Design And Implementation Of Virtual Machine Network Monitoring System Based On KVM

In recent years, with the rapid development of cloud computing technology, a variety of cloud services gradually come to life.Virtualization technology as the basis of cloud computing technology, its own security received more and more attention. Its security directly affects the reliability of the entire platform. More and more experts and scholars come into the virtual security research areas. Cloud monitoring is one of the important technologies of cloud security.The emergence of virtualization technology is changing the previous computer system architecture. Because of its convenience, high efficiency and isolation, and so on, more and more computing systems are now moving closer to the virtual computing environment. The past security monitoring is in a stable computing environment and network environment, and virtualization technology can dynamically manage the virtual machine, the operating system is no longer directly above the hardware layer. The emergence of virtualization technology has brought challenges to the security monitoring.This paper presents a transparent network monitoring system based on virtual machine. For the different services running in the virtual, you can configure a detection rule, which is a specific to the service monitoring system. The main idea is that all packets flowing into and out of the virtual machine will pass through the virtualization layer bridge, so that all packets can be sniffed through the software, through the previous configuration can be specific packet filtering and detection. The network firewall module is the improvement of the traditional network firewall,which increases the function of domain adaptive detection. Through the network data in the virtual machine firewall two to reach the goal of a virtual machine domain, two arrived in intrusion detection module is located in the management domain, the intrusion detection module based on Snort and Snort is improved, the rules of intrusion detection system based on file, to identify the already existing network attacks. The intrusion detection module and the virtual machine network firewall form a linkage system. The adaptive filtering process can affect the efficiency of intrusion detection. The system is tested, including the function test and performance test of the monitoring system. The effectiveness of the monitoring system is tested and proved, and the security of the cloud platform is enhanced without losing too much performance loss to the system.