CN107046546A - A kind of network safety control method and device - Google Patents
A kind of network safety control method and device Download PDFInfo
- Publication number
- CN107046546A CN107046546A CN201710352077.9A CN201710352077A CN107046546A CN 107046546 A CN107046546 A CN 107046546A CN 201710352077 A CN201710352077 A CN 201710352077A CN 107046546 A CN107046546 A CN 107046546A
- Authority
- CN
- China
- Prior art keywords
- controlled
- virtual machine
- network
- port
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45504—Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides a kind of network safety control method and device, this method includes:Build at least one corresponding virtual machine of at least one safety means;At least one described virtual machine is arranged in network to be controlled;Using at least one described virtual machine, security monitoring is carried out at least one object to be controlled in the network to be controlled.This programme can improve Information Security.
Description
Technical field
The present invention relates to field of computer technology, more particularly to a kind of networking security control method and device.
Background technology
With the development of information technology, cloud computing progressively turn into industry Hot spots for development, cloud computing science, education,
The multiple fields such as ecommerce and Internet of Things are applied.
Cloud computing allows data to be transmitted and preserved at an arbitrary position, or even the data of same user can be separately maintained in
Diverse location.Existing cloud computing platform does not carry out carrying out safe prison during data transmission and data storage etc. in user
Control, the possibility for causing data to be attacked and distorted is higher, so as to cause the security of data relatively low.
The content of the invention
The embodiments of the invention provide a kind of network safety control method and device, data in cloud computing platform can be improved
Security.
In a first aspect, the embodiments of the invention provide a kind of network safety control method, including:
Build at least one corresponding virtual machine of at least one safety means;
At least one described virtual machine is arranged in network to be controlled;
Using at least one described virtual machine, safety is carried out at least one object to be controlled in the network to be controlled
Monitoring.
Preferably,
Described at least one virtual machine described in, is carried out at least one object to be controlled in the network to be controlled
Security monitoring, including:
At least one described object to be controlled is transmitted, and monitor number by least one described virtual machine to data
According to the data traffic in transmitting procedure.
Preferably,
Data traffic during the monitoring data transmission, including:
Determine the port of each virtual machine;
From port each described, a port is selected;
The data traffic is monitored using the port selected.
Preferably,
Before at least one described virtual machine is arranged in network to be controlled, further comprise:
For the object to be controlled of each at least one described object to be controlled, corresponding web tab is set;
According to the corresponding web tab of each described object to be controlled, at least one described object to be controlled is divided
Group;
Then,
It is described that at least one described virtual machine is arranged in network to be controlled, including:
At least one virtual machine is set in object to be controlled described in each group.
Preferably,
The safety means include:Firewall box;
It is described that at least one described virtual machine is arranged in network to be controlled, including:
The firewall policy of the network to be controlled is set;
Described at least one virtual machine described in, is carried out at least one object to be controlled in the network to be controlled
Security monitoring, including:
According to the firewall policy, security monitoring is carried out at least one described object to be controlled.
Second aspect, the embodiments of the invention provide a kind of network security control device, including:Construction unit, setting are single
Member and security monitoring unit;Wherein,
The construction unit, for building at least one corresponding virtual machine of at least one safety means;
The setting unit, at least one virtual machine for the construction unit to be constructed is arranged on network to be controlled
In;
The security monitoring unit, for using at least one described virtual machine, in the network to be controlled at least
One object to be controlled carries out security monitoring.
Preferably,
The security monitoring unit, for making at least one described object to be controlled by least one described virtual machine,
Data are transmitted, and the data traffic during monitoring data transmission.
Preferably,
The security monitoring unit, the port for determining each virtual machine, from port each described, selection
One port;And the data traffic is monitored using the port selected.
Preferably,
Further comprise:Grouped element;Wherein,
The grouped element, for being set for the object to be controlled of each at least one described object to be controlled
Corresponding web tab;And according to the corresponding web tab of each described object to be controlled, at least one is to be controlled to described
Object is grouped;
The setting unit, for setting at least one virtual machine in object to be controlled described in each group.
Preferably,
The safety means include:Firewall box;
The setting unit, the firewall policy for setting the network to be controlled;
The security monitoring unit, for according to the firewall policy, being carried out at least one described object to be controlled
Security monitoring.
The embodiments of the invention provide a kind of networking security control method and device, by building the corresponding void of safety means
Plan machine, and virtual machine is arranged in network to be controlled, then using the virtual machine of setting, to be controlled in network to be controlled
Object (data behavior of the user in cloud computing platform) carries out security monitoring.Thus, the data quilt in network to be controlled can be reduced
The possibility attacked and distorted, improves the security of data.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
There is the accompanying drawing used required in technology description to be briefly described, it should be apparent that, drawings in the following description are the present invention
Some embodiments, for those of ordinary skill in the art, on the premise of not paying creative work, can also basis
These accompanying drawings obtain other accompanying drawings.
Fig. 1 is a kind of flow chart for network safety control method that one embodiment of the invention is provided;
Fig. 2 is a kind of flow chart for network safety control method that another embodiment of the present invention is provided;
Fig. 3 is a kind of structural representation for network security control device that one embodiment of the invention is provided;
Fig. 4 is a kind of structural representation for network security control device that another embodiment of the present invention is provided.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention
In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is
A part of embodiment of the present invention, rather than whole embodiments, based on the embodiment in the present invention, those of ordinary skill in the art
The every other embodiment obtained on the premise of creative work is not made, belongs to the scope of protection of the invention.
As shown in figure 1, the embodiments of the invention provide a kind of network safety control method, this method can include following step
Suddenly:
Step 101:Build at least one corresponding virtual machine of at least one safety means;
Step 102:At least one described virtual machine is arranged in network to be controlled;
Step 103:Using at least one described virtual machine, at least one object to be controlled in the network to be controlled
Carry out security monitoring.
In above-described embodiment, network to be controlled is arranged on by building the corresponding virtual machine of safety means, and by virtual machine
In, then using the virtual machine of setting, to object to be controlled (data row of the user in cloud computing platform in network to be controlled
For) carry out security monitoring.Thus, the possibility that the data in network to be controlled are attacked and distorted can be reduced, data are improved
Security.
Specifically, in one embodiment of the invention, the embodiment of step 103 can include:
At least one described object to be controlled is transmitted, and monitor number by least one described virtual machine to data
According to the data traffic in transmitting procedure.
For example, network to be controlled is OpenStack, by virtual machine (virtual router etc.) shape in OpenStack
Into north-south prevention and control, secure resources pond is formed.The secure resources pond that then outside network resource need to be formed through virtual machine, i.e., by void
Intend after router, just enter the virtual machine of access customer.When user needs to upload data to external network, equally also need by north and south
To secure resources pond.In data transmission procedure, the flow that there is any discrepancy be monitored in the secure resources pond of north-south with point
Analysis, realizes the functions such as security monitoring, invasion blocking, thus further improves the security of data.
In one embodiment of the invention, the data traffic during the monitoring data transmission, including:
Determine the port of each virtual machine;
From port each described, a port is selected;
The data traffic is monitored using the port selected.
Herein, still by taking OpenStack as an example, when virtual machine is arranged in OpenStack, East and West direction peace can also be formed
Full resource pool, is connected on OpenStack virtual machine networks, and determines the port of each virtual machine, then from each end
Selection a port carries out the monitoring of data traffic in mouthful.The mode of Port Mirroring is utilized, by all traffic mirrorings to thing
To secure resources pond, by the corresponding virtual machine of safety means in secure resources pond, to DoS, Botnet, leak analysis,
Comprehensive security monitoring is carried out in terms of WEB application safety, intrusion detection and leaking data to flow, so as to further improve
Information Security.In addition, after security monitoring is completed, can also synchronism output monitoring daily record and form, be easy to user to check, improve
Consumer's Experience.
In addition, safety means constitute secure resources pond in the form of virtual machine, it can realize that each is empty by cloud management platform
The distribution according to need of plan machine and flexible scheduling, on the one hand, configuration dilatation can be carried out to each virtual machine according to demand, on the other hand,
Multiple virtual machines in secure resources pond can constitute cluster, and user can carry out the extending transversely of node according to actual needs, ensure
Systematic function and reliability.
In one embodiment of the invention, before step 102, further comprise:
For the object to be controlled of each at least one described object to be controlled, corresponding web tab is set;
According to the corresponding web tab of each described object to be controlled, at least one described object to be controlled is divided
Group;
Then the embodiment of step 102, can include:
At least one virtual machine is set in object to be controlled described in each group.
By taking East and West direction safe pool as an example, cloud management platform is that each customer flow sets web tab, for example, setting
Vxlan labels.According to the vxlan labels of each user, different user is grouped, the net between isolation different user groups
Network.Inside same tenant, setting is corresponding to treat virtual machine.For example, in OpenStack networks, in each user's group
Set OpenStack built in secure group component, then according to the rule of secure group component, control virtualization aspect safety with
Isolation, realizes the isolation between each user and interconnected control, so as to further improve the security of user data.
In one embodiment of the invention, the safety means include:Firewall box;
The embodiment of step 102, can include:
The firewall policy of the network to be controlled is set;
The embodiment of step 103, can include:
According to the firewall policy, security monitoring is carried out at least one described object to be controlled.
Herein, by setting the corresponding virtual machine of firewall box in network to be controlled, and the net to be controlled is set
The firewall policy of network, this firewall policy can be after firewall services be distributed to user by cloud management platform, and user is carried out certainly
Help setting.Thus, security monitoring can be carried out to each object to be controlled in network to be controlled according to firewall policy, so that
Realize Network Isolation, protection and monitor, which thereby enhance the security of data.
As shown in Fig. 2 one embodiment of the invention provide a kind of network safety control method, this method can include with
Lower step:
Step 201:Build at least one corresponding virtual machine of at least one safety means;
For example, by vulnerability scanning, fire wall, intruding detection system (Intrusion Detection Systems, IDS)
The form of virtual machine is built into the security service such as router.
Step 202:For each object to be controlled in network to be controlled, corresponding web tab is set, and according to each
The individual web tab, is grouped to object to be controlled each described.
By taking OpenStack as an example, cloud management platform is that each customer flow sets vxlan labels.According to each user's
Vxlan labels, are grouped to different user, the network between isolation different user groups.
Step 203:At least one virtual machine is set in object to be controlled described in each group.
For example, in OpenStack networks, the secure group component built in OpenStack is set in each user's group, so
The safety of virtualization aspect according to the rule of secure group component, can be controlled afterwards and isolated, realize isolation between each user with
Interconnected control.
Step 204:At least one described object to be controlled is transmitted by least one described virtual machine to data.
Herein, virtual router is formed into north-south prevention and control in OpenStack, forms secure resources pond.It is then outside
The secure resources pond that Internet resources need to be formed through virtual machine, i.e., after virtual router, just enter the virtual machine of access customer.With
When family needs to upload data to external network, equally also need by north-south secure resources pond.
Step 205:The port of each virtual machine is determined, from port each described, a port is selected,
And the data traffic is monitored using the port selected.
When vulnerability scanning, fire wall and the corresponding virtual machines of IDS are arranged in OpenStack, East and West direction can be also formed
Secure resources pond, is connected on OpenStack virtual machine networks, and determines the port of each virtual machine, then from each
A port is selected to carry out the monitoring of data traffic in port.The mode of Port Mirroring is utilized, by all traffic mirrorings to east
West is to secure resources pond, by the corresponding virtual machine of safety means in secure resources pond, to DoS, Botnet, leak point
Comprehensive security monitoring is carried out in terms of analysis, WEB application safety, intrusion detection and leaking data to flow.
Step 206:Output monitoring daily record and form.
After security monitoring is completed, can also synchronism output monitoring daily record and form, be easy to user to check.
As shown in figure 3, the embodiments of the invention provide a kind of network security control device, including:Construction unit 301, set
Put unit 302 and security monitoring unit 303;Wherein,
The construction unit 301, for building at least one corresponding virtual machine of at least one safety means;
The setting unit 302, at least one virtual machine for the construction unit 301 to be constructed is arranged on to be controlled
In network processed;
The security monitoring unit 303, for using at least one described virtual machine, in the network to be controlled extremely
A few object to be controlled carries out security monitoring.
In above-described embodiment, network to be controlled is arranged on by building the corresponding virtual machine of safety means, and by virtual machine
In, then using the virtual machine of setting, to object to be controlled (data row of the user in cloud computing platform in network to be controlled
For) carry out security monitoring.Thus, the possibility that the data in network to be controlled are attacked and distorted can be reduced, data are improved
Security.
Specifically, in one embodiment of the invention, the security monitoring unit 303, for making, described at least one is to be controlled
Object processed is transmitted by least one described virtual machine to data, and the data traffic during monitoring data transmission.
For example, network to be controlled is OpenStack, by virtual machine (virtual router etc.) shape in OpenStack
Into north-south prevention and control, secure resources pond is formed.The secure resources pond that then outside network resource need to be formed through virtual machine, i.e., by void
Intend after router, just enter the virtual machine of access customer.When user needs to upload data to external network, equally also need by north and south
To secure resources pond.In data transmission procedure, the flow that there is any discrepancy be monitored in the secure resources pond of north-south with point
Analysis, realizes the functions such as security monitoring, invasion blocking, thus further improves the security of data.
In one embodiment of the invention, the security monitoring unit 303, the end for determining each virtual machine
Mouthful, from port each described, select a port;And the data traffic is carried out using the port selected
Monitoring.
Herein, still by taking OpenStack as an example, when virtual machine is arranged in OpenStack, East and West direction peace can also be formed
Full resource pool, is connected on OpenStack virtual machine networks, and determines the port of each virtual machine, then from each end
Selection a port carries out the monitoring of data traffic in mouthful.The mode of Port Mirroring is utilized, by all traffic mirrorings to thing
To secure resources pond, by the corresponding virtual machine of safety means in secure resources pond, to DoS, Botnet, leak analysis,
Comprehensive security monitoring is carried out in terms of WEB application safety, intrusion detection and leaking data to flow, so as to further improve
Information Security.In addition, after security monitoring is completed, can also synchronism output monitoring daily record and form, be easy to user to check, improve
Consumer's Experience.
In addition, safety means constitute secure resources pond in the form of virtual machine, it can realize that each is empty by cloud management platform
The distribution according to need of plan machine and flexible scheduling, on the one hand, configuration dilatation can be carried out to each virtual machine according to demand, on the other hand,
Multiple virtual machines in secure resources pond can constitute cluster, and user can carry out the extending transversely of node according to actual needs, ensure
Systematic function and reliability.
As shown in figure 4, in one embodiment of the invention, the device may further include:Grouped element 401;Wherein,
The grouped element 401, for for each described object to be controlled at least one described object to be controlled
Corresponding web tab is set;And according to the corresponding web tab of each described object to be controlled, to it is described at least one treat
Control object is grouped;
The setting unit 302, for setting at least one virtual machine in object to be controlled described in each group.
By taking East and West direction safe pool as an example, cloud management platform is that each customer flow sets web tab, for example, setting
Vxlan labels.According to the vxlan labels of each user, different user is grouped, the net between isolation different user groups
Network.Inside same tenant, setting is corresponding to treat virtual machine.For example, in OpenStack networks, in each user's group
Set OpenStack built in secure group component, then according to the rule of secure group component, control virtualization aspect safety with
Isolation, realizes the isolation between each user and interconnected control, so as to further improve the security of user data.
In one embodiment of the invention, the safety means include:Firewall box;
The setting unit 302, the firewall policy for setting the network to be controlled;
The security monitoring unit 303, for according to the firewall policy, entering at least one described object to be controlled
Row security monitoring.
Herein, by setting the corresponding virtual machine of firewall box in network to be controlled, and the net to be controlled is set
The firewall policy of network, this firewall policy can be after firewall services be distributed to user by cloud management platform, and user is carried out certainly
Help setting.Thus, security monitoring can be carried out to each object to be controlled in network to be controlled according to firewall policy, so that
Realize Network Isolation, protection and monitor, which thereby enhance the security of data.
The contents such as the information exchange between each unit, implementation procedure in said apparatus, due to implementing with the inventive method
Example is based on same design, and particular content can be found in the narration in the inventive method embodiment, and here is omitted.
Present invention also offers a kind of computer-readable recording medium, including execute instruction, when described in the computing device of storage control
During execute instruction, the storage control performs the method that any of the above-described embodiment of the invention is provided.
In addition, present invention also offers a kind of storage control, including:Processor, memory and bus;The memory
For storing execute instruction, the processor is connected with the memory by the bus, when storage control operation
When, the execute instruction of memory storage described in the computing device, so that the storage control is performed in the present invention
The method that any embodiment offer is provided.
In summary, each embodiment of the invention at least has the advantages that:
1st, in embodiments of the present invention, by building the corresponding virtual machine of safety means, and virtual machine is arranged on to be controlled
In network processed, then using the virtual machine of setting, to object to be controlled (number of the user in cloud computing platform in network to be controlled
According to behavior) carry out security monitoring.Thus, the possibility that the data in network to be controlled are attacked and distorted can be reduced, number is improved
According to security.
2nd, in embodiments of the present invention, it will be arranged on by virtual machines such as virtual routers in network to be controlled, to be controlled
North-south prevention and control are formed in network processed, secure resources pond is formed.User need to pass through the corresponding void of safety means in data transfer
Plan machine.Thus, in data transmission procedure, the flow that there is any discrepancy be monitored and analyze in the secure resources pond of north-south,
The functions such as security monitoring, invasion blocking are realized, so as to further improve the security of data.
3rd, in embodiments of the present invention, virtual machine forms East and West direction secure resources pond in network to be controlled, and determines every
The port of individual virtual machine, then selects a port to carry out the monitoring of data traffic from each port.Utilize Port Mirroring
Mode, it is corresponding virtual by the safety means in secure resources pond by all traffic mirrorings to East and West direction secure resources pond
Machine, to carrying out full side in terms of DoS, Botnet, leak analysis, WEB application safety, intrusion detection and leaking data to flow
The security monitoring of position, so as to further improve Information Security.
4th, in embodiments of the present invention, networking label is set by treating control object, and according to its web tab to it
Be grouped, at least one virtual machine be set in each group of object to be controlled, thus control virtualization aspect safety with every
From, realize the isolation between each user and interconnected control so that further improve user data security.
It should be noted that herein, such as first and second etc relational terms are used merely to an entity
Or operation makes a distinction with another entity or operation, and not necessarily require or imply exist between these entities or operation
Any this actual relation or order.Moreover, term " comprising ", "comprising" or its any other variant be intended to it is non-
It is exclusive to include, so that process, method, article or equipment including a series of key elements not only include those key elements,
But also other key elements including being not expressly set out, or also include solid by this process, method, article or equipment
Some key elements.In the absence of more restrictions, the key element limited by sentence " including one ", is not arranged
Except also there is other identical factor in the process including the key element, method, article or equipment.
One of ordinary skill in the art will appreciate that:Realizing all or part of step of above method embodiment can pass through
Programmed instruction related hardware is completed, and foregoing program can be stored in the storage medium of embodied on computer readable, the program
Upon execution, the step of including above method embodiment is performed;And foregoing storage medium includes:ROM, RAM, magnetic disc or light
Disk etc. is various can be with the medium of store program codes.
It is last it should be noted that:Presently preferred embodiments of the present invention is the foregoing is only, the skill of the present invention is merely to illustrate
Art scheme, is not intended to limit the scope of the present invention.Any modification for being made within the spirit and principles of the invention,
Equivalent substitution, improvement etc., are all contained in protection scope of the present invention.
Claims (10)
1. a kind of network safety control method, it is characterised in that including:
Build at least one corresponding virtual machine of at least one safety means;
At least one described virtual machine is arranged in network to be controlled;
Using at least one described virtual machine, safe prison is carried out at least one object to be controlled in the network to be controlled
Control.
2. according to the method described in claim 1, it is characterised in that
Described at least one virtual machine described in, safety is carried out at least one object to be controlled in the network to be controlled
Monitoring, including:
At least one described object to be controlled is transmitted by least one described virtual machine to data, and monitoring data is passed
Data traffic during defeated.
3. method according to claim 2, it is characterised in that
Data traffic during the monitoring data transmission, including:
Determine the port of each virtual machine;
From port each described, a port is selected;
The data traffic is monitored using the port selected.
4. according to the method described in claim 1, it is characterised in that
Before at least one described virtual machine is arranged in network to be controlled, further comprise:
For the object to be controlled of each at least one described object to be controlled, corresponding web tab is set;
According to the corresponding web tab of each described object to be controlled, at least one described object to be controlled is grouped;
Then,
It is described that at least one described virtual machine is arranged in network to be controlled, including:
At least one virtual machine is set in object to be controlled described in each group.
5. according to any described method of Claims 1-4, it is characterised in that
The safety means include:Firewall box;
It is described that at least one described virtual machine is arranged in network to be controlled, including:
The firewall policy of the network to be controlled is set;
Described at least one virtual machine described in, safety is carried out at least one object to be controlled in the network to be controlled
Monitoring, including:
According to the firewall policy, security monitoring is carried out at least one described object to be controlled.
6. a kind of network security control device, it is characterised in that including:Construction unit, setting unit and security monitoring unit;Its
In,
The construction unit, for building at least one corresponding virtual machine of at least one safety means;
The setting unit, at least one virtual machine for the construction unit to be constructed is arranged in network to be controlled;
The security monitoring unit, for using at least one described virtual machine, at least one in the network to be controlled
Object to be controlled carries out security monitoring.
7. device according to claim 6, it is characterised in that
The security monitoring unit, for making at least one described object to be controlled pass through at least one described virtual machine, logarithm
According to being transmitted, and the data traffic during monitoring data transmission.
8. device according to claim 7, it is characterised in that
The security monitoring unit, the port for determining each virtual machine from port each described, selects one
The port;And the data traffic is monitored using the port selected.
9. device according to claim 6, it is characterised in that
Further comprise:Grouped element;Wherein,
The grouped element, for setting correspondence for the object to be controlled of each at least one described object to be controlled
Web tab;And according to the corresponding web tab of each described object to be controlled, at least one described object to be controlled
It is grouped;
The setting unit, for setting at least one virtual machine in object to be controlled described in each group.
10. according to any described device of claim 6 to 9, it is characterised in that
The safety means include:Firewall box;
The setting unit, the firewall policy for setting the network to be controlled;
The security monitoring unit, for according to the firewall policy, safety to be carried out at least one described object to be controlled
Monitoring.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710352077.9A CN107046546A (en) | 2017-05-18 | 2017-05-18 | A kind of network safety control method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710352077.9A CN107046546A (en) | 2017-05-18 | 2017-05-18 | A kind of network safety control method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107046546A true CN107046546A (en) | 2017-08-15 |
Family
ID=59546722
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710352077.9A Pending CN107046546A (en) | 2017-05-18 | 2017-05-18 | A kind of network safety control method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107046546A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109428863A (en) * | 2017-08-30 | 2019-03-05 | 阿里巴巴集团控股有限公司 | Safety protecting method, data processing method, device and the equipment of container service |
| CN110198246A (en) * | 2018-02-26 | 2019-09-03 | 腾讯科技(北京)有限公司 | A kind of method and system of traffic monitoring |
| CN111093099A (en) * | 2019-02-15 | 2020-05-01 | 杭州海康威视系统技术有限公司 | Streaming media service scheduling method, device and system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103746997A (en) * | 2014-01-10 | 2014-04-23 | 浪潮电子信息产业股份有限公司 | Network security solution for cloud computing center |
| CN104917653A (en) * | 2015-06-26 | 2015-09-16 | 北京奇虎科技有限公司 | Virtual flow monitoring method based on cloud platform and device thereof |
| CN105099821A (en) * | 2015-07-30 | 2015-11-25 | 北京奇虎科技有限公司 | Flow monitoring method and apparatus based on cloud virtual environment |
| CN105245504A (en) * | 2015-09-10 | 2016-01-13 | 北京汉柏科技有限公司 | North-south flow safety protection system in cloud computing network |
| CN105656841A (en) * | 2014-11-11 | 2016-06-08 | 杭州华三通信技术有限公司 | Method and device for realizing virtual firewall in software defined network |
-
2017
- 2017-05-18 CN CN201710352077.9A patent/CN107046546A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103746997A (en) * | 2014-01-10 | 2014-04-23 | 浪潮电子信息产业股份有限公司 | Network security solution for cloud computing center |
| CN105656841A (en) * | 2014-11-11 | 2016-06-08 | 杭州华三通信技术有限公司 | Method and device for realizing virtual firewall in software defined network |
| CN104917653A (en) * | 2015-06-26 | 2015-09-16 | 北京奇虎科技有限公司 | Virtual flow monitoring method based on cloud platform and device thereof |
| CN105099821A (en) * | 2015-07-30 | 2015-11-25 | 北京奇虎科技有限公司 | Flow monitoring method and apparatus based on cloud virtual environment |
| CN105245504A (en) * | 2015-09-10 | 2016-01-13 | 北京汉柏科技有限公司 | North-south flow safety protection system in cloud computing network |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109428863A (en) * | 2017-08-30 | 2019-03-05 | 阿里巴巴集团控股有限公司 | Safety protecting method, data processing method, device and the equipment of container service |
| CN109428863B (en) * | 2017-08-30 | 2022-08-02 | 阿里巴巴集团控股有限公司 | Safety protection method, data processing method, device and equipment for container service |
| CN110198246A (en) * | 2018-02-26 | 2019-09-03 | 腾讯科技(北京)有限公司 | A kind of method and system of traffic monitoring |
| CN111093099A (en) * | 2019-02-15 | 2020-05-01 | 杭州海康威视系统技术有限公司 | Streaming media service scheduling method, device and system |
| CN111093099B (en) * | 2019-02-15 | 2023-04-18 | 杭州海康威视系统技术有限公司 | Streaming media service scheduling method, device and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110214311A (en) | The differential section of virtual computing element | |
| CN102811239B (en) | A kind of dummy machine system and its method of controlling security | |
| CN104601601B (en) | The detection method and device of web crawlers | |
| CN107153565A (en) | Configure the method and its network equipment of resource | |
| US8732703B2 (en) | Verifying virtual machines | |
| Hu et al. | MNOS: a mimic network operating system for software defined networks | |
| CN109889517A (en) | Data processing method, permissions data collection creation method, device and electronic equipment | |
| CN107046546A (en) | A kind of network safety control method and device | |
| KR102160950B1 (en) | Data Distribution System and Its Method for Security Vulnerability Inspection | |
| Tian et al. | Honeypot game‐theoretical model for defending against APT attacks with limited resources in cyber‐physical systems | |
| US10491513B2 (en) | Verifying packet tags in software defined networks | |
| WO2018093647A1 (en) | Systems and methods for detecting an attack on an auto-generated website by a virtual machine | |
| CN108011894A (en) | Botnet detecting system and method under a kind of software defined network | |
| CN106685974A (en) | Establishing and providing method and device of safety protection services | |
| CN111865996A (en) | Data detection method and device and electronic equipment | |
| CN105303102A (en) | Secure access method for virtual machine and virtual machine system | |
| CN113904852A (en) | Honeypot dynamic deployment method and device, electronic equipment and readable storage medium | |
| CN109995787A (en) | A kind of data processing method and relevant device | |
| Choe et al. | eBPF/XDP based network traffic visualization and dos mitigation for intelligent service protection | |
| EP3655878A1 (en) | Advanced cybersecurity threat mitigation using behavioral and deep analytics | |
| CN108289080A (en) | A kind of methods, devices and systems accessing file system | |
| Sattar et al. | Proactive and dynamic slice allocation in sliced 5g core networks | |
| CN109450933B (en) | Network system for nuclear power plant emergency network | |
| CN109246248A (en) | The credible and secure shared system of data and method based on block chain technology | |
| CN108881060A (en) | A kind of method and device handling communication message |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170815 |
|
| RJ01 | Rejection of invention patent application after publication |