CLOUD SYSTEM WITH ATTACK PROTECTION MECHANISM AND PROTECTION METHOD USING FOR THE SAME
First Claim
1. A cloud system with an attack protection mechanism, comprising:
- a host configured to install a detecting procedure to detect various data of the host and trigger an event when any one of the data exceeding corresponding threshold value;
a monitoring server connected to the host and configured to judge whether the host is attacked according to the event, and configured to send a warning message when the host is really attacked; and
a security center server connected to the monitoring server and the host and configured to receive the warning message;
wherein the security center server is configured to analyze the warning message to generate an updated security policy, and redeploy the host according to the updated security policy.
3 Assignments
0 Petitions
Accused Products
Abstract
A cloud system includes a security center server, a monitoring server, and a host. The host is deployed by the monitoring server after booting to install a detecting procedure and execute a local security policy therein. The host provides a self-monitoring operation through the detecting procedure and replies to the monitoring server when any monitoring data therein exceeds a threshold value according to the local security policy. The monitoring server judges whether the host is attacked or not, and notifies the security center server when the host is judged to be attacked. After receiving the notification, the security center server analyzes attack types, and generates a new security policy according to analyzed results. Finally, the security center server redeploys the host by the new generated security policy, so as to update the local security policy in the host, and protects the host from the attack.
17 Citations
20 Claims
-
1. A cloud system with an attack protection mechanism, comprising:
-
a host configured to install a detecting procedure to detect various data of the host and trigger an event when any one of the data exceeding corresponding threshold value; a monitoring server connected to the host and configured to judge whether the host is attacked according to the event, and configured to send a warning message when the host is really attacked; and a security center server connected to the monitoring server and the host and configured to receive the warning message; wherein the security center server is configured to analyze the warning message to generate an updated security policy, and redeploy the host according to the updated security policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A protection method using for a cloud system with an attack protection mechanism, the cloud system having a host, a monitoring server connected to the host, and a security center server connected to the host and the monitoring server, the protection method comprising following steps:
-
(a) detecting various data of the host through a detecting procedure by the host; (b) triggering an event when any one of the data exceeding corresponding threshold value; (c) judging whether the host is attacked according to the event by the monitoring server; (d) generating a warning message and notifying the security center server by the monitoring server when the host is really attacked; (e) analyzing an attacked type to the host by the security center server according to the warning message sent from the monitoring server and then generating an updated security policy; and (f) redeploying the host by the security center server according to the updated security policy. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A cloud system with an attack protection mechanism, comprising:
-
a host configured to install a detecting procedure to detect various data of the host and execute a local security policy therein, the local security policy is configured to perform security protection to the host and set threshold values of the data;
the host is configured to trigger an event when any one of the data exceeding corresponding threshold value;a monitoring server connected to the host and configured to judge whether the host is attacked according to the event, and configured to send a warning message when the host is really attacked; and a security center server connected to the monitoring server and the host and configured to receive the warning message; and
configured to analyze the warning message to identify an attacked type to the host and generate an updated security policy; anda knowledge base connected to the security center server and configured to store the updated security policy generated from the security center server; wherein the security center server is configured to redeploy the host and update the local security policy according to the updated security policy. - View Dependent Claims (18, 19, 20)
-
Specification