CN104717212A - Protection method and system for cloud virtual network security - Google Patents
Protection method and system for cloud virtual network security Download PDFInfo
- Publication number
- CN104717212A CN104717212A CN201510094249.8A CN201510094249A CN104717212A CN 104717212 A CN104717212 A CN 104717212A CN 201510094249 A CN201510094249 A CN 201510094249A CN 104717212 A CN104717212 A CN 104717212A
- Authority
- CN
- China
- Prior art keywords
- virtual network
- host computer
- fictitious host
- package
- cloud virtual
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 238000005516 engineering process Methods 0.000 claims abstract description 7
- 238000004458 analytical method Methods 0.000 claims description 28
- 230000008569 process Effects 0.000 claims description 28
- 230000005540 biological transmission Effects 0.000 claims description 5
- 238000012546 transfer Methods 0.000 claims description 5
- 238000004891 communication Methods 0.000 abstract description 6
- 230000000903 blocking effect Effects 0.000 abstract 1
- 230000006870 function Effects 0.000 description 8
- 238000004590 computer program Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 238000012545 processing Methods 0.000 description 5
- 230000008520 organization Effects 0.000 description 4
- 230000008859 change Effects 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 241000931705 Cicada Species 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
Abstract
The invention discloses a protection method and a system for cloud virtual network security, wherein the method comprises the following steps: a cloud virtual network security module is added in a cloud virtual network controller, legal virtual machine IP addresses, MAC addresses and virtual network resources allowed by a cloud virtual resource management and control system are obtained through the API and the cloud virtual resource management and control system to interface with a security protection function, when virtual hosts are in network communication, the virtual network is monitored in a centralized mode through an OpenFlow technology, packets are analyzed dynamically, and malicious packet blocking rules are automatically sent to a cloud virtual exchanger after ARP (address resolution protocol) counterfeiting attack, IP counterfeiting attack and MAC counterfeiting attack are distinguished, so that the security of the virtual host network is protected.
Description
Technical field
The present invention relates to the communications field, particularly relate to a kind of means of defence and system of cloud virtual network security.
Background technology
At present, protection Internet Protocol address (Internet Protocol Address, IP) forgery attack and media access control address (Media Access Control Address, MAC) forgery attack is the protection relying on the Internet entities network equipment management and control and operating system level.
But under prior art, complex steps cannot elasticity management and control, and effectively cannot differentiate the source of forgery attack; And the firewall tool of general entity host only can protect the safety method of single main frame, and high in the clouds platform bottom fire compartment wall is set, only can protects self high in the clouds platform virtual network, to such an extent as to effectively cannot protect the safety of overall virtual network.
Summary of the invention
The object of the invention is the virtual network security module being arranged at cloud virtual network controller; centralization can monitor fictitious host computer network traffics and stop malicious attack; for the fictitious host computer on the platform of high in the clouds provides network security protection, and adopt software type protection module can reduce high in the clouds plateform system construction cost.
The concrete technical scheme that the embodiment of the present invention provides is as follows:
A guard system for cloud virtual network security, comprising:
One cloud virtual resource managing and control system, for transmitting legal fictitious host computer data through a security application Program Interfaces;
This security application Program Interfaces, for by taking to comprise state transfer application programming interface Restful API keyholed back plate one cloud virtual network security module, these fictitious host computer data of transmission security;
This cloud virtual network security module, for being media access control address MAC forgery attack, Internet Protocol address IP forgery attack and the ARP forgery attack between this fictitious host computer data protection fictitious host computer;
One cloud virtual platform, comprises cloud virtual interchanger, for receiving the data that dispatch module is transmitted.
Wherein, cloud virtual network security module, wherein separately comprises:
Fictitious host computer data module, for storing these legal fictitious host computer data that this cloud virtual resource managing and control system allows;
MAC forges Protection Analysis module, for these fictitious host computer data according to this fictitious host computer data module, and analyzing virtual network traffics, and protect the MAC forgery attack between fictitious host computer;
IP forges Protection Analysis module, for these fictitious host computer data according to this fictitious host computer data module, and analyzing virtual network traffics, and protect the IP forgery attack between fictitious host computer;
ARP forges Protection Analysis module, for these fictitious host computer data according to this fictitious host computer data module, and analyzing virtual network traffics, and protect the ARP forgery attack between fictitious host computer;
Dispatch module, for stopping rule through procotol OpenFlow technology via being dispatched into cloud virtual interchanger by malice package.
A means of defence for cloud virtual network security, comprising:
Receive network package;
Doing other packet type, is package three type be categorized as beyond Internet Protocol address IP package, ARP package and IP and ARP;
When this IP package process, sequentially will judge that whether virtual network interface resource is correct, whether IP address is correct, whether MAC Address is correct, all as correctly if sequentially judge, then terminate to judge, represent safety, if but when appearing as no in arbitrary judgement, then directly enter and send malice package with charge free and stop in rule and process;
When this ARP package process, whether correctly sequentially will judge that whether virtual network interface resource is correct, whether MAC Address is correct, ARP sends information, all as correctly if sequentially judge, then terminate to judge, represent safety, if but when appearing as no in arbitrary judgement, then directly enter and send malice package with charge free and stop in rule and process;
During package process beyond this IP and ARP, sequentially will judge that whether virtual network interface resource is correct, whether MAC Address is correct, all as correctly if sequentially judge, then terminate to judge, represent safety, if but when appearing as no in arbitrary judgement, then directly enter and send malice package with charge free and stop in rule and process;
After this sends malice package stop rule with charge free, then terminate to judge.
Accompanying drawing explanation
Fig. 1 is the means of defence of cloud virtual network security of the present invention and the Organization Chart of system;
Fig. 2 is the means of defence of cloud virtual network security of the present invention and the cloud virtual network security module Organization Chart of system;
Fig. 3 is the means of defence of cloud virtual network security of the present invention and the virtual network flow dynamics flow chart of system.
Embodiment
In order to make object of the present invention, technical scheme and advantage clearly understand, below in conjunction with drawings and Examples, the present invention is further elaborated.Should be appreciated that specific embodiment described herein only in order to explain the present invention, but be not intended to limit the present invention.
Below, the present invention is further described by reference to the accompanying drawings:
Consult shown in Fig. 1, for the Organization Chart of virtual network security protection system in high in the clouds in the embodiment of the present invention, cloud virtual resource managing and control system 100 controls security protection system function through calling security application Program Interfaces 110, and transmit the legal virtual machine IP address of cloud virtual resource managing and control system 100 permission, MAC Address and virtual network resource are to cloud virtual network security module 120, then when 150 network communication of cloud virtual main frame, network package dynamic analysis is carried out according to legal cloud virtual main frame 150 data, and stop that malice forges the transmission of package, to prevent MAC forgery attack, IP forgery attack, address resolution protocol (AddressResolutionProtocol, ARP) harm of forgery attack and its attack extension, network security between protection cloud virtual platform 140 and cloud virtual main frame 150.
Consult shown in Fig. 2, for the cloud virtual network security module Organization Chart of cloud virtual network security protection system of the present invention, comprise cloud virtual platform 140, cloud virtual resource managing and control system 100, cloud virtual main frame 150, cloud virtual network controller 130, security application Program Interfaces 110, cloud virtual network security module 120 and cloud virtual interchanger 141, wherein, cloud virtual network security module 120 comprises fictitious host computer data module 121, MAC forges Protection Analysis module 122, IP forges Protection Analysis module 123, ARP forges Protection Analysis module 124 and dispatch module 125, wherein cloud virtual main frame 150 can be Xen high in the clouds platform (XenServer) and Xen high in the clouds platform (Xen Cloud Platform, XCP).
Cloud virtual interchanger 141 arranges cloud virtual platform 140, in order to transmission and the guiding of managing virtual network traffics, the network traffics between fictitious host computer are processed via cloud virtual network controller 130 and cloud virtual network security module 120, and cloud virtual resource managing and control system 100 controls enabling and closedown of security module function through security application Program Interfaces 110, and transmit legal fictitious host computer data to fictitious host computer data module 121, for fictitious host computer provides network safety prevention.
When carrying out network communication behavior between cloud virtual main frame 150, Protection Analysis module 122, IP forgery Protection Analysis module 123 and ARP forgery Protection Analysis module 124 can be forged by Dynamic trigger cloud virtual network security module 120 MAC wherein, according to the legal fictitious host computer data in fictitious host computer data module 121, carry out the analysis of virtual network flow dynamics, in order to stop ARP forgery attack, IP forgery attack and MAC forgery attack.
After the MAC forgery Protection Analysis module 122 of this mechanism, IP forge Protection Analysis module 123 and the process of ARP forgery Protection Analysis module 124, malice package can be produced for malice package content and stop rule, utilize dispatch module 125 through procotol (OpenFlow) by rule down to cloud virtual interchanger 141, protection cloud virtual main frame 150 network.
When high in the clouds platform hacker launches a offensive, assault package will flow through cloud virtual interchanger 141, and transfer to that cloud virtual network controller 130 and cloud virtual network security module 120 are unified to be controlled package and flow to, and cloud virtual network security module 120 will carry out Analysis and judgments according to dissimilar package and carry out that MAC forges Protection Analysis, IP forges after Protection Analysis and ARP forge Protection Analysis, send malice package with charge free via dispatch module 125 and stop that rule is to cloud virtual interchanger 141, stop that hackers is attacked.
Cloud virtual resource managing and control system 100 comprises state transfer application programming interface (Representational State Transfer through security application Program Interfaces 110, Restful API) control cloud virtual network security module 120, the legal virtual machine IP address allowed is transmitted when opening protection function function, MAC Address and virtual network resource are to the fictitious host computer data module 121 of cloud virtual network security module 120, when cloud virtual main frame 150 carries out network communication, cloud virtual network controller 130 receives virtual network flow package through the network control technology of OpenFlow procotol, and trigger MAC forgery Protection Analysis module 122, IP forges Protection Analysis module 123 and ARP forgery Protection Analysis module 124 is analyzed,
Referring to shown in Fig. 3, is the virtual network flow dynamics flow chart of cloud virtual network security protection system of the present invention, as follows in detail:
Step S310: receive network package;
Step S320: packet type, is categorized as package three type beyond IP package, ARP package and IP and ARP;
The process of step S330:IP package, when the process of IP package, sequentially will judge that whether S331 virtual network interface resource is correct, whether S332IP address is correct, whether S333MAC address is correct, all as correctly if sequentially judge, then terminate to judge, represent safety, if but when appearing as no (incorrect) in arbitrary judgement, then directly enter S360 and send with charge free in malice package stop rule;
The process of step S340:ARP package, when the process of ARP package, whether correctly sequentially will judge that whether S341 virtual network interface resource is correct, whether S342MAC address is correct, S343ARP sends information, all as correctly if sequentially judge, then terminate to judge, represent safety, if but when appearing as no (incorrect) in arbitrary judgement, then directly enter S360 and send with charge free in malice package stop rule;
Package process beyond step S350:IP and ARP, during package process beyond IP and ARP, sequentially will judge that whether S351 virtual network interface resource is correct, whether S352MAC address is correct, all as correctly if sequentially judge, then terminate to judge, represent safety, if but when appearing as no (incorrect) in arbitrary judgement, then directly enter S360 and send with charge free in malice package stop rule;
Step S360: after above-mentioned S360 sends malice package stop rule with charge free, then terminate to judge.
From above-mentioned steps, carry out processing for dissimilar package respectively and distinguish whether packet information is forged, MAC forges Protection Analysis module can according to legal virtual network interface resource and MAC Address, dynamic analysis virtual network flow, and protects the MAC forgery attack between fictitious host computer, IP forges Protection Analysis module and according to legal virtual network interface resource, IP address and MAC Address, can analyze and protect IP forgery attack, ARP forges Protection Analysis module can according to legal virtual network interface resource, ARP deep layer packet information and MAC Address, analyze and protect ARP forgery attack, when being judged as that malice forges package, malice package can be stopped rule is through dispatch module, the cloud virtual interchanger of cloud virtual platform is dispatched into based on OpenFlow technology, cloud virtual interchanger then can via the flow defined (flow) table as the foundation judging package transmission data path, the package being considered as harm is abandoned, fictitious host computer is avoided to be attacked, promote high in the clouds platform virtual network fail safe.
And cloud virtual resource managing and control system through security application Program Interfaces Restful API for close safeguard function time, transmit the fictitious host computer data module of fictitious host computer data to cloud virtual network security module of protection stopping, then do not protected when then fictitious host computer carries out network communication, make system operator can flexibly management and control cloud virtual network security.
Those skilled in the art should understand, embodiments of the invention can be provided as method, system or computer program.Therefore, the present invention can adopt the form of complete hardware embodiment, completely software implementation or the embodiment in conjunction with software and hardware aspect.And the present invention can adopt in one or more form wherein including the upper computer program implemented of computer-usable storage medium (including but not limited to magnetic disc store, CD-ROM, optical memory etc.) of computer usable program code.
The present invention describes with reference to according to the flow chart of the method for the embodiment of the present invention, equipment (system) and computer program and/or block diagram.Should understand can by the combination of the flow process in each flow process in computer program instructions realization flow figure and/or block diagram and/or square frame and flow chart and/or block diagram and/or square frame.These computer program instructions can being provided to the processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing device to produce a machine, making the instruction performed by the processor of computer or other programmable data processing device produce device for realizing the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.
These computer program instructions also can be stored in can in the computer-readable memory that works in a specific way of vectoring computer or other programmable data processing device, the instruction making to be stored in this computer-readable memory produces the manufacture comprising command device, and this command device realizes the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.
These computer program instructions also can be loaded in computer or other programmable data processing device, make on computer or other programmable devices, to perform sequence of operations step to produce computer implemented process, thus the instruction performed on computer or other programmable devices is provided for the step realizing the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.
Although describe the preferred embodiments of the present invention, those skilled in the art once obtain the basic creative concept of cicada, then can make other change and amendment to these embodiments.So claims are intended to be interpreted as comprising preferred embodiment and falling into all changes and the amendment of the scope of the invention.
Obviously, those skilled in the art can carry out various change and modification to the embodiment of the present invention and not depart from the spirit and scope of the embodiment of the present invention.Like this, if these amendments of the embodiment of the present invention and modification belong within the scope of the claims in the present invention and equivalent technologies thereof, then the present invention is also intended to comprise these change and modification.
Claims (3)
1. a guard system for cloud virtual network security, is characterized in that, described system comprises:
One cloud virtual resource managing and control system, for transmitting legal fictitious host computer data through a security application Program Interfaces;
This security application Program Interfaces, for by taking to comprise state transfer application programming interface Restful API keyholed back plate one cloud virtual network security module, these fictitious host computer data of transmission security;
This cloud virtual network security module, for being media access control address MAC forgery attack, Internet Protocol address IP forgery attack and the ARP forgery attack between this fictitious host computer data protection fictitious host computer;
One cloud virtual platform, comprises cloud virtual interchanger, for receiving the data that dispatch module is transmitted.
2. the system as claimed in claim 1, is characterized in that, this cloud virtual network security module, comprises further:
Fictitious host computer data module, for storing these legal fictitious host computer data that this cloud virtual resource managing and control system allows;
MAC forges Protection Analysis module, for these fictitious host computer data according to this fictitious host computer data module, and analyzing virtual network traffics, and protect the MAC forgery attack between fictitious host computer;
IP forges Protection Analysis module, for these fictitious host computer data according to this fictitious host computer data module, and analyzing virtual network traffics, and protect the IP forgery attack between fictitious host computer;
ARP forges Protection Analysis module, for these fictitious host computer data according to this fictitious host computer data module, and analyzing virtual network traffics, and protect the ARP forgery attack between fictitious host computer;
Dispatch module, for stopping rule through procotol OpenFlow technology via being dispatched into cloud virtual interchanger by malice package.
3. a means of defence for cloud virtual network security, is characterized in that, described method comprises:
Receive network package;
Doing other packet type, is package three type be categorized as beyond Internet Protocol address IP package, ARP package and IP and ARP;
When this IP package process, sequentially will judge that whether virtual network interface resource is correct, whether IP address is correct, whether MAC Address is correct, all as correctly if sequentially judge, then terminate to judge, represent safety, if but when appearing as no in arbitrary judgement, then directly enter and send malice package with charge free and stop in rule and process;
When this ARP package process, whether correctly sequentially will judge that whether virtual network interface resource is correct, whether MAC Address is correct, ARP sends information, all as correctly if sequentially judge, then terminate to judge, represent safety, if but when appearing as no in arbitrary judgement, then directly enter and send malice package with charge free and stop in rule and process;
During package process beyond this IP and ARP, sequentially will judge that whether virtual network interface resource is correct, whether MAC Address is correct, all as correctly if sequentially judge, then terminate to judge, represent safety, if but when appearing as no in arbitrary judgement, then directly enter and send malice package with charge free and stop in rule and process; After above-mentioned this sends malice package stop rule with charge free, then terminate to judge.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW103136238 | 2014-10-21 | ||
| TW103136238A TWI520002B (en) | 2014-10-21 | 2014-10-21 | Protection Method and System of Cloud Virtual Network Security |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104717212A true CN104717212A (en) | 2015-06-17 |
| CN104717212B CN104717212B (en) | 2018-05-11 |
Family
ID=53416175
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510094249.8A Expired - Fee Related CN104717212B (en) | 2014-10-21 | 2015-03-03 | Protection method and system for cloud virtual network security |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN104717212B (en) |
| TW (1) | TWI520002B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107634953A (en) * | 2017-09-22 | 2018-01-26 | 国云科技股份有限公司 | A kind of method for preventing capacitor network ARP from cheating |
| CN107818595A (en) * | 2017-04-13 | 2018-03-20 | 政治大学 | Wearable Instant Interaction System |
| CN110362992A (en) * | 2018-03-26 | 2019-10-22 | 江格 | Based on the method and apparatus for stopping in the environment of cloud or detecting computer attack |
| CN110932925A (en) * | 2019-10-31 | 2020-03-27 | 苏州浪潮智能科技有限公司 | Method and system for testing stability of server BMC (baseboard management controller) network |
| CN112346823A (en) * | 2021-01-07 | 2021-02-09 | 广东睿江云计算股份有限公司 | Cloud host data protection method and system |
| CN114221928A (en) * | 2021-11-05 | 2022-03-22 | 济南浪潮数据技术有限公司 | Method, system, device and storage medium for defending IP conflict of management network |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI728901B (en) * | 2020-08-20 | 2021-05-21 | 台眾電腦股份有限公司 | Network connection blocking method with dual-mode switching |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110072487A1 (en) * | 2009-09-23 | 2011-03-24 | Computer Associates Think, Inc. | System, Method, and Software for Providing Access Control Enforcement Capabilities in Cloud Computing Systems |
| CN103500305A (en) * | 2013-09-04 | 2014-01-08 | 中国航天科工集团第二研究院七〇六所 | System and method for malicious code analysis based on cloud computing |
| TW201405325A (en) * | 2012-07-31 | 2014-02-01 | Chunghwa Telecom Co Ltd | Automatic encryption and decryption system for cloud files |
| CN103595826A (en) * | 2013-11-01 | 2014-02-19 | 国云科技股份有限公司 | Method for preventing IP and MAC of virtual machine from being faked |
| CN103916376A (en) * | 2013-01-09 | 2014-07-09 | 台达电子工业股份有限公司 | Cloud system with attract defending mechanism and defending method thereof |
-
2014
- 2014-10-21 TW TW103136238A patent/TWI520002B/en not_active IP Right Cessation
-
2015
- 2015-03-03 CN CN201510094249.8A patent/CN104717212B/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110072487A1 (en) * | 2009-09-23 | 2011-03-24 | Computer Associates Think, Inc. | System, Method, and Software for Providing Access Control Enforcement Capabilities in Cloud Computing Systems |
| TW201405325A (en) * | 2012-07-31 | 2014-02-01 | Chunghwa Telecom Co Ltd | Automatic encryption and decryption system for cloud files |
| CN103916376A (en) * | 2013-01-09 | 2014-07-09 | 台达电子工业股份有限公司 | Cloud system with attract defending mechanism and defending method thereof |
| CN103500305A (en) * | 2013-09-04 | 2014-01-08 | 中国航天科工集团第二研究院七〇六所 | System and method for malicious code analysis based on cloud computing |
| CN103595826A (en) * | 2013-11-01 | 2014-02-19 | 国云科技股份有限公司 | Method for preventing IP and MAC of virtual machine from being faked |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107818595A (en) * | 2017-04-13 | 2018-03-20 | 政治大学 | Wearable Instant Interaction System |
| CN107634953A (en) * | 2017-09-22 | 2018-01-26 | 国云科技股份有限公司 | A kind of method for preventing capacitor network ARP from cheating |
| CN110362992A (en) * | 2018-03-26 | 2019-10-22 | 江格 | Based on the method and apparatus for stopping in the environment of cloud or detecting computer attack |
| CN110362992B (en) * | 2018-03-26 | 2021-06-08 | 江格 | Method and apparatus for blocking or detecting computer attacks in cloud-based environment |
| CN110932925A (en) * | 2019-10-31 | 2020-03-27 | 苏州浪潮智能科技有限公司 | Method and system for testing stability of server BMC (baseboard management controller) network |
| CN112346823A (en) * | 2021-01-07 | 2021-02-09 | 广东睿江云计算股份有限公司 | Cloud host data protection method and system |
| CN114221928A (en) * | 2021-11-05 | 2022-03-22 | 济南浪潮数据技术有限公司 | Method, system, device and storage medium for defending IP conflict of management network |
Also Published As
| Publication number | Publication date |
|---|---|
| TW201616386A (en) | 2016-05-01 |
| TWI520002B (en) | 2016-02-01 |
| CN104717212B (en) | 2018-05-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104717212A (en) | Protection method and system for cloud virtual network security | |
| US8782771B2 (en) | Real-time industrial firewall | |
| US11750455B2 (en) | Secure configuration of cloud computing nodes | |
| CN110784361A (en) | Virtualized cloud honey network deployment method, device, system and computer-readable storage medium | |
| CN105337986B (en) | Credible protocol conversion method and system | |
| CN104769606A (en) | System and method for providing a secure computational environment | |
| CN103870749B (en) | A kind of safety monitoring system and method for realizing dummy machine system | |
| CN114244560B (en) | Flow processing method and device, electronic equipment and storage medium | |
| CN104253820A (en) | Software defined network safety control system and control method | |
| CN103051605A (en) | Data packet processing method, device and system | |
| CN114257413B (en) | Reaction blocking method and device based on application container engine and computer equipment | |
| CN105429953A (en) | Method, device and system used for accessing websites | |
| CN103457948A (en) | Industrial control system and safety device thereof | |
| CN105447385B (en) | A kind of applied database honey jar detected at many levels realizes system and method | |
| CN104994094A (en) | Virtualization platform safety protection method, device and system based on virtual switch | |
| CN103701822A (en) | Access control method | |
| CN105429975B (en) | A kind of data safety system of defense, method and cloud terminal security system based on cloud terminal | |
| CN107800723A (en) | CC attack guarding methods and equipment | |
| CN101854359A (en) | Access control method based on virtualized calculation | |
| CN104811507A (en) | IP address acquiring method and IP address acquiring device | |
| CN110099041A (en) | A kind of Internet of Things means of defence and equipment, system | |
| KR101592323B1 (en) | System and method for remote server recovery | |
| CN105812338A (en) | Data access management and control method and network management equipment | |
| CN102769703A (en) | Mobile phone terminal and firewall monitoring method | |
| CN105827615A (en) | Optimization method for preventing DDoS (distributed denial of service) attacks by using SmartRack server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20180511 Termination date: 20210303 |