摘要
云平台下的虚拟机在物理机内部交互流量,而不通过防火墙等安全组件。针对这类流量无法在网络边界被获取并检测的问题,分析了OpenFlow技术的原理,提出了一种基于OpenFlow技术将虚拟机流量重定向到入侵检测系统进行检测的方案。方案使用OpenFlow虚拟交换机和控制器替代传统交换机,然后基于OpenFlow技术控制流量转发过程,将其导向外部的安全组件进行处理,并构建了由虚拟交换机、控制单元、入侵检测和系统配置管理4个模块组成的流量检测系统。实验结果表明,系统能够在满足虚拟机网络正常使用的前提下,将待监管流量导向入侵检测系统进行处理,而且能够同时提供交换机级及虚拟机级两种粒度的流量重定向控制。通过对虚拟机引流的方式实现在传统场景中解决云计算环境下流量检测问题,同时能够基于OpenFlow轻松实现流量处理的扩展操作。
The virtual machines in cloud computing platform exchange data in the shared memory of physical machine.In view of the problem that the traffic cannot be captured and detected in firewall or other security components,the OpenFlow technology was analyzed,and a traffic redirection method based on OpenFlow was presented.To control traffic forwarding process and redirect it to security components,the method provided network connection for virtual machines with OpenFlow controller and virtual switches instead of physical switches,and built a traffic detection system composed of four modules including virtual switch,control unit,intrusion detection and system configuration management.The experimental results show that the proposed scheme can realize traffic redirection and the subsequent detection processing,and the system can provide switch-level and host-level control granularity.It also solves traffic detection problem under cloud computing environment in traditional scene by traffic redirection,and provides great expansion of the traffic processing based on OpenFlow.
出处
《计算机应用》
CSCD
北大核心
2014年第4期1034-1037,1041,共5页
journal of Computer Applications
基金
国家自然科学基金资助项目(61272447)
国家2012年移动重大03专项(12H1510)
