Security network invasion detection system suitable for virtual machine environment

Abstract

The invention discloses a safe network intrusion detection system which is applicable to the virtual machine environment and includes a server inter-domain communication control module, an intrusion detection engine module, an intrusion response control module in the intrusion detection virtual machine, a client inter-domain communication control module, a domain spilt event detector module and a domain split response control module in the detected application virtual machines. According to the problem that the safety of the virtual machine system of the virtual machine needs to be improved; the current intrusion detection system cannot realize the purpose, the safe network intrusion detection system considers the layering structure of the virtual machine network sufficiently and realizes the intrusion detection protection of the virtual machine system in the internal network based on the virtual machine; the safety of the virtual machine applied in the production practice activities is improved; meanwhile, the separation of the intrusion detection system and the protected system is realized based on the separation safety property of the virtual machine; compared with the traditional network intrusion detection system, the safe network intrusion detection system has better safety and reliability.

Description

technical field [0001] The invention belongs to the fields of computer safety and virtual computing, and is a safety network intrusion detection system suitable for a virtual machine environment. Background technique [0002] With the development of computer technology and network communication technology, computer network has been popularized rapidly in recent years, and has become an important medium for information exchange and sharing in the whole society, profoundly changing people's work and life style. With the rapid development of computers, the problem of network information security has become increasingly serious, and has become an important factor restricting the development of network and Internet economy. In recent years, cyber attacks and information security incidents have emerged one after another, involving more and more fields, and causing more and more harm. [0003] Network intrusion detection technology is a kind of network information security technol...

AI Technical Summary

Problems solved by technology

Through the research, it is found that these two intrusion detection systems have their own advantages and disadvantages: the host-based intrusion detection system can detect the intrusion behavior in the system very well, and can detect the behavior in the system very well. ; but the host intrusion detection system itself cannot well defend against the attacks on the system or the intrusion detection system itself. It is visible to the attacker and can be easily detected by various means.

The network-based intrusion detection system is invisible to intruders, so it has good robustness, but it cannot detect the intrusion behavior of the system. Once the attacker bypasses the intrusion detection system, he will no longer be affected any control

In addition to the above two characteristics, whether it is a host-based intrusion detection system or a network-based intrusion detection system, since it is not well isolated from the system where it is located, it is easy for attackers to detect The existence of such an intrusion detection system poses a great threat to the security of the intrusion detection system itself.

Images