×

System and method for controlling virtual network including security function

  • US 9,166,988 B1
  • Filed: 04/28/2014
  • Issued: 10/20/2015
  • Est. Priority Date: 04/22/2014
  • Status: Expired due to Fees
First Claim
Patent Images

1. A method for controlling a virtual network with a security function comprising the steps of:

  • receiving an attack detection-related security alert (expressed in a common event format) from vIPSs in a virtual network controlling system including a cloud ESM (Enterprise Security Management) system;

    analyzing traffic or an attack pattern detected in the vIPS through a correlation analysis by the cloud ESM system when the attack detection-related security alert is received;

    determining a real time blocking reaction against the detected traffic or attack in the cloud ESM system on the basis of the analyzed results and sending the blocking reaction command to the vIPS;

    creating real time blocking rules by the vIPS according to the blocking reaction command;

    sending the real time blocking rules to the vSwitch and blocking the intruder'"'"'s attacking traffic by the vSwitch according to the received blocking rules;

    checking whether or traffic blocking was actually carried out during a blocking time when the blocking time is lapsed according to the blocking rules;

    deleting the created blocking rules and terminating the corresponding traffic blocking by the vIPS if the traffic blocking was not carried out actually during the blocking time; and

    extending the blocking time based on the present state to which the blocking rules were applied and terminating blocking of the corresponding traffic by the vIPS if the traffic blocking was carried out actually during the blocking time,wherein the cloud ESM system comprises;

    a cloud collection information management module which stores and manages virtualization resource information and security events collected in the vIPS;

    a cloud security event analysis and security state monitoring module which carries out attack correlation analysis in reference to information received from the vIPS; and

    a cloud security control management module which forcedly migrates the malicious virtual machine in a logical/physical manner, recognizes a change in information of the virtual machine, and sends a security control command according to a policy change to the vIPS through a cloud agent.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×