CN105871787A - Intrusion prevention method applied to cloud virtual network, device, network device and system - Google Patents
Intrusion prevention method applied to cloud virtual network, device, network device and system Download PDFInfo
- Publication number
- CN105871787A CN105871787A CN201510033289.1A CN201510033289A CN105871787A CN 105871787 A CN105871787 A CN 105871787A CN 201510033289 A CN201510033289 A CN 201510033289A CN 105871787 A CN105871787 A CN 105871787A
- Authority
- CN
- China
- Prior art keywords
- network
- flow
- ovs
- module
- openflow
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention discloses an intrusion prevention method applied to a cloud virtual network. The method includes the following steps that: network flow generated by cloud resources is monitored, and network flow data obtained through monitoring are stored in a log file; when it is determined that the network flow data in the log file are matched with Snort rules, alarm information is generated; and the alarm information is analyzed, an OpenFlow rule term is generated according to data obtained through analysis, and the OpenFlow rule term is sent to an OVS, wherein the OpenFlow rule term is used for the OVS to update a flow table. The invention also discloses a network device for realizing the method and a system.
Description
Technical field
The present invention relates to the network security technology in cloud virtual network environment, particularly relate to a kind of cloud virtual network
In intrusion prevention method, device, the network equipment and system.
Background technology
Traditional intrusion prevention system (IPS) is applicable to common network environment, but is not suitable for cloud virtual net
Network environment.In order to solve this problem, existing propose multiple implementation, including: hand over based on network
Die change type OpenFlow and the intrusion prevention system of Snort, this system is performed to enter accordingly by described Snort
Invade detection function;Described OpenFlow is used for dynamically changing flow meter, and forwards particular data packet to arrive specially
Snort intruding detection system (IDS) to carry out traffic monitoring.
But, there are some problems in the scheme of above-mentioned existing proposition, such as: only focuses on the management of flow,
And described Snort performs intrusion detection only, the generation of invasion situation can not be alleviated, it may be assumed that be not provided that
Corresponding comprehensively invasion solution etc..Generally, for cloud virtual network environment, prior art is not
Be provided that one complete, flexibly and efficient intrusion prevention system.
Summary of the invention
For solving the technical problem of existing existence, the embodiment of the present invention provides the invasion in a kind of cloud virtual network
Defence method, device, the network equipment and system.
Embodiments providing a kind of intrusion prevention method in cloud virtual network, the method includes:
The network traffics producing cloud resource are monitored, and are stored in by the network flow data of monitoring gained
In journal file;Determine when the network flow data in described journal file matches with Snort rule, raw
Become warning message;Resolve described warning message, and according to resolving the data genaration OpenFlow rule of gained
, and described OpenFlow regularization term is sent to OVS;Described OpenFlow regularization term is used for OVS
Carry out the renewal of flow meter.
In one embodiment, after described renewal flow meter, the method also includes:
When monitoring the network traffics matched with the list item in the flow meter of described renewal, described OVS's
With these network traffics of line-speed processing on datum plane.
In one embodiment, before described monitoring network traffics, the method also includes:
The network traffics transmission extremely described OVS that described cloud resource is produced.
Wherein, the method for described generation warning message, including:
Determine when described journal file having network flow data and Snort rule match, generate and this net
The warning message of the JSON form that network data on flows is corresponding.
Wherein, the data obtained after described parsing warning message at least include:
Attack type, source IP address, purpose IP address, tcp port.
The embodiment of the present invention additionally provides the intrusion prevention device in a kind of cloud virtual network, and described device includes:
Flow monitoring module, alarm module, parsing module and rule generation module;Wherein,
Described flow monitoring module, is monitored for the network traffics producing cloud resource, and will monitor institute
The network flow data obtained is stored in journal file;
Described alarm module, for determining the network flow data in described journal file and Snort rule phase
During coupling, generate warning message;
Described parsing module, is used for resolving described warning message;
Described rule generation module, for resolving the data genaration OpenFlow of gained according to described parsing module
Regularization term, and described OpenFlow regularization term is sent to OVS;Described OpenFlow regularization term is used for
OVS carries out the renewal of flow meter.
In one embodiment, described device also includes: flow processing module;
Described flow monitoring module, is additionally operable to monitor and matches with the list item in the flow meter of described renewal
During network traffics, notify described flow processing module;Accordingly,
Described flow processing module, after the notice receiving described flow monitoring module, described OVS's
With these network traffics of line-speed processing on datum plane.
In one embodiment, this device also includes: flow transport module, for described cloud resource being produced
Network traffics transmission to described OVS.
The embodiment of the present invention additionally provides a kind of network equipment, and the described network equipment includes: cloud mentioned above
Intrusion prevention device in virtual network.
The embodiment of the present invention additionally provides the intrusion prevention system in a kind of cloud virtual network, and this system includes:
The network equipment mentioned above and some virtual machines.
The embodiment of the present invention provide cloud virtual network in intrusion prevention method, device, the network equipment and be
System, the network traffics producing cloud resource are monitored, and are stored in by the network flow data of monitoring gained
In journal file;Determine when the network flow data in described journal file matches with Snort rule, raw
Become warning message;Resolve described warning message, and according to resolving the data genaration OpenFlow rule of gained
, and described OpenFlow regularization term is sent to OVS;Described OpenFlow regularization term is used for OVS
Carry out the renewal of flow meter.Embodiment of the present invention use software defined network (Software Defined Network,
SDN) and intruding detection system be implemented in combination with intrusion prevention system, can need to arrange flexibly according to network
OpenFlow regularization term, thus according to the flow meter generated to can be effectively isolated with flow in network,
Achieve flexible, efficiently, dynamically carry out the defence of network attack.
Accompanying drawing explanation
In accompanying drawing (it is not necessarily drawn to scale), similar reference can be at different views
Described in similar parts.The similar reference numerals with different letter suffix can represent the difference of similar component
Example.Accompanying drawing generally shows each embodiment discussed herein by way of example and not limitation.
Fig. 1 is the intrusion prevention method flowchart in cloud virtual network described in the embodiment of the present invention;
Fig. 2 is the structural representation of the intrusion prevention device in cloud virtual network described in the embodiment of the present invention;
Fig. 3 is the framework of another embodiment that the intrusion prevention method in cloud virtual network of the present invention realizes
Figure;
Fig. 4 is the intrusion prevention method flowchart in cloud virtual network described in another embodiment of the present invention.
Detailed description of the invention
In embodiments of the invention, the network traffics producing cloud resource are monitored, and by monitoring gained
Network flow data is stored in journal file;Determine the network flow data in described journal file and Snort
When rule matches, generate warning message;Resolve described warning message, and raw according to the data resolving gained
Become OpenFlow regularization term, and described OpenFlow regularization term is sent to OVS;Described OpenFlow
Regularization term carries out the renewal of flow meter for OVS.
Below in conjunction with the accompanying drawings and the present invention is described in further detail by specific embodiment.
Fig. 1 is the intrusion prevention method flowchart in cloud virtual network described in the embodiment of the present invention, such as figure
Shown in 1, the method includes:
Step 101: the network traffics producing cloud resource are monitored, and by the network traffics of monitoring gained
Data are stored in journal file;
In the embodiment of the present invention, described cloud resource can be: virtual machine etc..
Step 102: determine when the network flow data in described journal file matches with Snort rule, raw
Become warning message;
Step 103: resolve described warning message, and according to resolving the data genaration OpenFlow rule of gained
, and described OpenFlow regularization term is sent to OVS;Described OpenFlow regularization term is used for OVS
Carry out the renewal of flow meter.
The embodiment of the present invention uses software defined network (Software Defined Network, SDN) and invasion
Detecting system be implemented in combination with intrusion prevention system, can need to arrange flexibly OpenFlow rule according to network
, thus according to the flow meter generated to can be effectively isolated with flow in network, it is achieved that flexibly,
Efficiently, the defence of network attack is dynamically carried out.
In an embodiment of the invention, after described renewal flow meter, the method also includes:
When monitoring the network traffics matched with the list item in the flow meter of described renewal, described OVS's
With these network traffics of line-speed processing on datum plane.
In an embodiment of the invention, before described monitoring network traffics, the method also includes:
The network traffics transmission extremely described OVS that described cloud resource is produced;Such as: can via with described OVS
The virtual interface (VIF) that is connected of virtual bridge carry out the transmission of network traffics.
In embodiments of the present invention, the method for described generation warning message, including:
Determine when described journal file having network flow data and Snort rule match, generate and this net
The warning message of the JSON form that network data on flows is corresponding.
In embodiments of the present invention, the data obtained after described parsing warning message at least include:
Attack type, source IP address, purpose IP address, tcp port.
The embodiment of the present invention additionally provides the intrusion prevention device in a kind of cloud virtual network, as in figure 2 it is shown,
This device includes: flow monitoring module 201, alarm module 202, parsing module 203 and rule generation module
204;Wherein,
Described flow monitoring module 201, is monitored for the network traffics producing cloud resource, and will prison
The network flow data surveying gained is stored in journal file;
In the embodiment of the present invention, described cloud resource can be: virtual machine etc..
Described alarm module 202, for determining the network flow data in described journal file and Snort rule
When matching, generate warning message;
Described parsing module 203, is used for resolving described warning message;
Described rule generation module 204, for resolving the data genaration of gained according to described parsing module 203
OpenFlow regularization term, and described OpenFlow regularization term is sent to OVS;Described OpenFlow advises
Then item carries out the renewal of flow meter for OVS.
The embodiment of the present invention uses software defined network (Software Defined Network, SDN) and invasion
Detecting system be implemented in combination with intrusion prevention system, can need to arrange flexibly OpenFlow rule according to network
, thus according to the flow meter generated to can be effectively isolated with flow in network, it is achieved that flexibly,
Efficiently, the defence of network attack is dynamically carried out.
In embodiments of the present invention, the method that described alarm module 202 generates warning message, including:
Determine when described journal file having network flow data and Snort rule match, generate and this net
The warning message of the JSON form that network data on flows is corresponding.
In embodiments of the present invention, the data obtained after described parsing warning message at least include:
Attack type, source IP address, purpose IP address, tcp port.
In an embodiment of the invention, described device also includes: flow processing module 205;
Described flow monitoring module 201, is additionally operable to monitor and the list item phase in the flow meter of described renewal
During the network traffics joined, notify described flow processing module 205;Accordingly,
Described flow processing module 205, after the notice receiving described flow monitoring module 201, in institute
State on the datum plane of OVS with these network traffics of line-speed processing.
In an embodiment of the invention, this device also includes: flow transport module 206, for by described
The network traffics transmission extremely described OVS that cloud resource produces.
In embodiments of the present invention, described flow transport module 206 can be the virtual bridge of described OVS, and
The virtual interface (VIF) being connected with described virtual bridge.
The embodiment of the present invention additionally provides a kind of network equipment, and the described network equipment includes that cloud mentioned above is empty
Intend the intrusion prevention device in network.
The embodiment of the present invention additionally provides the intrusion prevention system in a kind of cloud virtual network, and this system includes
The network equipment described in literary composition and some virtual machines.
Fig. 3 is the framework of another embodiment that the intrusion prevention method in cloud virtual network of the present invention realizes
Figure, as it is shown on figure 3, the embodiment of the present invention can realize based on virtualized server XenServer.Described
The cloud operating system of XenServer there is two kinds of territory, is respectively as follows: DOM 0 and DOM U.Wherein,
Described DOM 0 is management domain, and described DOM U is user domain.It is special that one of them DOM U can be set
For storage control and daily record, other DOM U is then for the virtual machine (VM) of trustship user.
All of DOM U resource is managed by described DOM 0, and must access firmly via described DOM 0
Part.
In Fig. 3, shown OVS is the switch that pure software realizes OpenFlow.OVS is typically at cloud meter
The management domain of calculation system or privileged domain realize.In embodiments of the present invention, OVS is at XenServer cloud
The local realization of the DOM 0 of calculating system.Different virtual machine (VM) in Same Physical server it
Between communication only need to be managed by OVS and forward.Each DOM 0 in XenServer runs one
Individual user space processes (flow path) and a kernel spacing module (fast path).
In the user space, there are two modules, respectively ovsdb server and OVS-SwitchD.Described
Ovsdb server is to maintain the data base based on daily record of switching stage configuration;Described OVS-SwitchD module
Being the core of OVS, it supports multiple independent data channel.As shown in Figure 3, described OVS-SwitchD
Can be communicated with ovsdb server by management agreement, be led to controller by OpenFlow agreement
Letter, and by network link and kernel module communication.
In kernel spacing, described kernel carries out packet switch, searches and forwards, tunnel encapsulation and decapsulation
Deng operation.Each virtual interface (VIF) on each virtual machine is relative with the virtual interface of OVS or port
Should, the different virtual interface being connected from same data channel is considered to be positioned on same switch.
Snort agency can be by DOM 0 (privileged domain) or the DOM of virtualization architecture based on XenServer
U (non-privileged territory) realizes.In the embodiment of the present invention, Snort agency can be arranged in DOM 0,
Snort is made to act on behalf of the data channel that can detect that in OVS.The log information that all Snort agency produces
Export in csv file so that described controller can carry out real time access.
Described controller provides a view concentrated and controls cloud virtual network.This controller comprises three masters
Wanting part: SDNIPS finger daemon, alarm interpretation device and Rule Generator, not shown in Fig. 3.Wherein,
The function of described SDNIPS finger daemon is similar to alarm module 202 described in Fig. 2, is mainly used for receiving
Snort agency in collection DOM 0, such as: controlled SDN equipment OVS, the data with alert of generation.This SDNIPS
Finger daemon is realized by the form of JSON message, and data with alert is stored in JSON message, JSON
Server runs in controller side.The function of described alarm interpretation device and the phase of parsing module 203 described in Fig. 2
Seemingly, it is used for resolving alarm, and captures suspicious traffic.The original alarms data being resolved can be: attacks class
Type, source IP address, purpose IP address and tcp port etc..Information that is resolved and that filter is delivered to
Described Rule Builder, is generated OpenFlow regularization term by Rule Builder, and is injected into OpenFlow and sets
Standby (OVS) is to re-start network configuration.
Fig. 4 is the intrusion prevention method flowchart in cloud virtual network described in another embodiment of the present invention,
As shown in Figure 4, including:
Step 401: cloud resource, such as: virtual machine generates network traffics;
Step 402: network traffics are by the VIF transmission being connected with the virtual bridge of OVS to OVS;
Described virtual bridge can regard virtual switch as, then, all of VIF being connected with identical virtual bridge
Then belong to consolidated network.
Step 403:Snort agency detects network traffics by described virtual bridge;
This is more more effective than by utilizing span port mirror image technology to carry out the detection of network traffics.Described SPAN
Switched Port Analyzer is to replicate all of flow at the port specified, and described flow is forwarded to a flow
Prospecting tools is for the private port monitored.
Step 404: determine when the flow matched with Snort rule occurs in journal file, generates JSON
The warning message of form;
Step 405: resolve described warning message;
Available following necessary information after parsing, such as: attack type, source IP address, purpose IP,
Tcp port etc..
Step 406: generate OpenFlow regularization term, and push them into OVS and carry out the renewal of flow meter.
So, the suspicious traffic that the list item in the follow-up flow meter with described renewal matches is by the number at OVS
It is effectively treated with linear speed according to plane.
Those skilled in the art are it should be appreciated that embodiments of the invention can be provided as method, system or meter
Calculation machine program product.Therefore, the present invention can use hardware embodiment, software implementation or combine software and
The form of the embodiment of hardware aspect.And, the present invention can use and wherein include calculating one or more
The computer-usable storage medium of machine usable program code (includes but not limited to disk memory and optical storage
Device etc.) form of the upper computer program implemented.
The present invention is with reference to method, equipment (system) and computer program according to embodiments of the present invention
Flow chart and/or block diagram describe.It should be understood that can be by computer program instructions flowchart and/or side
Flow process in each flow process in block diagram and/or square frame and flow chart and/or block diagram and/or the knot of square frame
Close.Can provide these computer program instructions to general purpose computer, special-purpose computer, Embedded Processor or
The processor of other programmable data processing device is to produce a machine so that by computer or other can
The instruction that the processor of programming data processing equipment performs produces for realizing in one flow process or multiple of flow chart
The device of the function specified in flow process and/or one square frame of block diagram or multiple square frame.
These computer program instructions may be alternatively stored in and can guide computer or other programmable data processing device
In the computer-readable memory worked in a specific way so that be stored in this computer-readable memory
Instruction produces the manufacture including command device, and this command device realizes at one flow process of flow chart or multiple stream
The function specified in journey and/or one square frame of block diagram or multiple square frame.
These computer program instructions also can be loaded in computer or other programmable data processing device, makes
Sequence of operations step must be performed to produce computer implemented place on computer or other programmable devices
Reason, thus the instruction performed on computer or other programmable devices provides for realizing flow chart one
The step of the function specified in flow process or multiple flow process and/or one square frame of block diagram or multiple square frame.
The above, only presently preferred embodiments of the present invention, it is not intended to limit the protection model of the present invention
Enclose.
Claims (10)
1. the intrusion prevention method in a cloud virtual network, it is characterised in that the method includes:
The network traffics producing cloud resource are monitored, and are stored in by the network flow data of monitoring gained
In journal file;
Determine when the network flow data in described journal file matches with Snort rule, generate alarm signal
Breath;
Resolve described warning message, and according to resolving the data genaration OpenFlow regularization term of gained, and will
Described OpenFlow regularization term is sent to OVS;Described OpenFlow regularization term carries out flow for OVS
The renewal of table.
Method the most according to claim 1, it is characterised in that after described renewal flow meter, the party
Method also includes:
When monitoring the network traffics matched with the list item in the flow meter of described renewal, described OVS's
With these network traffics of line-speed processing on datum plane.
Method the most according to claim 1, it is characterised in that before described monitoring network traffics, should
Method also includes:
The network traffics transmission extremely described OVS that described cloud resource is produced.
Method the most according to claim 1, it is characterised in that the method for described generation warning message,
Including:
Determine when described journal file having network flow data and Snort rule match, generate and this net
The warning message of the JSON form that network data on flows is corresponding.
Method the most according to claim 1, it is characterised in that obtain after described parsing warning message
Data at least include:
Attack type, source IP address, purpose IP address, tcp port.
6. the intrusion prevention device in a cloud virtual network, it is characterised in that described device includes: flow
Monitoring modular, alarm module, parsing module and rule generation module;Wherein,
Described flow monitoring module, is monitored for the network traffics producing cloud resource, and will monitor institute
The network flow data obtained is stored in journal file;
Described alarm module, for determining the network flow data in described journal file and Snort rule phase
During coupling, generate warning message;
Described parsing module, is used for resolving described warning message;
Described rule generation module, for resolving the data genaration OpenFlow of gained according to described parsing module
Regularization term, and described OpenFlow regularization term is sent to OVS;Described OpenFlow regularization term is used for
OVS carries out the renewal of flow meter.
Device the most according to claim 6, it is characterised in that described device also includes: flow processes
Module;
Described flow monitoring module, is additionally operable to monitor and matches with the list item in the flow meter of described renewal
During network traffics, notify described flow processing module;Accordingly,
Described flow processing module, after the notice receiving described flow monitoring module, described OVS's
With these network traffics of line-speed processing on datum plane.
Device the most according to claim 6, it is characterised in that this device also includes: flow transmission mould
Block, for the network traffics transmission extremely described OVS described cloud resource produced.
9. a network equipment, it is characterised in that the described network equipment includes: appoint in claim 6 to 8
Intrusion prevention device in one described cloud virtual network.
10. the intrusion prevention system in a cloud virtual network, it is characterised in that this system includes: right
Require the network equipment described in 9 and some virtual machines.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510033289.1A CN105871787A (en) | 2015-01-22 | 2015-01-22 | Intrusion prevention method applied to cloud virtual network, device, network device and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510033289.1A CN105871787A (en) | 2015-01-22 | 2015-01-22 | Intrusion prevention method applied to cloud virtual network, device, network device and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105871787A true CN105871787A (en) | 2016-08-17 |
Family
ID=56624260
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510033289.1A Pending CN105871787A (en) | 2015-01-22 | 2015-01-22 | Intrusion prevention method applied to cloud virtual network, device, network device and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105871787A (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106534111A (en) * | 2016-11-09 | 2017-03-22 | 国云科技股份有限公司 | Method for defending network attack for cloud platform based on flow rule |
CN106899601A (en) * | 2017-03-10 | 2017-06-27 | 北京华清信安科技有限公司 | Network attack defence installation and method based on cloud and local platform |
CN107800696A (en) * | 2017-10-23 | 2018-03-13 | 国云科技股份有限公司 | Source discrimination is forged in communication on a kind of cloud platform virtual switch |
CN108804122A (en) * | 2018-06-04 | 2018-11-13 | 北京知道创宇信息技术有限公司 | Information security processing system, Virtual Private Server and its control method |
CN110224990A (en) * | 2019-07-17 | 2019-09-10 | 浙江大学 | A kind of intruding detection system based on software definition security architecture |
CN111147516A (en) * | 2019-12-31 | 2020-05-12 | 中南民族大学 | SDN-based dynamic interconnection and intelligent routing decision system and method for security equipment |
CN111935074A (en) * | 2020-06-22 | 2020-11-13 | 国网电力科学研究院有限公司 | Integrated network security detection method and device |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104023034A (en) * | 2014-06-25 | 2014-09-03 | 武汉大学 | Security defensive system and defensive method based on software-defined network |
US8879558B1 (en) * | 2012-06-27 | 2014-11-04 | Juniper Networks, Inc. | Dynamic remote packet capture |
US20140380466A1 (en) * | 2013-06-19 | 2014-12-25 | Verizon Patent And Licensing Inc. | Method and apparatus for providing hierarchical pattern recognition of communication network data |
-
2015
- 2015-01-22 CN CN201510033289.1A patent/CN105871787A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8879558B1 (en) * | 2012-06-27 | 2014-11-04 | Juniper Networks, Inc. | Dynamic remote packet capture |
US20140380466A1 (en) * | 2013-06-19 | 2014-12-25 | Verizon Patent And Licensing Inc. | Method and apparatus for providing hierarchical pattern recognition of communication network data |
CN104023034A (en) * | 2014-06-25 | 2014-09-03 | 武汉大学 | Security defensive system and defensive method based on software-defined network |
Non-Patent Citations (2)
Title |
---|
TIANYI XING: "SnortFlow: A OpenFlow-based Intrusion Prevetion System in Cloud Environment", 《IEEE XPLORE DIGITAL LIBRARY》 * |
陈勇: "基于Snort的入侵防御系统性能优化研究", 《万方数据库》 * |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106534111A (en) * | 2016-11-09 | 2017-03-22 | 国云科技股份有限公司 | Method for defending network attack for cloud platform based on flow rule |
CN106899601A (en) * | 2017-03-10 | 2017-06-27 | 北京华清信安科技有限公司 | Network attack defence installation and method based on cloud and local platform |
CN107800696A (en) * | 2017-10-23 | 2018-03-13 | 国云科技股份有限公司 | Source discrimination is forged in communication on a kind of cloud platform virtual switch |
CN107800696B (en) * | 2017-10-23 | 2020-07-03 | 国云科技股份有限公司 | Method for identifying communication counterfeiting source on cloud platform virtual switch |
CN108804122A (en) * | 2018-06-04 | 2018-11-13 | 北京知道创宇信息技术有限公司 | Information security processing system, Virtual Private Server and its control method |
CN110224990A (en) * | 2019-07-17 | 2019-09-10 | 浙江大学 | A kind of intruding detection system based on software definition security architecture |
CN111147516A (en) * | 2019-12-31 | 2020-05-12 | 中南民族大学 | SDN-based dynamic interconnection and intelligent routing decision system and method for security equipment |
CN111935074A (en) * | 2020-06-22 | 2020-11-13 | 国网电力科学研究院有限公司 | Integrated network security detection method and device |
CN111935074B (en) * | 2020-06-22 | 2023-09-05 | 国网电力科学研究院有限公司 | Integrated network security detection method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105871787A (en) | Intrusion prevention method applied to cloud virtual network, device, network device and system | |
US11601349B2 (en) | System and method of detecting hidden processes by analyzing packet flows | |
CN104506507B (en) | A kind of sweet net safety protective system and method for SDN | |
CN107370756B (en) | Honey net protection method and system | |
CN107608852B (en) | A kind of process monitoring method and device | |
CN103973676A (en) | Cloud computing safety protection system and method based on SDN | |
US9100309B2 (en) | Identification and classification of web traffic inside encrypted network tunnels | |
US11190390B2 (en) | Alarm information processing method and apparatus, system, and computer storage medium | |
CN104023034A (en) | Security defensive system and defensive method based on software-defined network | |
US10728268B1 (en) | Methods and apparatus for intrusion prevention using global and local feature extraction contexts | |
CN104038466A (en) | Intrusion detection system, method and device for cloud calculating environment | |
CN105051696A (en) | An improved streaming method and system for processing network metadata | |
US20180309648A1 (en) | Ultra-Fast Pattern Generation Algorithm for the Heterogeneous Logs | |
CN104125214A (en) | Security architecture system for realizing software definition security and security controller | |
CN113890821B (en) | Log association method and device and electronic equipment | |
WO2016205169A1 (en) | Passive security analysis with inline active security device | |
CN112822291A (en) | Monitoring method and device for industrial control equipment | |
CN107645472A (en) | A kind of virtual machine traffic detecting system based on OpenFlow | |
CN107168844B (en) | Performance monitoring method and device | |
Bondan et al. | Anomaly detection framework for SFC integrity in NFV environments | |
CN110300090A (en) | The network address that Intrusion Detection based on host threatens implements threat strategy movement | |
Lopez et al. | An evaluation of a virtual network function for real-time threat detection using stream processing | |
KR102088308B1 (en) | Cloud security analysing apparatus, apparatus and method for management of security policy based on nsfv | |
Wang et al. | Honeynet construction based on intrusion detection | |
US20170099304A1 (en) | Automatic generation of cluster descriptions |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160817 |
|
RJ01 | Rejection of invention patent application after publication |