CN104717212B - Protection method and system for cloud virtual network security - Google Patents
Protection method and system for cloud virtual network security Download PDFInfo
- Publication number
- CN104717212B CN104717212B CN201510094249.8A CN201510094249A CN104717212B CN 104717212 B CN104717212 B CN 104717212B CN 201510094249 A CN201510094249 A CN 201510094249A CN 104717212 B CN104717212 B CN 104717212B
- Authority
- CN
- China
- Prior art keywords
- package
- malice
- host computer
- cloud virtual
- fictitious host
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 7
- 238000005516 engineering process Methods 0.000 claims abstract description 7
- 238000004458 analytical method Methods 0.000 claims description 34
- 238000012545 processing Methods 0.000 claims description 13
- 230000005540 biological transmission Effects 0.000 claims description 7
- 238000012546 transfer Methods 0.000 claims description 5
- 238000004891 communication Methods 0.000 abstract description 6
- 230000000903 blocking effect Effects 0.000 abstract 1
- 238000004590 computer program Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 230000004048 modification Effects 0.000 description 5
- 238000012986 modification Methods 0.000 description 5
- 230000008859 change Effects 0.000 description 3
- 230000008520 organization Effects 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000009993 protective function Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a protection method and a system for cloud virtual network security, wherein the method comprises the following steps: a cloud virtual network security module is added in a cloud virtual network controller, legal virtual machine IP addresses, MAC addresses and virtual network resources allowed by a cloud virtual resource management and control system are obtained through the API and the cloud virtual resource management and control system to interface with a security protection function, when virtual hosts are in network communication, the virtual network is monitored in a centralized mode through an OpenFlow technology, packets are analyzed dynamically, and malicious packet blocking rules are automatically sent to a cloud virtual exchanger after ARP (address resolution protocol) counterfeiting attack, IP counterfeiting attack and MAC counterfeiting attack are distinguished, so that the security of the virtual host network is protected.
Description
Technical field
The present invention relates to the communications field, more particularly to a kind of means of defence and system of cloud virtual network security.
Background technology
At present, Internet Protocol address is protected(Internet Protocol Address, IP)Forgery attack and media are visited
Ask control address(Media Access Control Address, MAC)Forgery attack, is to rely on the Internet entities network equipment
Management and control and the protection of operating system level.
However, under the prior art, complex steps can not elastic management and control, and can not effectively differentiate the source of forgery attack;And
The firewall tool of general entity host is only capable of protecting the safety method of single host, and sets high in the clouds platform bottom fire wall,
It is only capable of protecting itself high in the clouds platform virtual network, so that it cannot the effectively safety of the overall virtual network of protection.
The content of the invention
, can centralization monitoring the purpose of the present invention is being arranged at the virtual network security module of cloud virtual network controller
Fictitious host computer network traffics simultaneously stop malicious attack, provide network security protection for the fictitious host computer on the platform of high in the clouds, and use
Software type protection module can reduce high in the clouds plateform system construction cost.
Concrete technical scheme provided in an embodiment of the present invention is as follows:
A kind of guard system of cloud virtual network security, including:
One cloud virtual resource managing and control system, legal for transmission one security application Program Interfaces transmission is virtual
Host data;
The security application Program Interfaces, for including state transfer application programming interface by taking
One cloud virtual network security module of Restful API keyholed back plates, transmits the safe fictitious host computer data;
The cloud virtual network security module, for the media interviews control between the fictitious host computer data protection fictitious host computer
Address MAC forgery attacks, Internet Protocol address IP forgery attacks and Address Resolution Protocol ARP forgery attack processed;
One cloud virtual platform, including cloud virtual exchanger, the data transmitted for receiving dispatch module.
Wherein, cloud virtual network security module, wherein separately including:
Fictitious host computer data module, for storing legal virtual master of cloud virtual resource managing and control system permission
Machine data;
MAC forges Protection Analysis module, for the fictitious host computer data according to the fictitious host computer data module, analysis
Virtual network flow, and protect the MAC forgery attacks between fictitious host computer;
IP forges Protection Analysis module, empty for the fictitious host computer data according to the fictitious host computer data module, analysis
Intend network traffics, and protect the IP forgery attacks between fictitious host computer;
ARP forges Protection Analysis module, empty for the fictitious host computer data according to the fictitious host computer data module, analysis
Intend network traffics, and protect the ARP forgery attacks between fictitious host computer;
Dispatch module, for stopping rule through procotol OpenFlow technologies via being dispatched into high in the clouds malice package
Virtual switch.
A kind of means of defence of cloud virtual network security, including:
Receive network package;
Other packet type is done, is categorized into Internet Protocol address IP packages, Address Resolution Protocol ARP package and IP
With three type of package beyond ARP;
When the IP packages are handled, will sequentially judge whether virtual network interface resource correct, whether IP address correct,
Whether MAC Address is correct, if it is all to be correct sequentially to judge, terminates to judge, safety is represented, if but occurring in any judgement
For it is no when, then be directly entered send with charge free malice package stop rule in handled;
When the ARP packages are handled, will sequentially judge whether virtual network interface resource correct, whether MAC Address correct,
Whether ARP sends information correct, if it is all to be correct sequentially to judge, terminates to judge, represents safely, if but in any judgement
Occur for it is no when, then be directly entered send with charge free malice package stop rule in handled;
When the package processing beyond the IP and ARP, it will sequentially judge whether virtual network interface resource is correct, MAC
Whether location correct, if it is all to be correct sequentially to judge, terminates to judge, represents safety, if but in it is any judge in occur being no
When, then be directly entered send with charge free malice package stop rule in handled;
After this, which sends malice package with charge free, stops rule, then terminate to judge.
Brief description of the drawings
Fig. 1 is the means of defence of cloud virtual network security of the present invention and the Organization Chart of system;
Fig. 2 is the means of defence of cloud virtual network security of the present invention and the cloud virtual network security module framework of system
Figure;
Fig. 3 is the means of defence of cloud virtual network security of the present invention and the virtual network flow dynamics flow chart of system.
Embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, with reference to the accompanying drawings and embodiments, it is right
The present invention is further elaborated.It should be appreciated that specific embodiment described herein is only to explain the present invention, but simultaneously
It is not used in the restriction present invention.
Hereinafter, with reference to attached drawing, the present invention is further described:
As shown in fig.1, be the Organization Chart of virtual network security protection system in high in the clouds in the embodiment of the present invention, cloud virtual
Change resource managing and control system 100 and control security protection system function through calling security application Program Interfaces 110, and transmit cloud
Legal virtual machine IP address, MAC Address and virtual network resource that virtualization resource managing and control system 100 allows are held to cloud virtual
Network security module 120, then when cloud virtual 150 network communication of host, according to legal 150 data of cloud virtual host into
Row network package dynamic analysis, and stop that malice forges the transmission of package, to prevent MAC forgery attacks, IP forgery attacks, address
Analysis protocol(AddressResolutionProtocol, ARP)The harm of forgery attack and its attack extension, protects high in the clouds
Network security between virtual platform 140 and cloud virtual host 150.
As shown in fig.2, the cloud virtual network security module frame for cloud virtual network security protection system of the present invention
Composition, includes cloud virtual platform 140, cloud virtual resource managing and control system 100, cloud virtual host 150, cloud virtual net
Network controller 130, security application Program Interfaces 110, cloud virtual network security module 120 and cloud virtual exchanger
141, wherein, cloud virtual network security module 120 includes fictitious host computer data module 121, MAC forges Protection Analysis module
122nd, IP forges Protection Analysis module 123, ARP forges Protection Analysis module 124 and dispatch module 125, wherein cloud virtual master
Machine 150 can be Xen high in the clouds platform(XenServer)With Xen high in the clouds platform(Xen Cloud Platform, XCP).
Cloud virtual exchanger 141 sets cloud virtual platform 140, to manage the transmission of virtual network flow with leading
To via the network flow between cloud virtual network controller 130 and the processing fictitious host computer of cloud virtual network security module 120
Amount, and cloud virtual resource managing and control system 100 controls opening for security module function through security application Program Interfaces 110
With with closing, and transmit legal fictitious host computer data to fictitious host computer data module 121, network security provided for fictitious host computer
Protection.
, can Dynamic trigger cloud virtual network security module 120 when network communication behavior is carried out between cloud virtual host 150
MAC therein forges Protection Analysis module 122, IP forges Protection Analysis module 123 and ARP forges Protection Analysis module 124, root
According to the legal fictitious host computer data in fictitious host computer data module 121, virtual network flow dynamics analysis is carried out, to stop
ARP forgery attacks, IP forgery attacks and MAC forgery attacks.
The MAC of present mechanism forges Protection Analysis module 122, IP forges Protection Analysis module 123 and ARP forges Protection Analysis
After the processing of module 124, package content generation malice package can be forged for malice and stops rule, is passed through using dispatch module 125
Procotol(OpenFlow)By rule down toward cloud virtual exchanger 141,150 network of protection cloud virtual host.
When high in the clouds platform hacker launches a offensive, hacker attack package will flow through cloud virtual exchanger 141, and transfer to high in the clouds
Virtual Network Controller 130 is uniformly controlled package with cloud virtual network security module 120 and flows to, and cloud virtual network security
Module 120 will be analyzed according to different type package and judged and carry out MAC forge Protection Analysis, IP forge Protection Analysis and
After ARP forges Protection Analysis, send malice package with charge free via dispatch module 125 and stop that rule to cloud virtual exchanger 141, stops
Hackers are attacked.
Cloud virtual resource managing and control system 100 should comprising state transfer through security application Program Interfaces 110
Use Program Interfaces(Representational State Transfer, Restful API)Control cloud virtual network peace
Full module 120, legal virtual machine IP address, MAC Address and the virtual network resource that transmission allows when opening protection function function are extremely
The fictitious host computer data module 121 of cloud virtual network security module 120, when cloud virtual host 150 carries out network communication, cloud
Virtual Network Controller 130 is held to receive virtual network flow package through the network control technology of OpenFlow procotols, and
Triggering MAC forges Protection Analysis module 122, IP forges Protection Analysis module 123 and ARP forges Protection Analysis module 124 and carries out
Analysis,
Refer to shown in Fig. 3, be the virtual network flow dynamics flow of cloud virtual network security protection system of the present invention
Figure, it is as follows in detail:
Step S310:Receive network package;
Step S320:Packet type, three type of package being categorized as beyond IP packages, ARP packages and IP and ARP;
Step S330:The processing of IP packages, when IP packages are handled, will sequentially judge that S331 virtual network interface resources are
Whether no correct, S332 IP address is correct, whether S333 MAC Address is correct, if it is all to be correct sequentially to judge, terminates to sentence
It is disconnected, represents safety, if but in it is any judge in occur as no (incorrect) when, be directly entered S360 and send malice package with charge free and stop
In rule;
Step S340:The processing of ARP packages, when ARP packages are handled, will sequentially judge that S341 virtual network interface resources are
No correct, S342MAC addresses whether correct, S343ARP whether send information correct, if it is all to be correct sequentially to judge, tie
Beam judge, represents safety, if but in it is any judge in appearance as no (incorrect) when, be directly entered S360 and send malice package with charge free
Stop in rule;
Step S350:Package processing beyond IP and ARP, when the package processing beyond IP and ARP, will sequentially judge
Whether S351 virtual network interfaces resource is correct, whether S352MAC addresses are correct, if it is all to be correct sequentially to judge, terminates
Judge, represents safety, if but in it is any judge in occur as no (incorrect) when, be directly entered S360 send with charge free malice package hinder
In gear rule;
Step S360:After above-mentioned S360, which sends malice package with charge free, stops rule, then terminate to judge.
From above-mentioned steps, handled respectively for different type package and distinguish whether packet information is forged,
MAC forges Protection Analysis module can be according to legal virtual network interface resource and MAC Address, dynamic analysis virtual network stream
Amount, and protect the MAC forgery attacks between fictitious host computer;IP forges Protection Analysis module and can be provided according to legal virtual network interface
Source, IP address and MAC Address, analyze and protect IP forgery attacks;ARP forges Protection Analysis module can be according to legal virtual net
Network interface resource, ARP deep layers packet information and MAC Address, analyze and protect ARP forgery attacks, are sealed when being judged as that malice is forged
Bao Shi, can be stopped that rule passes through dispatch module by malice package, the cloud of cloud virtual platform is dispatched into based on OpenFlow technologies
Virtual switch is held, cloud virtual exchanger can be then used as via flow (flow) table defined judges package transmission data road
The foundation in footpath, the package that will be regarded as harm are abandoned, and avoid fictitious host computer from being attacked, and promote high in the clouds platform virtual network
Security.
And cloud virtual resource managing and control system through security application Program Interfaces Restful API be intended to close it is anti-
During protective function, the fictitious host computer data module for protecting the fictitious host computer data of stopping to cloud virtual network security module is transmitted,
Then from protection when then fictitious host computer carries out network communication, make system operator can flexible management and control cloud virtual network security.
It should be understood by those skilled in the art that, the embodiment of the present invention can be provided as method, system or computer program
Product.Therefore, the present invention can use the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware
Apply the form of example.Moreover, the present invention can use the computer for wherein including computer usable program code in one or more
Usable storage medium(Including but not limited to magnetic disk storage, CD-ROM, optical memory etc.)The computer program production of upper implementation
The form of product.
The present invention be with reference to according to the method for the embodiment of the present invention, equipment(System)And the flow of computer program product
Figure and/or block diagram describe.It should be understood that it can be realized by computer program instructions every first-class in flowchart and/or the block diagram
The combination of flow and/or square frame in journey and/or square frame and flowchart and/or the block diagram.These computer programs can be provided
The processors of all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce
A raw machine so that the instruction performed by computer or the processor of other programmable data processing devices, which produces, to be used in fact
The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may also be stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which produces, to be included referring to
Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or
The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted
Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, thus in computer or
The instruction performed on other programmable devices is provided and is used for realization in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in a square frame or multiple square frames.
Although preferred embodiments of the present invention have been described, but those skilled in the art once know basic creation
Property concept, then can make these embodiments other change and modification.So appended claims be intended to be construed to include it is excellent
Select embodiment and fall into all change and modification of the scope of the invention.
Obviously, those skilled in the art can carry out the embodiment of the present invention various modification and variations without departing from this hair
The spirit and scope of bright embodiment.In this way, if these modifications and variations of the embodiment of the present invention belong to the claims in the present invention
And its within the scope of equivalent technologies, then the present invention is also intended to comprising including these modification and variations.
Claims (3)
- A kind of 1. guard system of cloud virtual network security, it is characterised in that the system comprises:One cloud virtual resource managing and control system, for transmitting legal fictitious host computer through a security application Program Interfaces Data;The security application Program Interfaces, for passing through self-contained state transfer application programming interface Restful One cloud virtual network security module of API keyholed back plates, transmits the safe fictitious host computer data;The cloud virtual network security module, for carrying out network package dynamic analysis according to the fictitious host computer data, and stops Malice forges the transmission of package, with protecting media access control address MAC forgery attacks between fictitious host computer, Internet Protocol Location IP forgery attacks and Address Resolution Protocol ARP forgery attack, and the content that package is forged for the malice produces malice package Stop rule;One cloud virtual platform, including cloud virtual exchanger, are transmitted for receiving the cloud virtual network security module The malice package stops rule.
- 2. the system as claimed in claim 1, it is characterised in that the cloud virtual network security module, further comprises:Fictitious host computer data module, for storing legal fictitious host computer number of cloud virtual resource managing and control system permission According to;MAC forges Protection Analysis module, virtual for the fictitious host computer data according to the fictitious host computer data module, analysis Network traffics, and protect the MAC forgery attacks between fictitious host computer;IP forges Protection Analysis module, for the fictitious host computer data according to the fictitious host computer data module, analyzes virtual net Network flow, and protect the IP forgery attacks between fictitious host computer;ARP forges Protection Analysis module, for the fictitious host computer data according to the fictitious host computer data module, analyzes virtual net Network flow, and protect the ARP forgery attacks between fictitious host computer;Dispatch module, for malice package to be stopped, rule is dispatched into cloud virtual through procotol OpenFlow technologies and exchanges Device.
- A kind of 3. means of defence of cloud virtual network security, it is characterised in that the described method includes:Receive network package;Distinguish packet type, and be categorized as Internet Protocol address IP packages, Address Resolution Protocol ARP package and IP and ARP Three type of package in addition;When the IP packages are handled, will sequentially judge whether virtual network interface resource correct, IP address whether correct, MAC Whether location correct, if it is all to be correct sequentially to judge, terminates to judge, represents safety, if but in it is any judge in occur being no When, then it is judged as that malice forges package and the content generation malice package stop rule of package is forged for the malice, and send with charge free The malice package stops rule;When the ARP packages are handled, will sequentially judge whether virtual network interface resource correct, MAC Address whether correct, ARP Whether correct send information, if it is all to be correct sequentially to judge, terminate to judge, represents safely, if but going out in any judgement When being now no, then it is judged as that the malice forges package and the content for malice forgery package produces the malice package and stops rule Then, and send with charge free the malice package stop rule;When the package processing beyond the IP and ARP, it will sequentially judge whether correct, MAC Address is virtual network interface resource It is no correct, if it is all to be correct sequentially to judge, terminates to judge, represent safety, if but in it is any judge in appearance as it is no when, It is judged as that the malice forges package and the content for malice forgery package produces the malice package and stops rule, and sends this with charge free Malice package stops rule;After malice package stop rule is sent with charge free, then terminate to judge.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW103136238 | 2014-10-21 | ||
TW103136238A TWI520002B (en) | 2014-10-21 | 2014-10-21 | Protection Method and System of Cloud Virtual Network Security |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104717212A CN104717212A (en) | 2015-06-17 |
CN104717212B true CN104717212B (en) | 2018-05-11 |
Family
ID=53416175
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510094249.8A Expired - Fee Related CN104717212B (en) | 2014-10-21 | 2015-03-03 | Protection method and system for cloud virtual network security |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN104717212B (en) |
TW (1) | TWI520002B (en) |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI644235B (en) * | 2017-04-13 | 2018-12-11 | 國立政治大學 | Wearable instant interaction system |
CN107634953A (en) * | 2017-09-22 | 2018-01-26 | 国云科技股份有限公司 | A kind of method for preventing capacitor network ARP from cheating |
US10841281B2 (en) * | 2018-03-26 | 2020-11-17 | Kuo Chiang | Methods for preventing or detecting computer attacks in a cloud-based environment and apparatuses using the same |
CN110932925A (en) * | 2019-10-31 | 2020-03-27 | 苏州浪潮智能科技有限公司 | Method and system for testing stability of server BMC (baseboard management controller) network |
TWI728901B (en) * | 2020-08-20 | 2021-05-21 | 台眾電腦股份有限公司 | Network connection blocking method with dual-mode switching |
CN112346823B (en) * | 2021-01-07 | 2021-05-04 | 广东睿江云计算股份有限公司 | Cloud host data protection method and system |
CN114221928A (en) * | 2021-11-05 | 2022-03-22 | 济南浪潮数据技术有限公司 | Method, system, device and storage medium for defending IP conflict of management network |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103500305A (en) * | 2013-09-04 | 2014-01-08 | 中国航天科工集团第二研究院七〇六所 | System and method for malicious code analysis based on cloud computing |
TW201405325A (en) * | 2012-07-31 | 2014-02-01 | Chunghwa Telecom Co Ltd | Automatic encryption and decryption system for cloud files |
CN103595826A (en) * | 2013-11-01 | 2014-02-19 | 国云科技股份有限公司 | Method for preventing IP and MAC of virtual machine from being faked |
CN103916376A (en) * | 2013-01-09 | 2014-07-09 | 台达电子工业股份有限公司 | Cloud system with attract defending mechanism and defending method thereof |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110072487A1 (en) * | 2009-09-23 | 2011-03-24 | Computer Associates Think, Inc. | System, Method, and Software for Providing Access Control Enforcement Capabilities in Cloud Computing Systems |
-
2014
- 2014-10-21 TW TW103136238A patent/TWI520002B/en not_active IP Right Cessation
-
2015
- 2015-03-03 CN CN201510094249.8A patent/CN104717212B/en not_active Expired - Fee Related
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TW201405325A (en) * | 2012-07-31 | 2014-02-01 | Chunghwa Telecom Co Ltd | Automatic encryption and decryption system for cloud files |
CN103916376A (en) * | 2013-01-09 | 2014-07-09 | 台达电子工业股份有限公司 | Cloud system with attract defending mechanism and defending method thereof |
CN103500305A (en) * | 2013-09-04 | 2014-01-08 | 中国航天科工集团第二研究院七〇六所 | System and method for malicious code analysis based on cloud computing |
CN103595826A (en) * | 2013-11-01 | 2014-02-19 | 国云科技股份有限公司 | Method for preventing IP and MAC of virtual machine from being faked |
Also Published As
Publication number | Publication date |
---|---|
TW201616386A (en) | 2016-05-01 |
TWI520002B (en) | 2016-02-01 |
CN104717212A (en) | 2015-06-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104717212B (en) | Protection method and system for cloud virtual network security | |
CN104769606B (en) | The system and method that the computer environment of safety is provided | |
CN107370756B (en) | Honey net protection method and system | |
CN105577637B (en) | Calculating equipment, method and machine readable storage medium for being communicated between secured virtual network function | |
CN104580168B (en) | A kind of processing method of Attacking Packets, apparatus and system | |
CN104253820B (en) | software defined network safety control system and control method | |
CN110784361A (en) | Virtualized cloud honey network deployment method, device, system and computer-readable storage medium | |
CN104104679B (en) | A kind of data processing method based on private clound | |
US20080320582A1 (en) | Real-time industrial firewall | |
CN114244560B (en) | Flow processing method and device, electronic equipment and storage medium | |
CN104994094B (en) | Virtual platform safety protecting method based on virtual switch, device and system | |
CN103312689A (en) | Network hiding method for computer and network hiding system based on method | |
CN112054996A (en) | Attack data acquisition method and device for honeypot system | |
CN108605264A (en) | Network management | |
CN109587167A (en) | A kind of method and apparatus of Message processing | |
CN110535857A (en) | The method and apparatus of protecting network attack | |
CN103701822A (en) | Access control method | |
CN114257413A (en) | Application container engine-based anti-braking blocking method and device and computer equipment | |
CN110351237A (en) | Honey jar method and device for numerically-controlled machine tool | |
CN105429975B (en) | A kind of data safety system of defense, method and cloud terminal security system based on cloud terminal | |
RU2739864C1 (en) | System and method of correlating events for detecting information security incident | |
CN104023035A (en) | Method for protecting flow among virtual machines in same security domain | |
CN109150890A (en) | The means of defence and relevant device of newly-built connection attack | |
CN106549784B (en) | A kind of data processing method and equipment | |
CN108322460B (en) | Business system flow monitoring system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20180511 Termination date: 20210303 |
|
CF01 | Termination of patent right due to non-payment of annual fee |