HYPERVISOR-BASED INTRUSION PREVENTION PLATFORM AND VIRTUAL NETWORK INTRUSION PREVENTION SYSTEM

US 20140317737A1
Filed: 04/26/2013
Published: 10/23/2014
Est. Priority Date: 04/22/2013
Status: Abandoned Application

First Claim

Patent Images

1. A hypervisor-based intrusion prevention platform comprising:

a virtual network intrusion prevention system (vIPS) framework which obtains internal information of a virtualization system from a hypervisor and performs security control on the hypervisor in response to the result of intrusion detection carried out by using the internal information of the virtualization system;

a hypervisor security application programming interface (API) module which provides an API used by the vIPS framework to access the hypervisor;

an administrator account management and authentication module which manages an administrator account of a vIPS and authenticates the administrator account;

an environment setting management module which manages environment setting values of modules within the vIPS; and

an external interface module which provides an interface for system control and security control.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Hypervisor-based intrusion prevention platform is provided. The hypervisor-based intrusion prevention platform comprises a virtual network intrusion prevention system (vIPS) framework which obtains internal information of a virtualization system from a hypervisor and performs security control on the hypervisor in response to the result of intrusion detection carried out by using the internal information of the virtualization system, a hypervisor security application programming interface (API) module which provides an API used by the vIPS framework to access the hypervisor, an administrator account management and authentication module which manages an administrator account of a vIPS and authenticates the administrator account, an environment setting management module which manages environment setting values of modules within the vIPS, and an external interface module which provides an interface for system control and security control.

205 Citations

15 Claims

1. A hypervisor-based intrusion prevention platform comprising:
- a virtual network intrusion prevention system (vIPS) framework which obtains internal information of a virtualization system from a hypervisor and performs security control on the hypervisor in response to the result of intrusion detection carried out by using the internal information of the virtualization system;
  
  a hypervisor security application programming interface (API) module which provides an API used by the vIPS framework to access the hypervisor;
  
  an administrator account management and authentication module which manages an administrator account of a vIPS and authenticates the administrator account;
  
  an environment setting management module which manages environment setting values of modules within the vIPS; and
  
  an external interface module which provides an interface for system control and security control.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The platform of claim 1, wherein the vIPS framework comprises an introspection information collection and analysis module which obtains internal information of a virtual machine, internal information of the hypervisor, and a virtual network packet of the virtualization system from the hypervisor.
  - 3. The platform of claim 1, wherein the vIPS framework comprises an intrusion response module which determines a response action corresponding to the result of intrusion detection based on a response policy.
  - 4. The platform of claim 1, wherein the vIPS framework comprises a policy and signature management module which manages a firewall policy rule, a detection signature rule, a response policy rule, and a real-time access control rule.
  - 5. The platform of claim 1, wherein the vIPS framework comprises a logging module which generates and manages a log.
  - 6. The platform of claim 1, wherein the internal information of the virtualization system comprises the internal information of the virtual machine, the internal information of the hypervisor, and the virtual network packet of the virtualization system.
  - 7. The platform of claim 1, wherein the security control comprises operation control of the virtual machine and rate control of virtual network traffic.

8. A hypervisor-based vIPS comprising:
- intrusion detection modules which perform intrusion detection by using internal information of a virtual machine, internal information of a hypervisor, and a virtual network packet of a virtualization system; and
  
  a hypervisor-based intrusion prevention platform which provides the internal information of the virtual machine, the internal information of the hypervisor and the virtual network packet of the virtualization system to the intrusion detection modules and receives the result of intrusion detection from the intrusion detection modules,wherein the hyper-based intrusion prevention platform comprises;
  
  a vIPS framework which obtains the internal information of the virtual machine, the internal information of the hypervisor and the virtual network of the virtualization system from the hypervisor and performs operation control of the virtual machine and rate control of virtual network traffic on the hypervisor in response to the result of intrusion detection;
  
  a hypervisor security API module which provides APIs used by the vIPS framework to access the hypervisor;
  
  an administrator account management and authentication module which manages an administrator account of the vIPS and authenticates the administrator account;
  
  an environment setting management module which manages environment setting values of modules within the vIPS; and
  
  an external interface module which provides interfaces for system control and security control.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The vIPS of claim 8, wherein the vIPS framework comprises an introspection information collection and analysis module which obtains the internal information of the virtual machine, the internal information of the hypervisor, and the virtual network packet of the virtualization system from the hypervisor.
  - 10. The vIPS of claim 8, wherein the vIPS framework comprises an intrusion response module which determines a response action corresponding to the result of intrusion detection based on a response policy.
  - 11. The vIPS of claim 8, wherein the vIPS framework comprises a policy and signature management module which manages a firewall policy rule, a detection signature rule, a response policy rule, and a real-time access control rule.
  - 12. The vIPS of claim 8, wherein the vIPS framework comprises a logging module which generates and manages a log.
  - 13. The vIPS of claim 8, wherein the intrusion detection modules comprise a stateful firewall module which functions as a stateful firewall engine, wherein the stateful firewall module performs intrusion detection by performing stateful packet inspection on a virtual network packet.
  - 14. The vIPS of claim 8, wherein the intrusion detection modules comprise a network-based IPS (NIPS) which functions as a NIPS engine, wherein the NIPS module performs intrusion detection by performing deep packet inspection on a virtual network packet.
  - 15. The vIPS of claim 8, wherein the intrusion detection modules comprise a virtual resource depletion attack detection module which detects a resource depletion attack on virtual resources, wherein the virtual resource depletion detection module performs intrusion detection by analyzing the behavior of calling hypercalls and the status of resource utilization by the virtualization system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Korea Internet & Security Agency
Original Assignee
Korea Internet & Security Agency
Inventors
SHIN, YOUNG-SANG, Cheong, II-Ahn, Lee, Seul-Gi, Yoon, Mi-Yeon, Hwang, Tong-Wook, Son, Kyung-Ho

Application Number

US13/871,264
Publication Number

US 20140317737A1
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

H04L 63/1408 by monitoring network traff...

H04L 63/20 for managing network securi...

HYPERVISOR-BASED INTRUSION PREVENTION PLATFORM AND VIRTUAL NETWORK INTRUSION PREVENTION SYSTEM

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

205 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

HYPERVISOR-BASED INTRUSION PREVENTION PLATFORM AND VIRTUAL NETWORK INTRUSION PREVENTION SYSTEM

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

205 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links