Design and implementation of virtual machine flow detection system based on OpenFlow

Design and implementation of virtual machine flow detection system based on OpenFlow

Shaolin Chen Xing Shu Yun Xu Zhang Fengwei

The virtual machines under the cloud platform interact with each other within the physical machine, rather than through security components such as firewalls. In view of the problem that such traffic can not be acquired and detected in the network boundary, the principle of OpenFlow technology is analyzed, and a scheme based on OpenFlow technology to redirect virtual machine traffic to intrusion detection system is proposed. The scheme uses the OpenFlow Virtual Switch and controller to replace the traditional switch, then control the flow forwarding process based on the OpenFlow technology, then it directs the external security components, and constructs the flow detection system composed of 4 modules, such as Virtual Switch, control unit, intrusion detection and system configuration management. The experimental results show that the system can deal with the traffic-oriented intrusion detection system under the precondition of satisfying the normal use of the virtual machine network, and can simultaneously provide two kinds of flow redirect control of switch level and virtual machine level. Through the way of virtual machine drainage, we can solve the problem of traffic detection in the cloud computing environment in the traditional scene, and realize the extended operation of traffic processing easily based on OpenFlow.

Design and implementation of virtual machine flow detection system based on OpenFlow