TWI493377B - A kind of cloud ARP and IP spoofing protection system - Google Patents
A kind of cloud ARP and IP spoofing protection system Download PDFInfo
- Publication number
- TWI493377B TWI493377B TW102138840A TW102138840A TWI493377B TW I493377 B TWI493377 B TW I493377B TW 102138840 A TW102138840 A TW 102138840A TW 102138840 A TW102138840 A TW 102138840A TW I493377 B TWI493377 B TW I493377B
- Authority
- TW
- Taiwan
- Prior art keywords
- cloud
- virtual host
- virtual
- module
- protection
- Prior art date
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Description
本發明提供一種防護系統,更為一種雲端ARP與IP欺騙防護系統,對雲端服務平台虛擬主機間的網路行為進行防護,保護虛擬主機免受ARP欺騙攻擊和IP欺騙攻擊。The invention provides a protection system, and a cloud ARP and IP spoofing protection system, which protects the network behavior between the virtual host of the cloud service platform and protects the virtual host from ARP spoofing attacks and IP spoofing attacks.
在傳統實體機的ARP欺騙攻擊防禦方式,必須於主機設置靜態ARP記錄,綁定IP和MAC位址對應,為了增進網路安全性,必須額外添購防護之硬體設備設置所有主機ARP資料,才可保護區域網路安全。In the ARP spoofing attack defense mode of the traditional physical machine, static ARP records must be set on the host, and the IP address and MAC address must be bound. In order to improve network security, all host ARP data must be set up with additional security devices. To protect regional network security.
但若於雲端虛擬平台上Hypervisor實施ARP欺騙攻擊防禦機制,可直接從雲端網路底層偵測與阻擋惡意封包,且不須額外添購防護之硬體設備。However, if the Hypervisor implements the ARP spoofing attack defense mechanism on the cloud virtual platform, it can directly detect and block malicious packets from the bottom of the cloud network, and does not need to purchase additional security hardware devices.
另外雲端虛擬平台上Hypervisor為實際硬體和虛擬主機之間的軟體元件,可讓大量的虛擬主機運行於同一實體主機上,其負責管理虛擬平台上之虛擬主機使其共享硬體裝置,並運用虛擬化技術管理分配虛擬主機資源如:記憶體、CPU、網路和儲存,然而傳統的防禦方式設置於雲端虛擬平台將耗費大量時間和硬體成本,於是於Hypervisor上提供了防護機制,不須於每台虛擬主機內設置,可於Hypervisor統一設置防護,且同樣不 須額外添購防護之硬體設備,從雲端網路底層偵測與阻擋惡意封包,防止因ARP/IP欺騙產生之衍生攻擊,保護雲端上所有虛擬機器的安全。In addition, the hypervisor on the cloud virtual platform is a software component between the actual hardware and the virtual host, which allows a large number of virtual hosts to run on the same physical host. It is responsible for managing the virtual host on the virtual platform to share the hardware device and use it. Virtualization technology manages the allocation of virtual host resources such as: memory, CPU, network, and storage. However, the traditional defense method is set to spend a lot of time and hardware costs on the cloud virtual platform, so the protection mechanism is provided on the hypervisor. Set in each virtual host, the protection can be set uniformly in the Hypervisor, and the same is not Additional security devices must be added to detect and block malicious packets from the bottom of the cloud network to prevent derivative attacks caused by ARP/IP spoofing and to protect all virtual machines on the cloud.
由此可見,上述習用方式仍有諸多缺失,實非一良善之設計,而亟待加以改良。It can be seen that there are still many shortcomings in the above-mentioned methods of use, which is not a good design, but needs to be improved.
本案發明人鑑於上述習用方式所衍生的各項缺點,乃亟思加以改良創新,研發本發明之雲端ARP與IP欺騙防護系統。In view of the shortcomings derived from the above-mentioned conventional methods, the inventors of the present invention have developed and improved the cloud ARP and IP spoofing protection system of the present invention.
本發明之目的即在於提供一種雲端ARP與IP欺騙防護系統,於雲端服務平台XEN上開啟任一虛擬主機時,雲端虛擬主機操作腳本攔截模組會攔截雲端虛擬主機操作腳本,自動呼叫雲端虛擬主機管理安全模組,利用虛擬主機狀態模組判斷虛擬主機狀態後,連結雲端虛擬主機資料模組取得虛擬主機資料,並透過虛擬主機資料模組和虛擬主機動態資料模組取得虛擬化網路動態創建之虛擬網路卡和虛擬主機MAC位址,ARP欺騙防護規則處理模組及IP欺騙防護規則處理模組將會為虛擬主機創建ARP欺騙防護規則及IP欺騙防護規則,並將規則透過派送模組派送至雲端平台系統防火牆,提供雲端服務平台虛擬主機間之網路安全防護。The object of the present invention is to provide a cloud ARP and IP spoofing protection system. When any virtual host is opened on the cloud service platform XEN, the cloud virtual host operation script intercepting module intercepts the cloud virtual host operation script and automatically calls the cloud virtual host. The security module is managed, and the virtual host status module is used to determine the virtual host status, and the virtual host data module is obtained by the cloud virtual host data module, and the virtual network dynamic creation is obtained through the virtual host data module and the virtual host dynamic data module. The virtual network card and the virtual host MAC address, the ARP spoofing protection rule processing module and the IP spoofing protection rule processing module will create ARP spoof protection rules and IP spoof protection rules for the virtual host, and pass the rules through the delivery module. Delivered to the cloud platform system firewall to provide network security protection between virtual hosts of the cloud service platform.
本發明提供一種雲端ARP與IP欺騙防護系統,包括:一雲端虛擬主機操作腳本攔截模組,係攔截一雲端服務平台上之雲端虛擬主機操作腳本,提供雲端服務平台上複數個虛擬主機之虛擬化網路安全防護;一雲端虛擬主機管理安全模組,係當該雲端虛擬主機操作腳本攔截模組,攔截到該雲端服務平台之雲端虛擬主機操作腳本後被觸發,提供虛擬化網路安 全防護,增進雲端服務平台上複數個該虛擬主機的資訊安全防護;以及一雲端虛擬主機資料模組,儲存雲端服務平台上複數個該虛擬主機資料。The invention provides a cloud ARP and IP spoofing protection system, comprising: a cloud virtual host operation script intercepting module, which intercepts a cloud virtual host operation script on a cloud service platform, and provides virtualization of a plurality of virtual hosts on the cloud service platform. Network security protection; a cloud virtual host management security module is triggered when the cloud virtual host operation script interception module intercepts the cloud virtual host operation script of the cloud service platform, and provides virtualized network security Full protection, improve the information security protection of the plurality of virtual hosts on the cloud service platform; and a cloud virtual host data module, and store a plurality of the virtual host materials on the cloud service platform.
其中該雲端虛擬主機資料模組包括:一虛擬主機資料模組,係儲存雲端服務平台上複數個該虛擬主機資料;以及一虛擬主機動態資料模組,係儲存雲端服務平台上複數個該虛擬主機啟動後,經雲端服務平台動態分配之資料。The cloud virtual host data module includes: a virtual host data module, which stores a plurality of the virtual host data on the cloud service platform; and a virtual host dynamic data module, which stores a plurality of the virtual hosts on the cloud service platform. After startup, the data is dynamically allocated via the cloud service platform.
其中該雲端虛擬主機管理安全模組包括:一虛擬主機狀態模組,判斷複數個該虛擬主機為開啟狀態或關閉狀態,以提供複數個該虛擬主機之虛擬化網路安全防護;一ARP欺騙防護規則處理模組,根據複數個該虛擬主機資料來建立防火牆防護規則,防護複數個該虛擬主機之間的ARP欺騙攻擊;一IP欺騙防護規則模組,根據複數個該虛擬主機資料來建立防火牆防護規則,防護複數個該虛擬主機之間的IP欺騙攻擊;以及一派送模組,將防火牆防護規則執行至雲端服務平台系統防火牆,為雲端服務平台XEN上之複數個該虛擬主機,提供ARP欺騙防護及IP欺騙防護。The cloud virtual host management security module includes: a virtual host status module, determining that the plurality of virtual hosts are in an open state or a closed state, to provide a plurality of virtualized network security protections of the virtual host; and an ARP spoofing protection The rule processing module establishes a firewall protection rule according to the plurality of virtual host data, and protects a plurality of ARP spoofing attacks between the virtual hosts; and an IP spoof protection rule module establishes firewall protection according to the plurality of virtual host data The rule protects a plurality of IP spoofing attacks between the virtual hosts; and a dispatch module that executes the firewall protection rules to the cloud service platform system firewall to provide ARP spoofing protection for the plurality of virtual hosts on the cloud service platform XEN And IP spoofing protection.
本發明提供的一種雲端ARP與IP欺騙防護系統,與其他習用技術相互比較時,更具備下列優點:The cloud ARP and IP spoofing protection system provided by the invention has the following advantages when compared with other conventional technologies:
1.本發明提供之系統於雲端服務平台加入安全機制,利用攔截雲端虛擬主機操作腳本的方式,可於任一虛擬主機進行開機動作時,自動啟用網路安全防護機制,增進雲端服務平台虛擬主機安全防護。1. The system provided by the present invention adds a security mechanism to the cloud service platform, and uses the method of intercepting the cloud virtual host operation script to automatically enable the network security protection mechanism when any virtual host performs the booting action, and enhance the cloud service platform virtual host. Security.
2.本發明提供之系統為建置於雲端服務平台的網路防護方法,為雲端服務平台上之虛擬主機提供安全保護,不影響虛擬主機使用者系統操作的習慣。2. The system provided by the present invention is a network protection method built on the cloud service platform, which provides security protection for the virtual host on the cloud service platform, and does not affect the habit of the virtual host user system operation.
3.本發明提供之系統為軟體資訊安全防護機制,不需另外架設硬體,即可達成網路攻擊防護之目的,可降低雲端服務平台系統建構成本。3. The system provided by the invention is a software information security protection mechanism, and the purpose of network attack protection can be achieved without additional hardware installation, and the construction of the cloud service platform system can be reduced.
4.本發明提供之系統為建置於雲端服務平台的網路攻擊防護方法,可防護虛擬主機間ARP欺騙攻擊和IP欺騙攻擊,避免遭受以此為基本手法的衍生網路攻擊。The system provided by the present invention is a network attack protection method built on the cloud service platform, which can protect against ARP spoofing attacks and IP spoofing attacks between virtual hosts, and avoids the derivative network attacks based on this.
5.本發明提供之系統利用虛擬化技術取得虛擬主機資料,產生防止ARP欺騙及IP欺騙之防護規則,並將ARP欺騙防護規則及IP欺騙防護規則派送至雲端平台系統防火牆,提供虛擬化網路安全防護,保護虛擬主機免受其他虛擬主機之ARP欺騙攻擊和IP欺騙攻擊,增進雲端服務平台虛擬主機資訊安全防護。5. The system provided by the present invention utilizes virtualization technology to obtain virtual host data, generates protection rules against ARP spoofing and IP spoofing, and sends ARP spoof protection rules and IP spoof protection rules to the cloud platform system firewall to provide a virtualized network. Security protection protects virtual hosts from ARP spoofing attacks and IP spoofing attacks of other virtual hosts, and improves information security protection of cloud service platform virtual hosts.
上列詳細說明係針對本發明之一可行實施例之具體說明,惟該實施例並非用以限制本發明之專利範圍,凡未脫離本發明技藝精神所為之等效實施或變更,均應包含於本案之專利範圍中。The detailed description of the preferred embodiments of the present invention is intended to be limited to the scope of the invention, and is not intended to limit the scope of the invention. The patent scope of this case.
綜上所述,本案不但在空間型態上確屬創新,並能較習用物品增進上述多項功效,應已充分符合新穎性及進步性之法定發明專利要件,爰依法提出申請,懇請 貴局核准本件發明專利申請案,以勵發明,至感德便。In summary, this case is not only innovative in terms of space type, but also can enhance the above-mentioned multiple functions compared with the customary items. It should fully meet the statutory invention patent requirements of novelty and progressiveness, and apply for it according to law. This invention patent application, in order to invent invention, to the sense of virtue.
1‧‧‧雲端虛擬主機操作腳本攔截模組1‧‧‧Cloud virtual host operation script interception module
2‧‧‧雲端虛擬主機資料模組2‧‧‧Cloud virtual host data module
3‧‧‧雲端虛擬主機管理安全模組3‧‧‧Cloud Virtual Host Management Security Module
4‧‧‧虛擬主機4‧‧‧Web Hosting
5‧‧‧雲端虛擬主機操作腳本5‧‧‧Cloud virtual host operation script
6‧‧‧雲端平台系統防火牆6‧‧‧Cloud Platform System Firewall
7‧‧‧雲端服務平台7‧‧‧Cloud Service Platform
21‧‧‧虛擬主機資料模組21‧‧‧Virtual Host Data Module
22‧‧‧虛擬主機動態資料模組22‧‧‧Virtual Host Dynamic Data Module
31‧‧‧虛擬主機狀態模組31‧‧‧Virtual Host Status Module
32‧‧‧ARP欺騙防護規則處理模組32‧‧‧ARP fraud protection rule processing module
33‧‧‧IP欺騙防護規則處理模組33‧‧‧IP fraud protection rule processing module
34‧‧‧派送模組34‧‧‧delivery module
第1圖為本發明之雲端ARP與IP欺騙防護系統之架構圖。Figure 1 is a block diagram of the cloud ARP and IP spoofing protection system of the present invention.
第2圖為本發明之雲端ARP與IP欺騙防護系統之流程圖。Figure 2 is a flow chart of the cloud ARP and IP spoofing protection system of the present invention.
為利 貴審查委員了解本發明之技術特徵、內容與優點及其所能達到之功效,茲將本發明配合附圖,並以實施例之表達形式詳細說明如下,而其中所使用之圖式,其主旨僅為示意及輔助說明書之用,未必為本發明實施後之真實比例與精準配置,故不應就所附之圖式的比例與配置關係解讀、侷限本發明於實際實施上的權利範圍,合先敘明。The technical features, contents, and advantages of the present invention, as well as the advantages thereof, can be understood by the reviewing committee, and the present invention will be described in detail with reference to the accompanying drawings. The subject matter is only for the purpose of illustration and description. It is not intended to be a true proportion and precise configuration after the implementation of the present invention. Therefore, the scope and configuration relationship of the attached drawings should not be interpreted or limited. First described.
請參閱第1圖,如圖所示,為本發明之雲端ARP與IP欺騙防護系統之架構圖,包含雲端虛擬主機操作腳本攔截模組1、雲端虛擬主機資料模組2、雲端虛擬主機管理安全模組3、虛擬主機4、雲端虛擬主機操作腳本5與雲端平台系統防火牆6,其中雲端服務平台7為XEN雲端虛擬化平台,雲端平台系統防火牆6為Linux系統防火牆。Please refer to FIG. 1 , which is a structural diagram of the cloud ARP and IP spoofing protection system of the present invention, including a cloud virtual host operation script interception module, a cloud virtual host data module 2, and a cloud virtual host management security. Module 3, virtual host 4, cloud virtual host operation script 5 and cloud platform system firewall 6, wherein cloud service platform 7 is XEN cloud virtualization platform, and cloud platform system firewall 6 is Linux system firewall.
請參閱第2圖,如圖所示,為本發明之雲端ARP與IP欺騙防護系統之流程圖,在雲端ARP與IP欺騙防護系統啟動之前,雲端服務平台7處理硬體資源管理和虛擬主機4的安裝、開啟、關閉等操作,當雲端服務平台7欲開啟虛擬主機4時,會執行雲端虛擬主機操作腳本5以開啟虛擬主機4,並動態給予虛擬主機4個別之虛擬網路卡,讓虛擬主機4可透過網路連結其他主機。本發明之雲端ARP與IP欺騙防護系統運用雲端虛擬主機操作腳本攔截模組1攔截虛擬主機4開啟之雲端虛擬主機操作腳本5,觸發雲端虛擬主機管理安全模組3,自動為虛擬主機4提供虛擬網路安全防護。Please refer to FIG. 2, which is a flow chart of the cloud ARP and IP spoofing protection system of the present invention. Before the cloud ARP and IP spoofing protection system is started, the cloud service platform 7 processes the hardware resource management and the virtual host 4 When the cloud service platform 7 wants to open the virtual host 4, the cloud virtual host operation script 5 is executed to open the virtual host 4, and the virtual host 4 is dynamically given to the virtual host network. Host 4 can connect to other hosts via the network. The cloud ARP and IP spoofing protection system of the present invention uses the cloud virtual host operation script interception module 1 to intercept the cloud virtual host operation script 5 opened by the virtual host 4, triggers the cloud virtual host management security module 3, and automatically provides virtual for the virtual host 4. Network security protection.
雲端虛擬主機管理安全模組3經觸發後會讀取雲端虛擬主機資料模組2內之虛擬主機資料模組21,獲取所有保護之虛擬主機資料, 例如:虛擬主機名稱和IP位址。所有保護之虛擬主機4可為已開啟狀態或關閉狀態,利用虛擬主機狀態模組31判斷所有保護之虛擬主機4開啟狀態後,對於開啟之虛擬主機4進行動態資料擷取,每個虛擬主機4於雲端服務平台7開啟時皆會被分配到自身之虛擬網路卡來進行虛擬網路溝通,利用雲端虛擬主機資料模組2內之虛擬主機動態資料模組22取得每個虛擬主機4之虛擬網路卡和虛擬主機MAC位址後,則可控制虛擬主機4於虛擬網路之網路流量以提供安全防護。After being triggered, the cloud virtual host management security module 3 reads the virtual host data module 21 in the cloud virtual host data module 2, and obtains all protected virtual host data. For example: virtual host name and IP address. All protected virtual hosts 4 may be in an open state or a closed state. After the virtual host state module 31 determines that all protected virtual hosts 4 are turned on, dynamic data capture is performed on the opened virtual host 4, and each virtual host 4 is used. When the cloud service platform 7 is opened, it will be assigned to its own virtual network card for virtual network communication, and the virtual host dynamic data module 22 in the cloud virtual host data module 2 is used to obtain the virtual of each virtual host 4. After the network card and the virtual host MAC address, the virtual host 4 can control the network traffic of the virtual network to provide security protection.
雲端虛擬主機管理安全模組3中之ARP欺騙防護規則處理模組32利用已獲取之虛擬主機資料,創建可防護ARP欺騙攻擊之防火牆規則,來對個別虛擬主機4之IP位址和MAC位址進行保護,而IP欺騙防護規則處理模組33亦利用已獲取之虛擬主機資料,創建可防護IP欺騙攻擊之防火牆規則,對個別虛擬主機4之IP位址進行保護。The ARP spoofing protection rule processing module 32 in the cloud virtual host management security module 3 uses the acquired virtual host data to create a firewall rule that can protect against ARP spoofing attacks, and the IP address and MAC address of the individual virtual host 4 For protection, the IP spoofing protection rule processing module 33 also uses the acquired virtual host data to create a firewall rule that can protect against IP spoofing attacks, and protects the IP address of the individual virtual host 4.
本發明之雲端ARP與IP欺騙防護系統之ARP欺騙防護規則處理模組32和IP欺騙防護規則處理模組33處理之後會創造ARP欺騙防護規則及IP欺騙防護規則,利用派送模組34將ARP欺騙防護規則及IP欺騙防護規則執行至雲端平台系統防火牆6,為雲端服務平台XEN上之虛擬主機4提供ARP欺騙防護和IP欺騙防護。The ARP spoofing protection rule processing module 32 and the IP spoofing protection rule processing module 33 of the cloud ARP and IP spoofing protection system of the present invention generate ARP spoofing protection rules and IP spoofing protection rules, and use the delivery module 34 to spoof ARP. The protection rules and IP spoofing protection rules are implemented to the cloud platform system firewall 6, which provides ARP spoofing protection and IP spoofing protection for the virtual host 4 on the cloud service platform XEN.
本發明提供之一種雲端ARP與IP欺騙防護系統,與其他習用技術相互比較時,更具備下列優點:The cloud ARP and IP spoofing protection system provided by the invention has the following advantages when compared with other conventional technologies:
1.本發明提供之系統於雲端服務平台加入安全機制,利用攔截雲端虛擬主機操作腳本的方式,可於任一虛擬主機進行開機動作時,自動啟用網路安全防護機制,增進雲端服務平台虛擬主機安全防護。1. The system provided by the present invention adds a security mechanism to the cloud service platform, and uses the method of intercepting the cloud virtual host operation script to automatically enable the network security protection mechanism when any virtual host performs the booting action, and enhance the cloud service platform virtual host. Security.
2.本發明提供之系統為建置於雲端服務平台的網路防護方法,為雲端服務平台上之虛擬主機提供安全保護,不影響虛擬主機使用者系統操作的習慣。2. The system provided by the present invention is a network protection method built on the cloud service platform, which provides security protection for the virtual host on the cloud service platform, and does not affect the habit of the virtual host user system operation.
3.本發明提供之系統為軟體資訊安全防護機制,不需另外架設硬體,即可達成網路攻擊防護之目的,可降低雲端服務平台系統建構成本。3. The system provided by the invention is a software information security protection mechanism, and the purpose of network attack protection can be achieved without additional hardware installation, and the construction of the cloud service platform system can be reduced.
4.本發明提供之系統為建置於雲端服務平台的網路攻擊防護方法,可防護虛擬主機間ARP欺騙攻擊和IP欺騙攻擊,避免遭受以此為基本手法的衍生網路攻擊。The system provided by the present invention is a network attack protection method built on the cloud service platform, which can protect against ARP spoofing attacks and IP spoofing attacks between virtual hosts, and avoids the derivative network attacks based on this.
5.本發明提供之系統利用虛擬化技術取得虛擬主機資料,產生防止ARP欺騙及IP欺騙之防護規則,並將ARP欺騙防護規則及IP欺騙防護規則派送至雲端平台系統防火牆,提供虛擬化網路安全防護,保護虛擬主機免受其他虛擬主機之ARP欺騙攻擊和IP欺騙攻擊,增進雲端服務平台虛擬主機資訊安全防護。5. The system provided by the present invention utilizes virtualization technology to obtain virtual host data, generates protection rules against ARP spoofing and IP spoofing, and sends ARP spoof protection rules and IP spoof protection rules to the cloud platform system firewall to provide a virtualized network. Security protection protects virtual hosts from ARP spoofing attacks and IP spoofing attacks of other virtual hosts, and improves information security protection of cloud service platform virtual hosts.
上列詳細說明乃針對本發明之一可行實施例進行具體說明,惟該實施例並非用以限制本發明之專利範圍,凡未脫離本發明技藝精神所為之等效實施或變更,均應包含於本案之專利範圍中。The detailed description of the present invention is intended to be illustrative of a preferred embodiment of the invention, and is not intended to limit the scope of the invention. The patent scope of this case.
綜上所述,本案不僅於技術思想上確屬創新,並具備習用之傳統方法所不及之上述多項功效,已充分符合新穎性及進步性之法定發明專利要件,爰依法提出申請,懇請 貴局核准本件發明專利申請案,以勵發明,至感德便。To sum up, this case is not only innovative in terms of technical thinking, but also has many of the above-mentioned functions that are not in the traditional methods of the past. It has fully complied with the statutory invention patent requirements of novelty and progressiveness, and applied for it according to law. Approved this invention patent application, in order to invent invention, to the sense of virtue.
1‧‧‧雲端虛擬主機操作腳本攔截模組1‧‧‧Cloud virtual host operation script interception module
2‧‧‧雲端虛擬主機資料模組2‧‧‧Cloud virtual host data module
3‧‧‧雲端虛擬主機管理安全模組3‧‧‧Cloud Virtual Host Management Security Module
4‧‧‧虛擬主機4‧‧‧Web Hosting
5‧‧‧雲端虛擬主機操作腳本5‧‧‧Cloud virtual host operation script
6‧‧‧雲端平台系統防火牆6‧‧‧Cloud Platform System Firewall
7‧‧‧雲端服務平台7‧‧‧Cloud Service Platform
21‧‧‧虛擬主機資料模組21‧‧‧Virtual Host Data Module
22‧‧‧虛擬主機動態資料模組22‧‧‧Virtual Host Dynamic Data Module
31‧‧‧虛擬主機狀態模組31‧‧‧Virtual Host Status Module
32‧‧‧ARP欺騙防護規則處理模組32‧‧‧ARP fraud protection rule processing module
33‧‧‧IP欺騙防護規則處理模組33‧‧‧IP fraud protection rule processing module
34‧‧‧派送模組34‧‧‧delivery module
Claims (4)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW102138840A TWI493377B (en) | 2013-10-28 | 2013-10-28 | A kind of cloud ARP and IP spoofing protection system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW102138840A TWI493377B (en) | 2013-10-28 | 2013-10-28 | A kind of cloud ARP and IP spoofing protection system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| TW201516734A TW201516734A (en) | 2015-05-01 |
| TWI493377B true TWI493377B (en) | 2015-07-21 |
Family
ID=53720355
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW102138840A TWI493377B (en) | 2013-10-28 | 2013-10-28 | A kind of cloud ARP and IP spoofing protection system |
Country Status (1)
| Country | Link |
|---|---|
| TW (1) | TWI493377B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113132385B (en) * | 2021-04-20 | 2022-06-21 | 广州锦行网络科技有限公司 | Method and device for preventing gateway ARP spoofing |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TW200951757A (en) * | 2008-02-29 | 2009-12-16 | Alcatel Lucent | Malware detection system and method |
| CN103077352A (en) * | 2012-12-24 | 2013-05-01 | 重庆远衡科技发展有限公司 | Active defense method of program behavior analysis on basis of cloud platform |
| TW201322686A (en) * | 2011-08-04 | 2013-06-01 | Midokura Pte Ltd | System and method for implementing and managing virtual networks |
| US20130247034A1 (en) * | 2012-03-16 | 2013-09-19 | Rackspace Us, Inc. | Method and System for Utilizing Spare Cloud Resources |
-
2013
- 2013-10-28 TW TW102138840A patent/TWI493377B/en not_active IP Right Cessation
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TW200951757A (en) * | 2008-02-29 | 2009-12-16 | Alcatel Lucent | Malware detection system and method |
| TW201322686A (en) * | 2011-08-04 | 2013-06-01 | Midokura Pte Ltd | System and method for implementing and managing virtual networks |
| US20130247034A1 (en) * | 2012-03-16 | 2013-09-19 | Rackspace Us, Inc. | Method and System for Utilizing Spare Cloud Resources |
| CN103077352A (en) * | 2012-12-24 | 2013-05-01 | 重庆远衡科技发展有限公司 | Active defense method of program behavior analysis on basis of cloud platform |
Also Published As
| Publication number | Publication date |
|---|---|
| TW201516734A (en) | 2015-05-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11775327B2 (en) | Multiple single levels of security (MSLS) in a multi-tenant cloud | |
| CN111164571B (en) | Control plane function virtualization based on security processing in cloud systems | |
| US9342343B2 (en) | Wrapped nested virtualization | |
| US9712538B1 (en) | Secure packet management for bare metal access | |
| WO2020005540A1 (en) | Managed forwarding element detecting invalid packet addresses | |
| US20130191850A1 (en) | Intercepting data | |
| US11669426B2 (en) | Kernel-based power consumption and isolation and defense against emerging power attacks | |
| CN109379347A (en) | A kind of safety protecting method and equipment | |
| Jithin et al. | Virtual machine isolation: A survey on the security of virtual machines | |
| Chauhan et al. | Different aspects of cloud security | |
| CN103258160A (en) | Method for monitoring cloud security under virtualization environment | |
| CN105704087A (en) | Device for realizing network security management based on virtualization and management method | |
| Sheinidashtegol et al. | Performance impact of DDoS attacks on three virtual machine hypervisors | |
| Alouane et al. | Virtualization in cloud computing: NoHype vs HyperWall new approach | |
| TWI493377B (en) | A kind of cloud ARP and IP spoofing protection system | |
| Kazim et al. | Virtualization security in cloud computing | |
| Upadhyay et al. | Secure live migration of VM's in Cloud Computing: A survey | |
| Kumar et al. | Improving security issues and security attacks in cloud computing | |
| Chandramouli | Security Assurance Requirements for Hypervisor Deployment Features | |
| Wan et al. | Remotely controlling trustzone applications? a study on securely and resiliently receiving remote commands | |
| Ros | Security in the Cloud: The threat of coexist with an unknown tenant on a public environment | |
| Wang et al. | TrustOSV: Building Trustworthy Executing Environment with Commodity Hardware for a Safe Cloud. | |
| Kanoongo et al. | Exposition of solutions to hypervisor vulnerabilities | |
| Bousselham et al. | Security of virtual networks in cloud computing for education | |
| Moore et al. | Goldilocks Isolation: High Performance VMs with Edera |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| MM4A | Annulment or lapse of patent due to non-payment of fees |