|
Design and implementation of cloud platform intrusion prevention system based on software defined network
CHI Yaping, JIANG Tingting, DAI Chuping, SUN Wei
Journal of Computer Applications
2017, 37 (6):
1625-1629.
DOI: 10.11772/j.issn.1001-9081.2017.06.1625
The traditional intrusion prevention system is the serially connected in the network environment, its ability to deal with the intrusion is limited and may cause network congestion easily. In order to solve the problems, an intrusion prevention scheme for cloud computing applications was designed based on Software Defined Network (SDN). Firstly, the SDN controller was integrated in the OpenStack platform. Then, by using the programmable characteristics of the controller, the linkage mechanism of intrusion detection and controller was designed to realize the intrusion prevention. The principle of the linkage mechanism is that the intrusion information is passed to the controller when the intrusion detection system detects the intrusion, then the security policy was issued to the virtual switch by the controller for filtering the intrusion traffic and dynamically preventing the intrusion. Finally, the proposed scheme was compared with the traditional intrusion prevention scheme in experiment. The comparison and analysis results show that, the proposed scheme can detect more than 90% of the instructions when they come at 40000 packets per second, while the traditional scheme only detect 85% of the instructions when they come at 12000 packets per second. The proposed scheme can be used to improve the detection efficiency of intrusion prevention in the cloud environment.
Reference |
Related Articles |
Metrics
|
|