CN110298381A - A kind of cloud security service functional tree Network Intrusion Detection System - Google Patents

A kind of cloud security service functional tree Network Intrusion Detection System Download PDF

Info

Publication number
CN110298381A
CN110298381A CN201910441565.6A CN201910441565A CN110298381A CN 110298381 A CN110298381 A CN 110298381A CN 201910441565 A CN201910441565 A CN 201910441565A CN 110298381 A CN110298381 A CN 110298381A
Authority
CN
China
Prior art keywords
network
tree
submodule
resource
cloud security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910441565.6A
Other languages
Chinese (zh)
Other versions
CN110298381B (en
Inventor
余顺争
罗经伦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sun Yat Sen University
Original Assignee
Sun Yat Sen University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sun Yat Sen University filed Critical Sun Yat Sen University
Priority to CN201910441565.6A priority Critical patent/CN110298381B/en
Publication of CN110298381A publication Critical patent/CN110298381A/en
Application granted granted Critical
Publication of CN110298381B publication Critical patent/CN110298381B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/21Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
    • G06F18/214Generating training patterns; Bootstrap methods, e.g. bagging or boosting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Data Mining & Analysis (AREA)
  • Theoretical Computer Science (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Evolutionary Computation (AREA)
  • Evolutionary Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Artificial Intelligence (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention relates to network monitoring fields, more specifically, it is related to a kind of cloud security service functional tree Network Intrusion Detection System, the system includes service tree topology orchestration module, service tree topology mapping block, stream characteristic library module, global resource monitoring module;The present invention provides cloud security resource using network function virtualization technology;According to cloud security situation flexible customization Prevention-Security strategy, cloud security service functional tree is disposed in the direction close to network attack source, gradually subdivision is carried out to suspicious network traffic and is identified;, can be in the cloud security service functional tree branch after subdivision according to Prevention-Security strategy, the network properties of flow according to current branch dispatches corresponding cloud security VNF and carries out the processing of more fine granularity, substantially increases the safety of network.

Description

A kind of cloud security service functional tree Network Intrusion Detection System
Technical field
The present invention relates to network monitoring field, more particularly, to it is a kind of SDN the base realized in NFV cloud computing environment In the cloud security service functional tree Network Intrusion Detection System of decision tree classification.
Background technique
During two hosts for accessing network are communicated, the transmitting of data message is needed by being distributed in number According to the various network function nodes of center everywhere, just can guarantee can be provided during communication for user it is safe, fast, steady Fixed network service.When the network flow of business is needed according to set sequence required by service logic, by corresponding network Functional node delivers network data Message processing again, the network function node and link that these network flows are passed through, It is generally termed service function chain.Service function chain and underlying physical network topology close-coupled in traditional network, be difficult to dispose, Difficulty is updated, and the realization of network function is deployed in the special network function hardware device of data center everywhere dependent on static state. When business demand changes, when service chaining is that the new business demand needs of reply are changed with load capacity dilatation, all It needs to modify to physical network topology.
The information island quagmire of conventional data centers has been broken in the proposition of cloud computing concept, in cloud computation data center, Have benefited from being widely used for virtualization technology, SDN technology and NFV technology realize the networking of tenant's logic and bottom physical network Decoupling, the separation of control layer and forwarding virtualize dynamic creation and the flexible deployment of network function VNF.Therefore, by cloud It calculates and disposes service function chain in environment, provide new thinking to solve network security problem.
Summary of the invention
To overcome described in the above-mentioned prior art when business demand changes, service chaining is the new business demand of reply When needing to change with load capacity dilatation, the deficiency modified to physical network topology is required, the present invention provides A kind of cloud security service functional tree Network Intrusion Detection System.
In order to solve the above technical problems, technical scheme is as follows:
A kind of cloud security service functional tree Network Intrusion Detection System, including service tree topology orchestration module, service tree are opened up Flutter mapping block, stream characteristic library module, global resource monitoring module;
The stream characteristic library module is used to store the network flow characteristic of network attack, selects in conjunction with cloud security situation Corresponding network attack stream characteristic data set is taken to construct corresponding training set;
The service tree topology orchestration module is used to that cloud security situation to be combined to construct Decision-Tree Classifier Model, special using stream The training set built in sign database module is trained to decision-tree model and beta pruning, by trained decision tree classification mould Type passes to service tree topology mapping block;
The service tree topology mapping block is for receiving decision tree classification constructed by service tree topology orchestration module The decision rule matched node of Decision-Tree Classifier Model is mapped in corresponding service function tree node by model, in service function It can matching and classification of the tree node completion to network flow;
The global resource monitoring module is for convection current characteristic library module, service tree topology orchestration module and clothes Resource in business tree topology mapping block in network-wide basis is monitored and safeguards, thus in cloud security service function tree topology In the building process of mapping and virtual logical network, the actual bearer ability information of underlying infrastructure, optimization VNF money are provided The mapping and deployment in source.
Preferably, the Decision-Tree Classifier Model carries out stacking multiplexing to optimize security function to multiple service function chains Layout and virtual resource deployment dispose cloud security service functional tree in the direction close to network attack source, to suspicious network stream Amount carries out the fine granularity processing that specificity is completed in gradually subdivision identification.
Preferably, the service tree topology mapping block includes flow scheduling submodule and VNF scheduling of resource submodule Block, the flow scheduling submodule are used to carry out network data message classification improvement, complete forwarding strategy matching;Described VNF scheduling of resource submodule is used to carry out scheduling on demand and classification according to service function tree layout strategy.
Preferably, the flow scheduling submodule using OpenFlow multilevel flow table according to source direction come to network number Classification improvement is carried out according to message.
Preferably, the VNF scheduling of resource submodule uses Docker container as the carrying of virtual network function, root Scheduling on demand is carried out according to service function tree layout strategy.
Preferably, the global resource monitoring module further include Topology Discovery submodule, VNF monitoring resource submodule with And infrastructure resources monitoring submodule;The Topology Discovery submodule be used for complete network-wide basis discovering network topology and Fictitious host computer discovery;The VNF monitoring resource submodule is used to complete the state analysis and system to VNF resource in network-wide basis Meter;The infrastructure resources monitoring submodule is for being monitored the physical equipment operating status of infrastructure layer;It opens up Discovery submodule is flutterred, it is mutually indepedent between VNF monitoring resource submodule and each submodule of infrastructure resources monitoring submodule Each self-monitoring status information is uniformly summarized submission into global resource monitoring module and handled by work.Preferably, described Topology Discovery submodule realize that the module passes through encapsulation and carry out modular secondary development in SDN controller LLDP link discovery protocols and ARP protocol complete the discovering network topology and fictitious host computer hair of network-wide basis as probe messages It is existing.
Preferably, the VNF monitoring resource submodule passes through in VNF node deployment network flow collection apparatus module and real Shi Gengxin network flow characteristic information completes state analysis and system to VNF resource in network-wide basis to VNF monitoring resource submodule Meter.
Preferably, the infrastructure resources monitoring submodule, by obtaining physical server in network-wide basis in real time The resources such as calculating, storage and network service condition, be monitored come the physical equipment operating status to infrastructure layer.
Compared with prior art, the beneficial effect of technical solution of the present invention is:
(1) single to solve service function chain processing logic, a plurality of service function interchain virtual functions node is mutually indepedent And reusability it is low the problems such as, the present invention proposes a new service function tree topology in virtual logical network level. Optimize function and resource deployment by the stacking multiplexing to multiple service function chains;It is realized not in the branch node of tree topology With the shunting and separation of type network flow.
(2) cloud security service function tree-model is constructed according to decision tree classification thought, decision rule matched node is mapped Into corresponding service function tree topology node, the network flow feature for flowing into the node is acquired in service function tree node With analysis, and with decision rule match to determine network flow next-hop branch move towards, to suspicious network traffic carry out Gradually subdivision identification.Compared with being handled using decision tree suspicious net flow on single node, service function tree can be Between each decision rule matched node, it is flexibly embedded in corresponding virtual network function according to traffic characteristic and carries out specific processing.
Detailed description of the invention
Fig. 1 is system global structure schematic diagram of the invention;
Fig. 2 is the schematic diagram of cloud security service tree function tree topology;
Fig. 3 is that OVS doube bridge architecture network message forwards schematic diagram;
Fig. 4 is OpenFlow multilevel flow table design diagram;
Specific embodiment
The attached figures are only used for illustrative purposes and cannot be understood as limitating the patent;
In order to better illustrate this embodiment, the certain components of attached drawing have omission, zoom in or out, and do not represent actual product Size;
To those skilled in the art, it is to be understood that certain known features and its explanation, which may be omitted, in attached drawing 's.
The following further describes the technical solution of the present invention with reference to the accompanying drawings and examples.
Embodiment 1
As shown in Fig.1 and Fig.2, a kind of cloud security service functional tree Network Intrusion Detection System, including service tree topology layout Module 1, service tree topology mapping block 2, stream characteristic library module 3, global resource monitoring module 4;
The stream characteristic library module 3 is used to store the network flow characteristic of network attack, in conjunction with cloud security situation It chooses corresponding network attack stream characteristic data set and constructs corresponding training set;
The service tree topology orchestration module 1 is used to that cloud security situation to be combined to construct Decision-Tree Classifier Model, uses stream The training set built in characteristic library module 3 is trained to decision-tree model and beta pruning, by trained decision tree point Class model passes to service tree topology mapping block 2;
The service tree topology mapping block 2 is for receiving decision tree point constructed by service tree topology orchestration module 1 The decision rule matched node of Decision-Tree Classifier Model is mapped in corresponding service function tree node, is servicing by class model Function tree node completes the matching and classification to network flow;
The global resource monitoring module 4 for convection current characteristic library module 3, service tree topology orchestration module 1 with And the resource in service tree topology mapping block 2 in network-wide basis is monitored and safeguards, in cloud security service function tree topology Mapping and virtual logical network building process in, the actual bearer ability information of underlying infrastructure is provided, VNF is optimized The mapping and deployment of resource.
As a preferred embodiment, the Decision-Tree Classifier Model carries out stacking multiplexing to multiple service function chains It is disposed to optimize security function layout and virtual resource, disposes cloud security service function in the direction close to network attack source Tree carries out the fine granularity that gradually specificity is completed in subdivision identification to suspicious network traffic and handles.
As a preferred embodiment, the service tree topology mapping block 2 include flow scheduling submodule 5 and VNF scheduling of resource submodule 6, the flow scheduling submodule 5 are used to carry out network data message classification improvement, complete to turn Send out strategy matching;The VNF scheduling of resource submodule 6 is used to carry out scheduling on demand according to service function tree layout strategy and divide Class.
As a preferred embodiment, the flow scheduling submodule 5 is using OpenFlow multilevel flow table according to next Source direction to network data message carries out classification improvement.
As a preferred embodiment, the VNF scheduling of resource submodule 6 uses Docker container as virtual net The carrying of network function carries out scheduling on demand according to service function tree layout strategy.
As a preferred embodiment, the global resource monitoring module 4 further includes Topology Discovery submodule 7, VNF Monitoring resource submodule 8 and infrastructure resources monitoring submodule 9;The Topology Discovery submodule 7 is for completing the whole network The discovering network topology and fictitious host computer of range are found;The VNF monitoring resource submodule 8 is for completing in network-wide basis The state analysis and statistics of VNF resource;The infrastructure resources monitoring submodule 9 is for setting the physics of infrastructure layer Standby operating status is monitored;Topology Discovery submodule 7, VNF monitoring resource submodule 8 and infrastructure resources monitor submodule It is worked independently from each other between each submodule of block 9, each self-monitoring status information is uniformly summarized into submission to global resource and monitors mould It is handled in block 4.
As a preferred embodiment, the Topology Discovery submodule 7 is by carrying out modularization in SDN controller Secondary development and realize, the module by encapsulation LLDP link discovery protocols and ARP protocol be used as probe messages, completion the whole network The discovering network topology and fictitious host computer of range are found.
As a preferred embodiment, the VNF monitoring resource submodule 8 passes through in VNF node deployment network flow Collection apparatus module simultaneously complete to VNF monitoring resource submodule 8 to VNF in network-wide basis by real-time update network flow characteristic information The state analysis and statistics of resource.
As a preferred embodiment, the infrastructure resources monitoring submodule 9, by obtaining the whole network model in real time The service condition for enclosing the resources such as the calculating, storage and network of interior physical server runs the physical equipment of infrastructure layer State is monitored.
When Fig. 2 show work, cloud security service tree function tree topology schematic diagram, the bottom is multiple data center's hardware The infrastructure that physical equipment is constituted;Cloud security resource pool is constructed after bottom physical equipment resource is virtualized, for Yunan County Full service function tree is scheduled and layout;Middle layer is after virtualizing to infrastructure layer resource, to be formed by VNF cloud The schematic diagram in secure resources pond is communicated across the VNF after data center virtualization and is realized by the tunnel VxLAN;Top is virtual Tree topology in logical network layer is connected to each VNF node according to service tree topology layout strategy, constitutes tree-shaped and open up It flutters, the branch of every tree is used to handle the network flow with individual features.
Embodiment 2
As shown in Figure 3 and 4, in the present embodiment by the tree topology of service function tree and decision tree to network attack stream Amount identification is combined with classification characteristics, each of the characterization rules of decision tree nodes matching distributionization to service function tree It goes to realize in VNF node.Under the guidance of decision tree classification thought, every root node to service tree is starting point to each leaf The path of child node is all the VNF node path that there is the network flow of certain features to be flowed through.For across data center in Fig. 3 VNF communication process in, the capacitor network of virtualization is realized.Two OVS void are constructed by network virtualization technology in host Quasi- bridge, wherein br-int virtual bridge mainly undertakes the angle of packet-switching in the local network segment in container data exchange network Color;Br-tun virtual bridge then administers completion forwarding strategy matching according to source direction to carry out classification to network data message. By virtualization technology, the Microsoft Loopback Adapter vNIC of the VNF container virtual port vPort for being tied to OVS virtual bridge is constructed logical Believe channel;By constructing the tunnel VxLAN, across data center capacitor network communication is completed.1) tree topology orchestration module 1 is serviced
Service tree topology orchestration module 1 completes layout and the structure of cloud security service functional tree using C4.5 decision Tree algorithms It builds;Sliding-model control is carried out to the network flow feature for taking successive value by dichotomy, the core concept of dichotomy is by feature Am K different characteristic value be ranked up according to ascending order;Using dichotomy to close on the medians of two feature values as threshold All feature values are divided into two parts by value, share k-1 kind division mode;Calculate separately this corresponding letter of k-1 kind division mode Breath gain then chooses the division threshold value and is characterized A when obtaining information gain maximummTwo points of threshold values.
It is the appearance for preventing over-fitting during constructing decision tree, it is sad using pruning algorithms after pessimistic beta pruning It sees pruning algorithms and does not need additional test data set, decision tree is trimmed from top to bottom.
2) tree topology mapping block 2 is serviced
According to the framework model of cloud security service functional tree, to ensure High Availabitity and expansibility, it is bis- to devise an OVS Bridge architecture scheme, as shown in Figure 3.Two OVS virtual bridges are constructed by network virtualization technology in host, wherein br-int Virtual bridge mainly undertakes the role of packet-switching in the local network segment in container data exchange network, completes VLAN tag Label and removing and normal data packet forwarding capability;Br-tun virtual bridge then utilizes the more of 1.3 version of OpenFlow agreement Grade flow table administers completion forwarding strategy matching according to source direction to carry out classification to network data message, is illustrated in figure 4 more Grade flow table design diagram;By the tunnel technology packet of VxLAN, it is responsible for big double layer network model of the data packet between data center Enclose interior communication.OVS realizes data packet by establishing a pair of port patch between two virtual bridges of br-int and br-tun Circulation.
As shown in figure 4, the processing logical design of multilevel flow table is described as follows in br-tun virtual bridge:
Table 0 handles all data packets for flowing through br-tun virtual bridge, and basis source difference is by data packet It submits to corresponding next stage flow table and carries out matching treatment.Wherein, the data packet of local network segment is flowed into from the port patch-int Br-tun bridge then passes it to Table 1 and is handled;Across the data packet flowed between data center then from the port VxLAN It flows into, submits to Table 2 and handled.
Table 1 completes the function that local network segment data packet is forwarded across data center.If multicast or broadcasting packet, then jump It goes in Table 11, message is flooded transmission from all ports VxLAN;If unicast message, then according to VLAN ID label Come judge data message next-hop flow direction data center's tunnel port, and by message to corresponding tunnel port complete turn Hair.
In Table 2, the data message for flowing into local network segment to other data center is handled, according to corresponding tunnel Source Tunnel ID is the corresponding VLAN tag of packet labeling, and the virtual net of local network segment is submitted to by the port patch-int Bridge br-int is handled.
In Table 10, the unicast message for jumping submission of Table 1 is handled, is added accordingly after removing VLANID VxLAN tunnel ID, and issued from the corresponding port VxLAN.
In Table 11, the multicast of submission is jumped to Table 1 or broadcasting packet is handled, from institute after removing VLANID Some ports VxLAN flood sending.
3) characteristic library module 3 is flowed
When stream characteristic library module 3 mainly stores common network attack generation, the system of network flow feature performance Evaluation.For the principle of common network attack, 9 network flow characteristics is selected to be constructed to be supplied to decision tree, respectively For in time window flow into VNF TCP data packet account for the ratio of entire packet, UDP message packet account for entire packet ratio, ICMP data packet accounts for the ratio of entire packet, the ratio of SYN data packet, different destination host address dates in TCP data packet Packet accounts for the ratio of entire packet, different destination port data packets account for the ratio of entire packet, different source host data packets account for The average bandwidth that the ratio of entire packet, different source port data packets account for entire packet ratio, flow into VNF data packet.
In choosing network flow feature, the features such as network flow is fast there are transient change rate and temporal correlation is low, pass through Using time-based statistical property, Network Abnormal attack traffic is more accurately reflected to realize;Using the concept of time window, Carry out smooth network flow transient change attribute, traffic characteristic was portrayed using 1 second time window.
4) global resource monitoring module 4
Global monitoring module predominantly controls management level and provides the global visual field, obtains the whole network from Topology Discovery submodule 7 Topology obtains the available computational resources of network-wide basis, from VNF monitoring resource submodule from infrastructure resources monitoring submodule 9 Network-wide security situation is obtained in block 8.
The same or similar label correspond to the same or similar components;
The terms describing the positional relationship in the drawings are only for illustration, should not be understood as the limitation to this patent;
Obviously, the above embodiment of the present invention be only to clearly illustrate example of the present invention, and not be pair The restriction of embodiments of the present invention.For those of ordinary skill in the art, may be used also on the basis of the above description To make other variations or changes in different ways.There is no necessity and possibility to exhaust all the enbodiments.It is all this Made any modifications, equivalent replacements, and improvements etc., should be included in the claims in the present invention within the spirit and principle of invention Protection scope within.

Claims (9)

1. a kind of cloud security service functional tree Network Intrusion Detection System, which is characterized in that including servicing tree topology orchestration module (1), tree topology mapping block (2), stream characteristic library module (3), global resource monitoring module (4) are serviced;
Stream characteristic library module (3) is used to store the network flow characteristic of network attack, selects in conjunction with cloud security situation Corresponding network attack stream characteristic data set is taken to construct corresponding training set;
The service tree topology orchestration module (1) is used to that cloud security situation to be combined to construct Decision-Tree Classifier Model, special using stream The training set built in sign database module (3) is trained to decision-tree model and beta pruning, by trained decision tree point Class model passes to service tree topology mapping block (2);
The service tree topology mapping block (2) is for receiving decision tree constructed by service tree topology orchestration module (1) point The decision rule matched node of Decision-Tree Classifier Model is mapped in corresponding service function tree node, is servicing by class model Function tree node completes the matching and classification to network flow;
The global resource monitoring module (4) is for convection current characteristic library module (3), service tree topology orchestration module (1) And the resource in service tree topology mapping block (2) in network-wide basis is monitored and safeguards, in cloud security service functional tree In the mapping of topology and the building process of virtual logical network, the actual bearer ability information of underlying infrastructure is provided, it is excellent Change the mapping and deployment of VNF resource.
2. a kind of cloud security service functional tree Network Intrusion Detection System according to claim 1, which is characterized in that described Decision-Tree Classifier Model multiple service function chains carried out stacking multiplexing disposed to optimize security function layout and virtual resource, Cloud security service functional tree is disposed in the direction close to network attack source, gradually subdivision is carried out to suspicious network traffic and has been identified It is handled at the fine granularity of specificity.
3. a kind of cloud security service functional tree Network Intrusion Detection System according to claim 2, which is characterized in that it is special Sign is that the service tree topology mapping block (2) includes flow scheduling submodule (5) and VNF scheduling of resource submodule (6), the flow scheduling submodule (5) is used to carry out network data message classification improvement, completes forwarding strategy matching;Institute The VNF scheduling of resource submodule (6) stated is used to carry out scheduling on demand and classification according to service function tree layout strategy.
4. a kind of cloud security service functional tree Network Intrusion Detection System according to claim 3, which is characterized in that it is special Sign is that the flow scheduling submodule (5) is using OpenFlow multilevel flow table according to source direction come to network data report Text carries out classification improvement.
5. a kind of cloud security service functional tree Network Intrusion Detection System according to claim 3, which is characterized in that described VNF scheduling of resource submodule (6) use Docker container as the carrying of virtual network function, according to service function tree layout Strategy carries out scheduling on demand.
6. a kind of cloud security service functional tree Network Intrusion Detection System according to claim 3, which is characterized in that described Global resource monitoring module (4) further include Topology Discovery submodule (7), VNF monitoring resource submodule (8) and infrastructure Monitoring resource submodule (9);The Topology Discovery submodule (7) is used to complete the discovering network topology of network-wide basis and virtual Detecting host;The VNF monitoring resource submodule (8) is used to complete the state analysis and system to VNF resource in network-wide basis Meter;The infrastructure resources monitoring submodule (9) is for being monitored the physical equipment operating status of infrastructure layer; Topology Discovery submodule (7), VNF monitoring resource submodule (8) and infrastructure resources monitoring submodule (9) each submodule Between work independently from each other, each self-monitoring status information is uniformly summarized into submission into global resource monitoring module (4) Reason.
7. a kind of cloud security service functional tree Network Intrusion Detection System according to claim 6, which is characterized in that described Topology Discovery submodule (7) realize that the module passes through encapsulation and carry out modular secondary development in SDN controller LLDP link discovery protocols and ARP protocol complete the discovering network topology and fictitious host computer hair of network-wide basis as probe messages It is existing.
8. a kind of cloud security service functional tree Network Intrusion Detection System according to claim 6, which is characterized in that described VNF monitoring resource submodule (8) pass through in VNF node deployment network flow collection apparatus module and real-time update network flow feature Information completes state analysis and statistics to VNF resource in network-wide basis to VNF monitoring resource submodule.
9. a kind of cloud security service functional tree Network Intrusion Detection System according to claim 6, which is characterized in that described Infrastructure resources monitoring submodule (9), by obtaining the calculating, storage of physical server and network in network-wide basis in real time Etc. resources service condition, be monitored come the physical equipment operating status to infrastructure layer.
CN201910441565.6A 2019-05-24 2019-05-24 Cloud security service function tree network intrusion detection system Active CN110298381B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910441565.6A CN110298381B (en) 2019-05-24 2019-05-24 Cloud security service function tree network intrusion detection system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910441565.6A CN110298381B (en) 2019-05-24 2019-05-24 Cloud security service function tree network intrusion detection system

Publications (2)

Publication Number Publication Date
CN110298381A true CN110298381A (en) 2019-10-01
CN110298381B CN110298381B (en) 2022-09-20

Family

ID=68027162

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910441565.6A Active CN110298381B (en) 2019-05-24 2019-05-24 Cloud security service function tree network intrusion detection system

Country Status (1)

Country Link
CN (1) CN110298381B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111698326A (en) * 2020-06-12 2020-09-22 北京百度网讯科技有限公司 Method and apparatus for determining cost attribution of cloud service resources
CN112564967A (en) * 2020-12-02 2021-03-26 杭州谐云科技有限公司 Cloud service topology self-discovery method and system based on eBPF, electronic device and storage medium
CN114143160A (en) * 2021-10-25 2022-03-04 北京银盾泰安网络科技有限公司 Cloud platform automation operation and maintenance system
CN114137861A (en) * 2021-10-23 2022-03-04 西安电子科技大学 Intention-driven cloud security service system and method
CN114531287A (en) * 2022-02-17 2022-05-24 恒安嘉新(北京)科技股份公司 Method, device, equipment and medium for detecting virtual resource acquisition behavior
CN114629685A (en) * 2022-02-17 2022-06-14 华南理工大学 Industrial private network hard slicing service function chain deployment method, device and medium
CN115859277A (en) * 2023-02-07 2023-03-28 四川大学 Host intrusion detection method based on system call sequence

Citations (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101119321A (en) * 2007-09-29 2008-02-06 杭州华三通信技术有限公司 Network flux classification processing method and apparatus
CN101686239A (en) * 2009-05-26 2010-03-31 中山大学 Trojan discovery system
US8892766B1 (en) * 2012-06-28 2014-11-18 Trend Micro Incorporated Application-based network traffic redirection for cloud security service
CN104363159A (en) * 2014-07-02 2015-02-18 北京邮电大学 Virtual open network building system and method based on software definition network
CN104580120A (en) * 2013-10-28 2015-04-29 北京启明星辰信息技术股份有限公司 On-demand-service virtualization network intrusion detection method and device
US20150156122A1 (en) * 2012-06-06 2015-06-04 The Trustees Of Columbia University In The City Of New York Unified networking system and device for heterogeneous mobile environments
US20150172300A1 (en) * 2013-12-17 2015-06-18 Hoplite Industries, Inc. Behavioral model based malware protection system and method
US20150215172A1 (en) * 2014-01-30 2015-07-30 Cisco Technology, Inc. Service-Function Chaining
US20150358235A1 (en) * 2014-06-05 2015-12-10 Futurewei Technologies, Inc. Service Chain Topology Map Construction
CN105491013A (en) * 2015-11-20 2016-04-13 电子科技大学 Multi-domain network security situation perception model and method based on SDN
CN105956661A (en) * 2016-04-15 2016-09-21 中山大学 System for realizing DANN online training on SDN network
CN107332913A (en) * 2017-07-04 2017-11-07 电子科技大学 A kind of Optimization deployment method of service function chain in 5G mobile networks
WO2018027226A1 (en) * 2016-08-05 2018-02-08 Fractal Industries, Inc. Detection mitigation and remediation of cyberattacks employing an advanced cyber-decision platform
CN107770174A (en) * 2017-10-23 2018-03-06 上海微波技术研究所(中国电子科技集团公司第五十研究所) A kind of intrusion prevention system and method towards SDN
CN107819742A (en) * 2017-10-19 2018-03-20 北京交通大学 A kind of system architecture and its method of Dynamical Deployment Network Security Service
CN108173761A (en) * 2017-12-22 2018-06-15 南京邮电大学 A kind of method for optimizing resources of SDN and NFV fusions
KR20180069657A (en) * 2016-12-15 2018-06-25 경희대학교 산학협력단 Method, apparatus and computer program for security investment considering characteristics of cloud service
US20180287903A1 (en) * 2017-03-29 2018-10-04 Ca, Inc. Adjusting monitoring based on inspection of network traffic
US20180302343A1 (en) * 2017-04-14 2018-10-18 Argela Yazilim ve Bilisim Teknolojileri San. ve Tic. A.S. System and method for convergence of software defined network (sdn) and network function virtualization (nfv)
US10116514B1 (en) * 2015-03-30 2018-10-30 Amdocs Development Limited System, method and computer program for deploying an orchestration layer for a network based on network function virtualization (NFV)
CN108881028A (en) * 2018-06-06 2018-11-23 北京邮电大学 The SDN network resource regulating method of application perception is realized based on deep learning
CN108900541A (en) * 2018-08-10 2018-11-27 哈尔滨工业大学(威海) One kind being directed to cloud data center SDN Security Situation Awareness Systems and method
US20180359658A1 (en) * 2017-06-09 2018-12-13 At&T Intellectual Property I, L.P. System And Method For Fine Grained Service Management Using SDN-NFV Networks
US20190036968A1 (en) * 2017-07-31 2019-01-31 Amdocs Development Limited System, method, and computer program providing security in network function virtualization (nfv) based communication networks and software defined networks (sdns)
KR20190018947A (en) * 2017-08-16 2019-02-26 삼성전자주식회사 Apparatus and method for handling a network attack in a software defined network
CN109617873A (en) * 2018-12-06 2019-04-12 中山大学 A kind of flow attacking system of defense based on SDN cloud security function services tree-model

Patent Citations (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101119321A (en) * 2007-09-29 2008-02-06 杭州华三通信技术有限公司 Network flux classification processing method and apparatus
CN101686239A (en) * 2009-05-26 2010-03-31 中山大学 Trojan discovery system
US20150156122A1 (en) * 2012-06-06 2015-06-04 The Trustees Of Columbia University In The City Of New York Unified networking system and device for heterogeneous mobile environments
US8892766B1 (en) * 2012-06-28 2014-11-18 Trend Micro Incorporated Application-based network traffic redirection for cloud security service
CN104580120A (en) * 2013-10-28 2015-04-29 北京启明星辰信息技术股份有限公司 On-demand-service virtualization network intrusion detection method and device
US20150172300A1 (en) * 2013-12-17 2015-06-18 Hoplite Industries, Inc. Behavioral model based malware protection system and method
US20150215172A1 (en) * 2014-01-30 2015-07-30 Cisco Technology, Inc. Service-Function Chaining
US20150358235A1 (en) * 2014-06-05 2015-12-10 Futurewei Technologies, Inc. Service Chain Topology Map Construction
CN104363159A (en) * 2014-07-02 2015-02-18 北京邮电大学 Virtual open network building system and method based on software definition network
US10116514B1 (en) * 2015-03-30 2018-10-30 Amdocs Development Limited System, method and computer program for deploying an orchestration layer for a network based on network function virtualization (NFV)
CN105491013A (en) * 2015-11-20 2016-04-13 电子科技大学 Multi-domain network security situation perception model and method based on SDN
CN105956661A (en) * 2016-04-15 2016-09-21 中山大学 System for realizing DANN online training on SDN network
WO2018027226A1 (en) * 2016-08-05 2018-02-08 Fractal Industries, Inc. Detection mitigation and remediation of cyberattacks employing an advanced cyber-decision platform
KR20180069657A (en) * 2016-12-15 2018-06-25 경희대학교 산학협력단 Method, apparatus and computer program for security investment considering characteristics of cloud service
US20180287903A1 (en) * 2017-03-29 2018-10-04 Ca, Inc. Adjusting monitoring based on inspection of network traffic
US20180302343A1 (en) * 2017-04-14 2018-10-18 Argela Yazilim ve Bilisim Teknolojileri San. ve Tic. A.S. System and method for convergence of software defined network (sdn) and network function virtualization (nfv)
US20180359658A1 (en) * 2017-06-09 2018-12-13 At&T Intellectual Property I, L.P. System And Method For Fine Grained Service Management Using SDN-NFV Networks
CN107332913A (en) * 2017-07-04 2017-11-07 电子科技大学 A kind of Optimization deployment method of service function chain in 5G mobile networks
US20190036968A1 (en) * 2017-07-31 2019-01-31 Amdocs Development Limited System, method, and computer program providing security in network function virtualization (nfv) based communication networks and software defined networks (sdns)
KR20190018947A (en) * 2017-08-16 2019-02-26 삼성전자주식회사 Apparatus and method for handling a network attack in a software defined network
CN107819742A (en) * 2017-10-19 2018-03-20 北京交通大学 A kind of system architecture and its method of Dynamical Deployment Network Security Service
CN107770174A (en) * 2017-10-23 2018-03-06 上海微波技术研究所(中国电子科技集团公司第五十研究所) A kind of intrusion prevention system and method towards SDN
CN108173761A (en) * 2017-12-22 2018-06-15 南京邮电大学 A kind of method for optimizing resources of SDN and NFV fusions
CN108881028A (en) * 2018-06-06 2018-11-23 北京邮电大学 The SDN network resource regulating method of application perception is realized based on deep learning
CN108900541A (en) * 2018-08-10 2018-11-27 哈尔滨工业大学(威海) One kind being directed to cloud data center SDN Security Situation Awareness Systems and method
CN109617873A (en) * 2018-12-06 2019-04-12 中山大学 A kind of flow attacking system of defense based on SDN cloud security function services tree-model

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
GANSEN ZHAO ET AL.: "Constructing authentication web in cloud computing", 《SECURITY AND COMMUNICATION NETWORKS》 *
YI XIE ET AL.: "A General Collaborative Framework for Modeling and Perceiving Distributed Network Behavior", 《IEEE-ACM TRANSACTIONS ON NETWORKING》 *
王宇 等: "网络流量的决策树分类", 《小型微型计算机***》 *

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111698326A (en) * 2020-06-12 2020-09-22 北京百度网讯科技有限公司 Method and apparatus for determining cost attribution of cloud service resources
CN112564967A (en) * 2020-12-02 2021-03-26 杭州谐云科技有限公司 Cloud service topology self-discovery method and system based on eBPF, electronic device and storage medium
CN112564967B (en) * 2020-12-02 2022-11-08 杭州谐云科技有限公司 Cloud service topology self-discovery method and system based on eBPF, electronic device and storage medium
CN114137861A (en) * 2021-10-23 2022-03-04 西安电子科技大学 Intention-driven cloud security service system and method
CN114143160A (en) * 2021-10-25 2022-03-04 北京银盾泰安网络科技有限公司 Cloud platform automation operation and maintenance system
CN114531287A (en) * 2022-02-17 2022-05-24 恒安嘉新(北京)科技股份公司 Method, device, equipment and medium for detecting virtual resource acquisition behavior
CN114629685A (en) * 2022-02-17 2022-06-14 华南理工大学 Industrial private network hard slicing service function chain deployment method, device and medium
CN114629685B (en) * 2022-02-17 2022-12-16 华南理工大学 Industrial private network hard slicing service function chain deployment method, device and medium
CN114531287B (en) * 2022-02-17 2024-06-11 恒安嘉新(北京)科技股份公司 Method, device, equipment and medium for detecting virtual resource acquisition behavior
CN115859277A (en) * 2023-02-07 2023-03-28 四川大学 Host intrusion detection method based on system call sequence
CN115859277B (en) * 2023-02-07 2023-05-02 四川大学 Host intrusion detection method based on system call sequence

Also Published As

Publication number Publication date
CN110298381B (en) 2022-09-20

Similar Documents

Publication Publication Date Title
CN110298381A (en) A kind of cloud security service functional tree Network Intrusion Detection System
Xiao et al. Deep-q: Traffic-driven qos inference using deep generative network
US9876572B2 (en) Configuring a computer network to satisfy multicast dispersion and latency requirements using affinity and network topologies
CN104348750B (en) The implementation method and device of QoS in OpenFlow network
CN105519046B (en) Scalable and separate type network virtualization
CN104253770B (en) Realize the method and apparatus of the distributed virtual switch system
CN104170335B (en) Congestion control and resource allocation in separated system structure network
US8797843B2 (en) High availability distributed fabric protocol (DFP) switching network architecture
US11909653B2 (en) Self-learning packet flow monitoring in software-defined networking environments
CN109845200A (en) It detects and prevents network loop
CN105610710A (en) Methods and apparatus for standard protocol validation mechanisms deployed over switch fabric system
CN107005439A (en) The passive performance measurement linked for online service
Rastegarfar et al. TCP flow classification and bandwidth aggregation in optically interconnected data center networks
CN110178342A (en) The scalable application level of SDN network monitors
CN106031094A (en) Accurate measurement of distributed counters
WO2013066603A1 (en) Affinity modeling in a data center network
WO2020228398A1 (en) Message detection method, device and system
CN105099916B (en) Open flows route exchange device and its processing method to data message
CN110247798A (en) Specific transactions are transmitted along blocking links
CN108337179A (en) Link flow control method and device
CN110278139A (en) Method, the network equipment and the storage medium of grouping are forwarded in computer network
CN112350948B (en) Distributed network tracing method of SDN-based distributed network tracing system
CN110035006A (en) The individual networks equipment of Forwarding plane resetting
CN111049747A (en) Intelligent virtual network path planning method for large-scale container cluster
CN107317758A (en) A kind of fine granularity SDN traffic monitoring frameworks of high reliability

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant