WO2019080163A1 - Method for identifying fake source communication of cloud platform virtual switch - Google Patents

Method for identifying fake source communication of cloud platform virtual switch

Info

Publication number
WO2019080163A1
WO2019080163A1 PCT/CN2017/109595 CN2017109595W WO2019080163A1 WO 2019080163 A1 WO2019080163 A1 WO 2019080163A1 CN 2017109595 W CN2017109595 W CN 2017109595W WO 2019080163 A1 WO2019080163 A1 WO 2019080163A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
address
virtual switch
virtual
port
Prior art date
Application number
PCT/CN2017/109595
Other languages
French (fr)
Chinese (zh)
Inventor
罗义兵
季统凯
Original Assignee
国云科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 国云科技股份有限公司 filed Critical 国云科技股份有限公司
Publication of WO2019080163A1 publication Critical patent/WO2019080163A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/70Virtual switches
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Definitions

  • the technical problem to be solved by the present invention is to provide a method for identifying a forged source communication of a cloud platform virtual switch, and to check the security of the communication from the perspective of the virtual switch of the cloud platform.
  • the method includes the following steps:
  • the detection method is:
  • the port it is judged to be an internal port or an external port.
  • the internal ports are: virtual interfaces of the cloud platform virtual machine, the container, the physical machine, and the docking port of the virtual switch;
  • the API for querying the network information is acquired to obtain the network IP and MAC address information recorded in the controller, if the IP, If the MAC and the feature record are inconsistent, it is determined that the IP and MAC records of the communication belong to the forged source communication;
  • the API for querying the network information is invoked according to the MAC and IP address of the feature record to query whether the IP and MAC exist on the controller; if the information exists on the controller, the time is queried in the feature record database. Whether the MAC and IP feature records exist on other nearby virtual switches. If not found and the MAC address is not the gateway MAC address, it is determined that the IP and MAC data communication is forged; if the MAC address is the gateway MAC address, then Go to (4) for processing;
  • the communication belongs to the communication outside the cloud platform and the cloud platform, and the detection is implemented by using a third-party detection tool; and the detection method of the simple credibility model is included.
  • the virtual switch is an OpenvSwitch; the network data exchange of the virtual machine, the container, or the physical machine passes through the virtual switch; the network of the virtual machine, the container, or the physical machine is directly or indirectly established on the virtual switch. On the port.
  • the characteristic information includes a communication source mac address, a source IP address, a VLAN identifier, a virtual switch port number, a virtual switch host number, a traffic information, and a switch identifier.
  • the number and virtual switch host number information are collected and collected by the sflow protocol.
  • the database uses influxdb as data storage, and periodically clears the feature information records exceeding the threshold time to ensure the timeliness of the records.
  • the network controller provides an information API interface for querying the network, and stores network information on the cloud platform, which includes mac, IP address, VLAN information, network subnet information, and virtual interface information of the bound virtual machine.
  • the method of the invention can identify the forged source mac and ip address communication for data exchange on the virtual switch of the cloud platform, in particular, identify the forged source communication within the cloud platform, and improve the security monitoring capability of the virtual switch communication on the cloud platform.
  • Figure 1 is a flow chart of the present invention.
  • This article takes OpenvSwitch as the virtual switch and Neutron component as the network controller as an example.
  • Agent_IP is the IP of the host on the virtual switch
  • COLLECTOR_IP is the IP of the collector
  • the aftBD913EAA port is connected to the virtual machine and is the internal port.
  • the eth0 port is an external port.
  • the aftBD913EAA is an internal interface, and obtains the virtual network interface of the virtual machine uuidf04fc4ec-f1de-4210-a606-2977a48ac725 bound to the virtual machine according to the port number, and the IP address recorded on the controller side
  • the MAC address is fa:16:3e:29:64:e7, and the ip address is 11.11.11.5.
  • the record is legal communication.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

The present invention relates to the field of cloud computing network security technologies, and in particular, to a method for identifying a fake source communication of a cloud platform virtual switch. The method of the invention comprises the following steps: (1) obtaining, on a virtual switch port, feature information such as a source mac address and a source IP address of a communication packet; (2) storing the feature information in the database in sequence according to the time series relationship; (3) analyzing the feature information record set for a period of time according to data and a detection method of a network controller; and if a record of a fake mac address or fake IP address is obtained, then it is identified that a fake source communication behavior exists on the corresponding port on the virtual switch. With the invention, the fake source communication behavior on the virtual switch of the cloud platform can be identified to a certain extent, and the network security monitoring capability of the cloud platform can be improved.

Description

一种对云平台虚拟交换机伪造源通信的识别方法Method for identifying forged source communication of cloud platform virtual switch 技术领域Technical field
本发明涉及云计算网络安全技术领域,特别一种对云平台虚拟交换机伪造源通信的识别方法。The present invention relates to the field of cloud computing network security technologies, and in particular, to a method for identifying a fake source communication of a cloud platform virtual switch.
背景技术Background technique
随着云计算的发展,很多业务系统迁移到虚拟化平台上,显得虚拟化平台的网络安全性尤为重要了。传统的方法是在虚拟化网络边界处检查网络是否收到攻击、病毒入侵的行为。但是对于虚拟化平台,在一个虚拟化平台内部的网络安全检查行为目前很少有好的方法;而且内部的网络通信占据了很重要的比重,是否可以着手于云平台上的虚拟交换机来检查通信的安全性呢?是值得研究的问题。With the development of cloud computing, many business systems have migrated to the virtualization platform, which makes the network security of the virtualization platform particularly important. The traditional method is to check whether the network receives attacks and virus intrusion at the boundary of the virtualized network. However, for the virtualization platform, there are few good methods for network security check behavior within a virtualization platform; and internal network communication occupies a very important proportion, whether it can start to check the communication on the virtual switch on the cloud platform. Security? It is a question worth studying.
发明内容Summary of the invention
本发明解决的技术问题是提供一种对云平台虚拟交换机伪造源通信的识别方法,实现从云平台虚拟交换机角度来检查通信的安全性。The technical problem to be solved by the present invention is to provide a method for identifying a forged source communication of a cloud platform virtual switch, and to check the security of the communication from the perspective of the virtual switch of the cloud platform.
本发明解决上述技术问题的技术方案是:The technical solution of the present invention to solve the above technical problem is:
所述的方法包括如下步骤:The method includes the following steps:
(1)在虚拟交换机的端口上获取通信数据包的源mac地址、源IP地址、VLAN标识、端口号、虚拟交换机所在主机号、交换机标识特征信息;(1) Obtaining the source mac address, source IP address, VLAN ID, port number, host number of the virtual switch, and switch identification feature information of the communication packet on the port of the virtual switch;
(2)将特征信息按照时序关系依次存储在数据库中;(2) storing the feature information in the database in sequence according to the time series relationship;
(3)根据网络控制器的数据和检测方法,分析一段时间内特征信息记录集; 如获得mac地址或IP地址伪造的记录;则将其识别为该虚拟交换机上对应端口存在伪造源的通信行为。(3) analyzing the feature information record set for a period of time according to the data and detection method of the network controller; If the record is forged by the mac address or IP address, it is identified as the communication behavior of the counter source on the corresponding port on the virtual switch.
所述的检测方法是:The detection method is:
(1)根据端口判断是内部端口或外部端口,(1) According to the port, it is judged to be an internal port or an external port.
内部端口为:云平台虚拟机、容器、物理机的虚拟接口和虚拟交换机的对接端口;The internal ports are: virtual interfaces of the cloud platform virtual machine, the container, the physical machine, and the docking port of the virtual switch;
外部端口为虚拟交换机与物理网卡接入、作为对外接入通信的接口,实现跨节点间的虚拟交换机之间或者云平台外部与内部通信的端口;The external port is a virtual switch and a physical network card, and serves as an interface for external access communication, and implements a port for communication between the virtual switches between nodes or between the cloud platform and the outside of the cloud platform;
(2)对内部端口,则根据端口号所绑定的虚拟机、容器、物理机的虚拟接口信息,调用查询网络信息的API获取控制器中记录的网络IP、MAC地址信息,如果该IP、MAC和特征记录上的不一致,则判断该通信的IP和MAC记录属于伪造源通信;(2) For the internal port, according to the virtual interface information of the virtual machine, the container, and the physical machine to which the port number is bound, the API for querying the network information is acquired to obtain the network IP and MAC address information recorded in the controller, if the IP, If the MAC and the feature record are inconsistent, it is determined that the IP and MAC records of the communication belong to the forged source communication;
(3)对外部端口,则根据特征记录上MAC和IP地址调用查询网络信息的API查询控制器上该IP和MAC是否存在;如果控制器上存在该信息,则在特征记录数据库中查询该时间附近的其他虚拟交换机上是否存在该MAC和IP特征记录,如果没有找到并且该MAC地址不是网关MAC地址,则判断该IP和MAC数据通信属于伪造的;如果该MAC地址为网关MAC地址,则转到(4)进行处理;(3) For the external port, the API for querying the network information is invoked according to the MAC and IP address of the feature record to query whether the IP and MAC exist on the controller; if the information exists on the controller, the time is queried in the feature record database. Whether the MAC and IP feature records exist on other nearby virtual switches. If not found and the MAC address is not the gateway MAC address, it is determined that the IP and MAC data communication is forged; if the MAC address is the gateway MAC address, then Go to (4) for processing;
(4)该通信属于云平台外部和云平台内部的通信,借助第三方的检测工具来实现检测;包括朴素可信度模型的检测方法。(4) The communication belongs to the communication outside the cloud platform and the cloud platform, and the detection is implemented by using a third-party detection tool; and the detection method of the simple credibility model is included.
所述的虚拟交换机为OpenvSwitch;虚拟机、容器或物理机的网络数据交换经过虚拟交换机;虚拟机、容器或物理机的网络直接或间接建立在虚拟交换机 的端口上。The virtual switch is an OpenvSwitch; the network data exchange of the virtual machine, the container, or the physical machine passes through the virtual switch; the network of the virtual machine, the container, or the physical machine is directly or indirectly established on the virtual switch. On the port.
所述的特征信息包含通信源mac地址、源IP地址、VLAN标识、虚拟交换机端口号、虚拟交换机主机号、流量信息、交换机标识;其中,源mac地址、源IP地址、VLAN标识、虚拟交换机端口号、虚拟交换机主机号信息由sflow协议采集获取。The characteristic information includes a communication source mac address, a source IP address, a VLAN identifier, a virtual switch port number, a virtual switch host number, a traffic information, and a switch identifier. The source mac address, the source IP address, the VLAN identifier, and the virtual switch port. The number and virtual switch host number information are collected and collected by the sflow protocol.
所述的数据库以influxdb作为数据存储,定期清除超过阈值时间的特征信息记录,保证记录的时效性。The database uses influxdb as data storage, and periodically clears the feature information records exceeding the threshold time to ensure the timeliness of the records.
所述的网络控制器对外提供查询网络的信息API接口,存储了云平台上网络信息,其包含了mac、IP地址、VLAN信息、网络子网信息、绑定的虚拟机的虚拟接口信息。The network controller provides an information API interface for querying the network, and stores network information on the cloud platform, which includes mac, IP address, VLAN information, network subnet information, and virtual interface information of the bound virtual machine.
本发明方案的有益效果如下:The beneficial effects of the solution of the present invention are as follows:
本发明的方法可以对云平台的虚拟交换机上的数据交换进行伪造源mac和ip地址通信的识别,特别是云平台内部伪造源通信的识别,提高了云平台上虚拟交换机通信的安全监测能力。The method of the invention can identify the forged source mac and ip address communication for data exchange on the virtual switch of the cloud platform, in particular, identify the forged source communication within the cloud platform, and improve the security monitoring capability of the virtual switch communication on the cloud platform.
附图说明DRAWINGS
下面结合附图对本发明进一步说明:The present invention is further described below in conjunction with the accompanying drawings:
图1为本发明的流程图。Figure 1 is a flow chart of the present invention.
具体实施方式Detailed ways
本文以OpenvSwitch为虚拟交换机,Neutron组件作为网络控制器为例,This article takes OpenvSwitch as the virtual switch and Neutron component as the network controller as an example.
1、获取OpenvSwitch端口的网络特征信息,以sflow协议作为数据包采集协议1. Obtain the network feature information of the OpenvSwitch port, and use the sflow protocol as the packet collection protocol.
sflow的采集和OpenvSwitch对接 Sflow acquisition and OpenvSwitch docking
Figure PCTCN2017109595-appb-000001
Figure PCTCN2017109595-appb-000001
其中Agent_IP为虚拟交换机上宿主机的IP,COLLECTOR_IP为收集器的IPAgent_IP is the IP of the host on the virtual switch, and COLLECTOR_IP is the IP of the collector.
2、采集的特征信息存取到数据库中,本文以influxdb作为存储数据库为2, the collected feature information is accessed into the database, this article uses influxdb as the storage database
例如插入switch_records表记录For example, insert the switch_records table record
Figure PCTCN2017109595-appb-000002
Figure PCTCN2017109595-appb-000002
3、检查识别伪造源3. Check and identify the source of forgery
(1)区分内、外部端口(1) Distinguish between internal and external ports
以云平台管理虚拟机的网络为例进行说明,在宿主机上执行ovs-vsctl show命令,获取到如下输出Take the cloud platform management virtual machine network as an example. Execute the ovs-vsctl show command on the host machine to obtain the following output.
Figure PCTCN2017109595-appb-000003
Figure PCTCN2017109595-appb-000003
Figure PCTCN2017109595-appb-000004
Figure PCTCN2017109595-appb-000004
可以查看相关端口上,该aftBD913EAA端口与虚拟机连接,则为内部端口;You can view the related port. The aftBD913EAA port is connected to the virtual machine and is the internal port.
该eth0端口为外部端口。The eth0 port is an external port.
(2)该aftBD913EAA为内部接口,则获取绑定的虚拟机的根据端口号所绑定的虚拟机uuidf04fc4ec-f1de-4210-a606-2977a48ac725的虚拟网络接口,其在控制器端上记录的IP和MAC地址为fa:16:3e:29:64:e7,ip地址为11.11.11.5,则该记录为合法通信;(2) The aftBD913EAA is an internal interface, and obtains the virtual network interface of the virtual machine uuidf04fc4ec-f1de-4210-a606-2977a48ac725 bound to the virtual machine according to the port number, and the IP address recorded on the controller side The MAC address is fa:16:3e:29:64:e7, and the ip address is 11.11.11.5. The record is legal communication.
(3)该eth0为外部端口,在控制器的数据中查询其MAC和IP fa:16:3e:c3:04:97,ip=10.0.0.224是否存在,存在该条记录,则在特征记录中其他主机上没有查询到该记录信息,则经过该eth0端口该条数据包属于伪造的。 (3) The eth0 is an external port, and the MAC and IP fa:16:3e:c3:04:97, ip=10.0.0.224 is checked in the data of the controller. If the record exists, it is in the feature record. If the record information is not queried on other hosts, the packet is forged through the eth0 port.

Claims (7)

  1. 一种对云平台虚拟交换机伪造源通信的识别方法,其特征在于,所述的方法包括如下步骤:A method for identifying a forged source communication of a virtual switch of a cloud platform, characterized in that the method comprises the following steps:
    (1)在虚拟交换机的端口上获取通信数据包的源mac地址、源IP地址、VLAN标识、端口号、虚拟交换机所在主机号、交换机标识特征信息;(1) Obtaining the source mac address, source IP address, VLAN ID, port number, host number of the virtual switch, and switch identification feature information of the communication packet on the port of the virtual switch;
    (2)将特征信息按照时序关系依次存储在数据库中;(2) storing the feature information in the database in sequence according to the time series relationship;
    (3)根据网络控制器的数据和检测方法,分析一段时间内特征信息记录集;如获得mac地址或IP地址伪造的记录;则将其识别为该虚拟交换机上对应端口存在伪造源的通信行为。(3) analyzing the feature information record set for a period of time according to the data and detection method of the network controller; if obtaining the record of the mac address or IP address forgery; identifying it as the communication behavior of the counter source of the corresponding port on the virtual switch .
    所述的检测方法是:The detection method is:
    (1)根据端口判断是内部端口或外部端口,(1) According to the port, it is judged to be an internal port or an external port.
    内部端口为:云平台虚拟机、容器、物理机的虚拟接口和虚拟交换机的对接端口;The internal ports are: virtual interfaces of the cloud platform virtual machine, the container, the physical machine, and the docking port of the virtual switch;
    外部端口为虚拟交换机与物理网卡接入、作为对外接入通信的接口,实现跨节点间的虚拟交换机之间或者云平台外部与内部通信的端口;The external port is a virtual switch and a physical network card, and serves as an interface for external access communication, and implements a port for communication between the virtual switches between nodes or between the cloud platform and the outside of the cloud platform;
    (2)对内部端口,则根据端口号所绑定的虚拟机、容器、物理机的虚拟接口信息,调用查询网络信息的API获取控制器中记录的网络IP、MAC地址信息,如果该IP、MAC和特征记录上的不一致,则判断该通信的IP和MAC记录属于伪造源通信;(2) For the internal port, according to the virtual interface information of the virtual machine, the container, and the physical machine to which the port number is bound, the API for querying the network information is acquired to obtain the network IP and MAC address information recorded in the controller, if the IP, If the MAC and the feature record are inconsistent, it is determined that the IP and MAC records of the communication belong to the forged source communication;
    (3)对外部端口,则根据特征记录上MAC和IP地址调用查询网络信息的API查询控制器上该IP和MAC是否存在;如果控制器上存在该信息,则在特 征记录数据库中查询该时间附近的其他虚拟交换机上是否存在该MAC和IP特征记录,如果没有找到并且该MAC地址不是网关MAC地址,则判断该IP和MAC数据通信属于伪造的;如果该MAC地址为网关MAC地址,则转到(4)进行处理;(3) For the external port, the API for querying the network information is invoked according to the MAC and IP address of the feature record to query whether the IP and MAC exist on the controller; if the information exists on the controller, then Checking whether the MAC and IP feature records exist on the other virtual switches in the vicinity of the time in the record database. If the MAC address is not found and the MAC address is not the gateway MAC address, it is determined that the IP and MAC data communication is forged; if the MAC address For the gateway MAC address, go to (4) for processing;
    (4)该通信属于云平台外部和云平台内部的通信,借助第三方的检测工具来实现检测;包括朴素可信度模型的检测方法。(4) The communication belongs to the communication outside the cloud platform and the cloud platform, and the detection is implemented by using a third-party detection tool; and the detection method of the simple credibility model is included.
  2. 根据权利要求1所述的方法,其特征在于,所述的虚拟交换机为OpenvSwitch;虚拟机、容器或物理机的网络数据交换经过虚拟交换机;虚拟机、容器或物理机的网络直接或间接建立在虚拟交换机的端口上。The method according to claim 1, wherein the virtual switch is an OpenvSwitch; the network data exchange of the virtual machine, the container or the physical machine passes through the virtual switch; the network of the virtual machine, the container or the physical machine is directly or indirectly established On the port of the virtual switch.
  3. 根据权利要求1所述的方法其特征在于,所述的特征信息包含通信源mac地址、源IP地址、VLAN标识、虚拟交换机端口号、虚拟交换机主机号、流量信息、交换机标识;其中,源mac地址、源IP地址、VLAN标识、虚拟交换机端口号、虚拟交换机主机号信息由sflow协议采集获取。The method according to claim 1, wherein the feature information comprises a communication source mac address, a source IP address, a VLAN identifier, a virtual switch port number, a virtual switch host number, a traffic information, and a switch identifier; wherein, the source mac The address, source IP address, VLAN ID, virtual switch port number, and virtual switch host number are collected and obtained by the sflow protocol.
  4. 根据权利要求2所述的方法其特征在于,所述的特征信息包含通信源mac地址、源IP地址、VLAN标识、虚拟交换机端口号、虚拟交换机主机号、流量信息、交换机标识;其中,源mac地址、源IP地址、VLAN标识、虚拟交换机端口号、虚拟交换机主机号信息由sflow协议采集获取。The method according to claim 2, wherein the feature information comprises a communication source mac address, a source IP address, a VLAN identifier, a virtual switch port number, a virtual switch host number, a traffic information, and a switch identifier; wherein, the source mac The address, source IP address, VLAN ID, virtual switch port number, and virtual switch host number are collected and obtained by the sflow protocol.
  5. 根据权利要求1至4任一项所述的方法,其特征在于,所述的数据库以influxdb作为数据存储,定期清除超过阈值时间的特征信息记录,保证记录的时效性。The method according to any one of claims 1 to 4, wherein the database is stored as influxdb, and the feature information records exceeding the threshold time are periodically cleared to ensure the timeliness of the records.
  6. 根据权利要求1至4任一项所述的方法,其特征在于,所述的网络控制器对外提供查询网络的信息API接口,存储了云平台上网络信息,其包含了mac、 IP地址、VLAN信息、网络子网信息、绑定的虚拟机的虚拟接口信息。The method according to any one of claims 1 to 4, wherein the network controller provides an information API interface for querying the network, and stores network information on the cloud platform, which includes the mac, IP address, VLAN information, network subnet information, and virtual interface information of the bound virtual machine.
  7. 根据权利要求5所述的方法,其特征在于,所述的网络控制器对外提供查询网络的信息API接口,存储了云平台上网络信息,其包含了mac、IP地址、VLAN信息、网络子网信息、绑定的虚拟机的虚拟接口信息。 The method according to claim 5, wherein the network controller provides an information API interface for querying the network, and stores network information on the cloud platform, which includes mac, IP address, VLAN information, and network subnet. Information, virtual interface information of the bound virtual machine.
PCT/CN2017/109595 2017-10-23 2017-11-06 Method for identifying fake source communication of cloud platform virtual switch WO2019080163A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710994937.9A CN107800696B (en) 2017-10-23 2017-10-23 Method for identifying communication counterfeiting source on cloud platform virtual switch
CN201710994937.9 2017-10-23

Publications (1)

Publication Number Publication Date
WO2019080163A1 true WO2019080163A1 (en) 2019-05-02

Family

ID=61533510

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/109595 WO2019080163A1 (en) 2017-10-23 2017-11-06 Method for identifying fake source communication of cloud platform virtual switch

Country Status (2)

Country Link
CN (1) CN107800696B (en)
WO (1) WO2019080163A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108989086B (en) * 2018-06-20 2021-03-30 复旦大学 Open vSwitch illegal port operation automatic discovery and tracing system in OpenStack platform

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7870246B1 (en) * 2005-08-30 2011-01-11 Mcafee, Inc. System, method, and computer program product for platform-independent port discovery
CN105657081A (en) * 2016-04-07 2016-06-08 华为技术有限公司 DHCP (dynamic host configuration protocol) service providing method, device and system
CN106878320A (en) * 2017-03-09 2017-06-20 郑州云海信息技术有限公司 A kind of method and apparatus for preventing IP address spoofing
CN106961394A (en) * 2017-03-31 2017-07-18 联想(北京)有限公司 Suppress interchanger to flood the method and apparatus of storm

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9306916B2 (en) * 2013-12-25 2016-04-05 Cavium, Inc. System and a method for a remote direct memory access over converged ethernet
WO2015184586A1 (en) * 2014-06-03 2015-12-10 华为技术有限公司 Openflow communication method, system, controller, and service gateway
CN105577548B (en) * 2014-10-10 2018-10-09 新华三技术有限公司 Message processing method and device in a kind of software defined network
CN105871787A (en) * 2015-01-22 2016-08-17 中国移动通信集团公司 Intrusion prevention method applied to cloud virtual network, device, network device and system
US9497165B2 (en) * 2015-03-26 2016-11-15 International Business Machines Corporation Virtual firewall load balancer
CN104994094B (en) * 2015-07-01 2016-11-30 北京奇虎科技有限公司 Virtual platform safety protecting method based on virtual switch, device and system
CN105429946A (en) * 2015-10-28 2016-03-23 广州西麦科技股份有限公司 System and method of preventing forging IP address based on SDN virtual switch
CN107104852A (en) * 2017-03-28 2017-08-29 深圳市神云科技有限公司 Monitor the method and device of cloud platform virtual network environment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7870246B1 (en) * 2005-08-30 2011-01-11 Mcafee, Inc. System, method, and computer program product for platform-independent port discovery
CN105657081A (en) * 2016-04-07 2016-06-08 华为技术有限公司 DHCP (dynamic host configuration protocol) service providing method, device and system
CN106878320A (en) * 2017-03-09 2017-06-20 郑州云海信息技术有限公司 A kind of method and apparatus for preventing IP address spoofing
CN106961394A (en) * 2017-03-31 2017-07-18 联想(北京)有限公司 Suppress interchanger to flood the method and apparatus of storm

Also Published As

Publication number Publication date
CN107800696A (en) 2018-03-13
CN107800696B (en) 2020-07-03

Similar Documents

Publication Publication Date Title
CN113228589B (en) Protecting network-based computing resources using tags
US10873534B1 (en) Data plane with flow learning circuit
CN109040130B (en) Method for measuring host network behavior pattern based on attribute relation graph
CN109379390B (en) Network security baseline generation method based on full flow
CN102487339A (en) Attack preventing method for network equipment and device
US9847968B2 (en) Method and system for generating durable host identifiers using network artifacts
CN110933111B (en) DDoS attack identification method and device based on DPI
CN106341337A (en) Flow detection and control mechanism capable of realizing application perception under SDN and method
EP2836911A2 (en) Network virtual user risk control method and system
EP3282643B1 (en) Method and apparatus of estimating conversation in a distributed netflow environment
CN109951459A (en) A kind of ARP spoofing attack detection method based on local area network
CN107302534A (en) A kind of DDoS network attack detecting methods and device based on big data platform
CN106533947B (en) Message processing method and device
CN109271793A (en) Internet of Things cloud platform device class recognition methods and system
CN106899612A (en) A kind of method of automatic detection personation host A RP deceptions
CN106790062A (en) A kind of method for detecting abnormality and system based on the polymerization of inverse dns nailing attribute
CN108540387A (en) Method for network access control and device
CN107070930A (en) A kind of suspicious network towards main frame connects recognition methods
CN108833430B (en) Topology protection method of software defined network
CN110377977A (en) Detection method, device and the storage medium of sensitive information leakage
CN104113880B (en) Method of data flow control and system
WO2019080163A1 (en) Method for identifying fake source communication of cloud platform virtual switch
CN105718793A (en) Method and system for preventing malicious code from identifying sandbox on the basis of sandbox environment modification
CN106603471B (en) A kind of firewall policy detection method and device
CN108566382B (en) Firewall self-adaption capability improving method based on rule life cycle detection

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17930131

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17930131

Country of ref document: EP

Kind code of ref document: A1