CN103929413A - Method and device for preventing cloud network from being attacked - Google Patents
Method and device for preventing cloud network from being attacked Download PDFInfo
- Publication number
- CN103929413A CN103929413A CN201310700435.2A CN201310700435A CN103929413A CN 103929413 A CN103929413 A CN 103929413A CN 201310700435 A CN201310700435 A CN 201310700435A CN 103929413 A CN103929413 A CN 103929413A
- Authority
- CN
- China
- Prior art keywords
- network
- attack
- virtual unit
- isolated
- monitoring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a method and device for preventing a cloud network from being attacked. The method includes the steps that a server monitors virtual equipment so as to master the safe state of the virtual equipment; the server confirms that the monitored virtual equipment is attacked and evaluates the attack type; the server isolates a risk network according to the attack type. Furthermore, the device comprises a monitoring unit used for monitoring the virtual equipment so as to master the safe state of the virtual equipment, an evaluation unit used for confirming that the virtual equipment is attacked and evaluating the attack type and an isolation unit used for isolating the risk network according to the attack type so as to prevent the cloud network from being attacked. According to the method and device for preventing the cloud network from being attacked, the virtual equipment is monitored in real time, the safe state of the virtual equipment is evaluated, isolation measures are conducted on the virtual equipment according to the evaluation type, the effect that the network is isolated in time when the network is attacked is achieved, the number of attacked equipment is reduced, and therefore losses are reduced to the minimum.
Description
Technical field
The invention belongs to computer network communication technology field, be specifically related to a kind of cloud network and prevent method under attack and device.
Background technology
After virtual unit on network is under attack, conventionally can produce infection effect.The leak of the virtual unit on a Cloud Server is all often identical, in the time that discovering network is under attack, virus that now virtual unit on Cloud Server is all infected, now the unique remedial measure that can carry out is that recovery system and data manipulation are restarted in suspension, then carries out system reparation according to the infection conditions being subject to.Once go wrong, will cause data degradation like this, and restarting equipment to recover can only be also to reduce as far as possible.How to reduce the infected degree of virtual unit and be only deal with problems basic, in the time that a virtual unit is under attack, if other equipment can be carried out to safe isolation, can greatly reduce so the loss causing due to network attack.
Therefore, be necessary to propose a kind of cloud network and prevent method under attack and device, the probability that makes equipment be subject to network attack drops to minimum, carrys out in this way protecting network equipment.
Summary of the invention
The object of this invention is to provide a kind of cloud network and prevent method under attack and device, by timely virtual unit under attack and cloud network are isolated, reduce cloud equipment in network quantity under attack, occur that with the equipment overcoming in prior art medium cloud network a certain virtual unit attacked, collective suffers infected defect.
According to an aspect of the present invention, provide a kind of cloud network to prevent method under attack, comprising: server monitoring virtual unit, to grasp its safe condition; Server determines that the virtual unit of monitoring is under attack, assessment attack type; Server is isolated dangerous network according to attack type, under attack to prevent cloud network.
Wherein, also comprise: in the time that the virtual unit of monitoring only exists system vulnerability, server only proposes safe early warning.
Wherein, described attack type comprises: suffer network attack and suffer virus infections.
Wherein, described server is isolated dangerous network according to attack type, comprising: if virtual unit suffers network attack, the network of attack source and cloud network are disconnected; If virtual unit suffers virus infections, will in the network of viral source and cloud network, exist virtual unit under fire to isolate, and the virtual unit having infected is isolated.
Wherein, described method further comprises: for carried out after isolated operation by network attack, the network of described attack source is carried out, after software fire prevention, being again connected into network.
Wherein, described method further comprises: for carried out after isolated operation by virus infections, the network of described viral source and the virtual unit infecting are carried out, after software virus killing, being again connected into network.
Wherein, after described system vulnerability is repaired, stop sending safe early warning.
According to another aspect of the present invention, provide a kind of cloud network to prevent device under attack, comprising: monitoring unit, for monitoring virtual unit, to grasp its safe condition; Assessment unit, determines that the virtual unit of monitoring is under attack, assessment attack type; Isolated location, isolates dangerous network according to attack type, under attack to prevent cloud network.
Wherein, also comprise: prewarning unit, in the time that the virtual unit of monitoring only exists system vulnerability, proposes safe early warning.
Wherein, describedly according to attack type, dangerous network is isolated, comprising: if virtual unit suffers network attack, the network of attack source and cloud network are disconnected; If virtual unit suffers virus infections, will in the network of viral source and cloud network, exist virtual unit under fire to isolate, and the virtual unit having infected is isolated.
A kind of cloud network according to the present invention prevents method under attack and device, by real-time monitoring virtual unit, and the safe condition of virtual unit is assessed, according to evaluation type, virtual unit is taked to quarantine measures, realize in the time that network is under attack, in time network is isolated, reduced equipment quantity under attack, thereby loss has been dropped to minimum.
Brief description of the drawings
Fig. 1 has shown that the cloud network of the embodiment of the present invention prevents the schematic diagram of method under attack;
Fig. 2 has shown that the cloud network of the embodiment of the present invention prevents the flow chart of method under attack;
Fig. 3 has shown the flow chart of the method that virtual unit is isolated of the embodiment of the present invention;
Fig. 4 has shown that the cloud network of the embodiment of the present invention prevents the block diagram of device under attack.
Embodiment
For making object of the present invention, technical method and advantage more cheer and bright, below in conjunction with embodiment and with reference to accompanying drawing, the present invention is described in more detail.Should be appreciated that, these descriptions are exemplary, and do not really want to limit the scope of the invention.In addition, in the following description, omitted the description to known features and technology, to avoid unnecessarily obscuring concept of the present invention.
Fig. 1 has shown that the cloud network of the embodiment of the present invention prevents the schematic diagram of method under attack.
As shown in Figure 1, on the cloud webserver, dispose thousands of virtual units, each user assignment can carry out fail-safe software configuration to virtual unit independently after virtual unit, fail-safe software now and security patch situation are not identical, because some patch and fail-safe software can affect the speed of service of virtual unit, so not all client can carry out the renewal of patch and software, will have like this safety problem in various degree.
The cloud webserver is monitored the safe condition of each virtual unit, and the safe condition of virtual unit is assessed, server is according to the assessment result of virtual unit safe condition, virtual unit is taked to quarantine measures, after attacking releasing, just cancel isolation, with minimizing equipment quantity under attack, avoid cloud network to need suspension to restart the loaded down with trivial details step such as recovery system and data manipulation.
Fig. 2 has shown that the cloud network of the embodiment of the present invention prevents the flow chart of method under attack.
As shown in Figure 2, the cloud network of the embodiment of the present invention prevents method under attack, comprises the following steps:
Step S1, server monitoring virtual unit, to grasp its safe condition;
Server is monitored in real time to the safe condition of control virtual unit, to grasp the current safe condition of control virtual unit.
Step S2, server determines that the virtual unit of monitoring is under attack, assessment attack type;
Attack type comprises: suffer network attack and suffer virus infections.
Step S3, server is isolated dangerous network according to attack type, under attack to prevent cloud network.
Wherein, server, according to the security state evaluation type of virtual unit, is taked quarantine measures to virtual unit, just cancels isolation, with minimizing equipment quantity under attack after attacking releasing.
Adopt above-mentioned flow process, after virtual unit is under attack, in time virtual unit is taked to quarantine measures, avoided needing suspension to restart the loaded down with trivial details step of recovery system and data manipulation because other equipment is infected the whole cloud network causing, reduced the unnecessary loss of cloud network.
Fig. 3 has shown the flow chart of the method that virtual unit is isolated of the embodiment of the present invention.
As shown in Figure 3, the method that the server of the embodiment of the present invention is isolated virtual unit, comprises the steps:
Step S31, if the virtual unit of server evaluates suffers network attack, server disconnects the network of attack source and cloud network.
In step S31, further, the network of described attack source is carried out, after software fire prevention, being again connected into network.
It should be noted that, in the time of concrete enforcement the technical program, this step S31 and following steps S32 do not have sequencing relation.This step S31 is under attack according to the virtual unit of determining monitoring, assessment attack type is when suffering network attack, the isolated operation of taking, and following steps S32 is under attack according to the virtual unit of determining monitoring, assessment attack type when suffering virus infections, the isolated operation of taking.Two steps are to be triggered by different conditions, therefore there is no sequencing relation.
Step S32, if the virtual unit of server evaluates suffers virus infections, server will exist virtual unit under fire to isolate in the network of viral source and cloud network, and the virtual unit having infected is isolated.
In step S32, further, the network of described viral source and the virtual unit infecting are carried out, after software virus killing, being again connected into network.
In the preferred embodiment of the invention, when the virtual unit of server monitoring exists system vulnerability, but while not finding that this leak is attacked, safe early warning is proposed.After system vulnerability is repaired, server stops sending safe early warning.
The cloud webserver carries out condition monitoring and assessment to the safety of each virtual unit, when virtual unit exists system vulnerability, but while not finding that this leak is attacked, only proposes safe early warning.In the time having a virtual unit under attack on network, this equipment of server evaluates is attacked or is subject to virus infections, just the network of attack source and cloud network is disconnected if under attack; If be infected, just exist virtual unit under fire to isolate on the network of viral source and cloud network, and the virtual unit having infected is also isolated.This isolation method has reduced cloud equipment in network quantity under attack, and the probability that makes equipment be subject to network attack drops to minimumly, has guaranteed the fail safe of the network equipment.
Fig. 4 has shown that the cloud network of the embodiment of the present invention prevents the block diagram of device under attack.
As shown in Figure 4, the cloud network of the embodiment of the present invention prevents device under attack, comprising: monitoring unit, assessment unit and isolated location.
Monitoring unit, for monitoring virtual unit, to grasp its safe condition.
Assessment unit, for determining that the virtual unit of monitoring is under attack and assessing attack type.
Isolated location, isolates dangerous network according to attack type, under attack to prevent cloud network.
Wherein, monitoring unit is monitored the safe condition of each virtual unit, in the time noting abnormalities, whether the virtual unit of being determined monitoring by assessment unit is under attack, and attack type is assessed, isolated location is isolated dangerous network according to attack type, concrete, comprise if virtual unit suffers network attack, the network of attack source and cloud network are disconnected; If virtual unit suffers virus infections, will in the network of viral source and cloud network, exist virtual unit under fire to isolate, and the virtual unit having infected is isolated.
In the preferred embodiment of the invention, cloud network prevents that device under attack from also comprising: prewarning unit.
Prewarning unit, for only having leak when system, but while not finding that this leak is attacked, proposes safe early warning.
As mentioned above, a kind of cloud network according to the present invention prevents method under attack and device, by real-time monitoring virtual unit, and the safe condition of virtual unit is assessed, according to evaluation type, virtual unit is taked to quarantine measures, realized in the time that network is under attack, in time network is isolated, reduce equipment quantity under attack, thereby loss has been dropped to minimum.
Should be understood that, above-mentioned embodiment of the present invention is only for exemplary illustration or explain principle of the present invention, and is not construed as limiting the invention.Therefore any amendment of, making, be equal to replacement, improvement etc., within protection scope of the present invention all should be included in without departing from the spirit and scope of the present invention in the situation that.In addition, claims of the present invention are intended to contain whole variations and the modification in the equivalents that falls into claims scope and border or this scope and border.
Claims (10)
1. cloud network prevents a method under attack, it is characterized in that, comprising:
Server monitoring virtual unit, to grasp its safe condition;
Server determines that the virtual unit of monitoring is under attack, assessment attack type;
Server is isolated dangerous network according to attack type, under attack to prevent cloud network.
2. method according to claim 1, is characterized in that, also comprises: in the time that the virtual unit of monitoring only exists system vulnerability, server only proposes safe early warning.
3. method according to claim 1, is characterized in that, described attack type comprises: suffer network attack and suffer virus infections.
4. method according to claim 3, is characterized in that, described server is isolated dangerous network according to attack type, comprising:
If virtual unit suffers network attack, the network of attack source and cloud network are disconnected;
If virtual unit suffers virus infections, will in the network of viral source and cloud network, exist virtual unit under fire to isolate, and the virtual unit having infected is isolated.
5. method according to claim 4, is characterized in that, described method further comprises: for carried out after isolated operation by network attack, the network of described attack source is carried out, after software fire prevention, being again connected into network.
6. method according to claim 4, is characterized in that, described method further comprises: for carried out after isolated operation by virus infections, the network of described viral source and the virtual unit infecting are carried out, after software virus killing, being again connected into network.
7. method according to claim 2, is characterized in that, after described system vulnerability is repaired, stops sending safe early warning.
8. cloud network prevents a device under attack, it is characterized in that, comprising:
Monitoring unit, for monitoring virtual unit, to grasp its safe condition;
Assessment unit, determines that the virtual unit of monitoring is under attack, assessment attack type;
Isolated location, isolates dangerous network according to attack type, under attack to prevent cloud network.
9. device according to claim 8, is characterized in that, also comprises:
Prewarning unit, in the time that the virtual unit of monitoring only exists system vulnerability, proposes safe early warning.
10. device according to claim 9, is characterized in that, describedly according to attack type, dangerous network is isolated, and comprising:
If virtual unit suffers network attack, the network of attack source and cloud network are disconnected;
If virtual unit suffers virus infections, will in the network of viral source and cloud network, exist virtual unit under fire to isolate, and the virtual unit having infected is isolated.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310700435.2A CN103929413A (en) | 2013-12-16 | 2013-12-16 | Method and device for preventing cloud network from being attacked |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310700435.2A CN103929413A (en) | 2013-12-16 | 2013-12-16 | Method and device for preventing cloud network from being attacked |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103929413A true CN103929413A (en) | 2014-07-16 |
Family
ID=51147492
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310700435.2A Pending CN103929413A (en) | 2013-12-16 | 2013-12-16 | Method and device for preventing cloud network from being attacked |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103929413A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106230815A (en) * | 2016-07-29 | 2016-12-14 | 杭州迪普科技有限公司 | The control method of a kind of alarm log and device |
| CN106856477A (en) * | 2016-12-29 | 2017-06-16 | 北京奇虎科技有限公司 | A kind of threat treating method and apparatus based on LAN |
| CN108183806A (en) * | 2018-02-02 | 2018-06-19 | 浙江财经大学 | A kind of computer network detection device |
| CN109218315A (en) * | 2018-09-20 | 2019-01-15 | 华为技术有限公司 | A kind of method for managing security and security control apparatus |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2005022440A1 (en) * | 2003-08-29 | 2005-03-10 | Trend Micro Incorporated | Network isolation techniques suitable for virus protection |
| CN102244622A (en) * | 2011-07-25 | 2011-11-16 | 北京网御星云信息技术有限公司 | Virtual gateway protection method, virtual security gateway and system for server virtualization |
| CN102255903A (en) * | 2011-07-07 | 2011-11-23 | 广州杰赛科技股份有限公司 | Safety isolation method for virtual network and physical network of cloud computing |
| CN102523215A (en) * | 2011-12-15 | 2012-06-27 | 北京海云捷迅科技有限公司 | Virtual machine (VM) online antivirus system based on KVM virtualization platform |
| CN102571746A (en) * | 2011-11-23 | 2012-07-11 | 西安交通大学 | Virtual machine deployment method oriented to side channel attack defense of cloud computation environment |
| WO2012125392A1 (en) * | 2011-03-11 | 2012-09-20 | Skydesks, Incorporated | Methods and systems for persistent virtual application hosting |
| CN102843385A (en) * | 2012-09-24 | 2012-12-26 | 东南大学 | Method for guarding against side channel attack virtual machine in cloud computing environment |
| CN102855450A (en) * | 2011-06-28 | 2013-01-02 | 上海网技信息技术有限公司 | Method and system for carrying out isolation protection on virtual computation environment |
-
2013
- 2013-12-16 CN CN201310700435.2A patent/CN103929413A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2005022440A1 (en) * | 2003-08-29 | 2005-03-10 | Trend Micro Incorporated | Network isolation techniques suitable for virus protection |
| WO2012125392A1 (en) * | 2011-03-11 | 2012-09-20 | Skydesks, Incorporated | Methods and systems for persistent virtual application hosting |
| CN102855450A (en) * | 2011-06-28 | 2013-01-02 | 上海网技信息技术有限公司 | Method and system for carrying out isolation protection on virtual computation environment |
| CN102255903A (en) * | 2011-07-07 | 2011-11-23 | 广州杰赛科技股份有限公司 | Safety isolation method for virtual network and physical network of cloud computing |
| CN102244622A (en) * | 2011-07-25 | 2011-11-16 | 北京网御星云信息技术有限公司 | Virtual gateway protection method, virtual security gateway and system for server virtualization |
| CN102571746A (en) * | 2011-11-23 | 2012-07-11 | 西安交通大学 | Virtual machine deployment method oriented to side channel attack defense of cloud computation environment |
| CN102523215A (en) * | 2011-12-15 | 2012-06-27 | 北京海云捷迅科技有限公司 | Virtual machine (VM) online antivirus system based on KVM virtualization platform |
| CN102843385A (en) * | 2012-09-24 | 2012-12-26 | 东南大学 | Method for guarding against side channel attack virtual machine in cloud computing environment |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106230815A (en) * | 2016-07-29 | 2016-12-14 | 杭州迪普科技有限公司 | The control method of a kind of alarm log and device |
| CN106230815B (en) * | 2016-07-29 | 2019-05-07 | 杭州迪普科技股份有限公司 | A kind of control method and device of alarm log |
| CN106856477A (en) * | 2016-12-29 | 2017-06-16 | 北京奇虎科技有限公司 | A kind of threat treating method and apparatus based on LAN |
| CN106856477B (en) * | 2016-12-29 | 2020-05-19 | 北京奇虎科技有限公司 | Threat processing method and device based on local area network |
| CN108183806A (en) * | 2018-02-02 | 2018-06-19 | 浙江财经大学 | A kind of computer network detection device |
| CN109218315A (en) * | 2018-09-20 | 2019-01-15 | 华为技术有限公司 | A kind of method for managing security and security control apparatus |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10445272B2 (en) | Network function virtualization architecture with device isolation | |
| CN107395395B (en) | Processing method and device of safety protection system | |
| EP2106085B1 (en) | System and method for securing a network from zero-day vulnerability exploits | |
| CN103929413A (en) | Method and device for preventing cloud network from being attacked | |
| CN109076063A (en) | Protection dynamic and short-term virtual machine instance in cloud environment | |
| CN105493469A (en) | Method, device, and system for monitoring a security network interface unit | |
| JP2013532866A (en) | Hacker virus security integrated management machine | |
| US20150052614A1 (en) | Virtual machine trust isolation in a cloud environment | |
| CN104378387A (en) | Virtual platform information security protection method | |
| US10142365B2 (en) | System and methods for responding to cybersecurity threats | |
| CN102694820B (en) | Processing method of signature rule, server and intrusion defending system | |
| CN103795735B (en) | Safety means, server and server info safety implementation method | |
| CN104392175A (en) | System and method and device for processing cloud application attack behaviors in cloud computing system | |
| US9938019B2 (en) | Systems and methods for detecting a security breach in an aircraft network | |
| CN104219211A (en) | Detection method and detection device for network security in cloud computing network | |
| US20190052669A1 (en) | Biology Based Techniques for Handling Information Security and Privacy | |
| CN107241304B (en) | Method and device for detecting DDoS attack | |
| CN105227559A (en) | The information security management framework that a kind of automatic detection HTTP actively attacks | |
| KR102559568B1 (en) | Apparatus and method for security control in IoT infrastructure environment | |
| CN103593616A (en) | System and method for preventing and controlling USB flash disk viruses in enterprise information network | |
| CN103975331A (en) | Data center infrastructure management system incorporating security for managed infrastructure devices | |
| JP2006040196A (en) | Software monitoring system and monitoring method | |
| US20150248544A1 (en) | Privileged shared account password sanitation | |
| CN104184746B (en) | Method and device for processing data by gateway | |
| CN106899977B (en) | Abnormal flow detection method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20140716 |