and terminal-cloud collaboration system |
| CN109544743A (en) * | 2018-11-20 | 2019-03-29 | 国网山东省电力公司济宁供电公司 | A kind of recognition of face access system based on intelligent machine room data center |
| CN112883383A (en) * | 2021-03-04 | 2021-06-01 | 北京明略昭辉科技有限公司 | Vulnerability security defense method and system and computer equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Kumar et al. | A Distributed framework for detecting DDoS attacks in smart contract‐based Blockchain‐IoT Systems by leveraging Fog computing | |
| US11637853B2 (en) | Operational network risk mitigation system and method | |
| US20220210200A1 (en) | Ai-driven defensive cybersecurity strategy analysis and recommendation system | |
| JP6378395B2 (en) | Use of DNS requests and host agents for path exploration and anomaly / change detection and network status recognition for anomaly subgraph detection | |
| Wang et al. | An attack graph-based probabilistic security metric | |
| Jajodia et al. | Topological vulnerability analysis: A powerful new approach for network attack prevention, detection, and response | |
| Kotenko et al. | The ontology of metrics for security evaluation and decision support in SIEM systems | |
| CN103152345A (en) | Network safety optimum attacking and defending decision method for attacking and defending game | |
| Ou et al. | Quantitative security risk assessment of enterprise networks | |
| Alkasassbeh | A novel hybrid method for network anomaly detection based on traffic prediction and change point detection | |
| CN102916940A (en) | Method and system for realizing network safety of cloud data center | |
| Hu et al. | Security metric methods for network multistep attacks using AMC and big data correlation analysis | |
| CN114915476A (en) | Attack deduction graph generation method and system based on network security evaluation process | |
| Cipriano et al. | Nexat: A history-based approach to predict attacker actions | |
| Wu et al. | Risk assessment method for cybersecurity of cyber-physical systems based on inter-dependency of vulnerabilities | |
| Vieira et al. | Autonomic intrusion detection system in cloud computing with big data | |
| Hadar et al. | Cyber digital twin simulator for automatic gathering and prioritization of security controls’ requirements | |
| Lin et al. | Dynamic network security situation prediction based on bayesian attack graph and big data | |
| CN107347064A (en) | Cloud computing platform Tendency Prediction method based on neural network algorithm | |
| Musa et al. | Analysis of complex networks for security issues using attack graph | |
| Simmons et al. | ADAPT: a game inspired attack-defense and performance metric taxonomy | |
| Grottke et al. | On the efficiency of sampling and countermeasures to critical-infrastructure-targeted malware campaigns | |
| Sallhammar et al. | A framework for predicting security and dependability measures in real-time | |
| Palekar et al. | IoT authentication model with optimized deep Q network for attack detection and mitigation | |
| Privalov et al. | Graph-based evaluation of probability of disclosing the network structure by targeted attacks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20130206 |