Design And Implementation Of Virtual Scanning Node Management Module Based On Cloud Vulnerability Scanning System

With a growing number of network security threats, there is also an increasing number of attack methods based on system vulnerabilities. Vulnerability scanning technology is an important means of network security technology to prevent this type of attack, which can effectively defend possible trouble as an active defense. However, the number of systems in the network greatly increases with the cloud computing technology. The traditional vulnerability scanning tools cannot meet such a large scale of scanning tasks. The rapid development of cloud computing has brought new ideas to the cloud security vulnerability scanning. With the support of virtualization technology, the vulnerability scanning engines can be deployed on virtual machines and distributed on demand for different sizes of vulnerability scanning tasks as "vulnerability scanning capabilities" in cloud security services. So the cloud security vulnerability scanning system needs to implement virtualization deployments and overall management for multi-scan nodes, to meet the requirements for vulnerability scanning tasks and achieve dynamic scanning nodes assignment and high efficiency of task execution.Based on the development status of network security and vulnerability scanning, this thesis describes the new ideas of vulnerability scanning technology and virtualization technology applications in the background of cloud computing technology. And on this basis, designs and implements a virtual node management module of cloud security vulnerability scanning system with the combination of cloud computing, virtualization and vulnerability scanning technology. The module is based on cloud security vulnerability scanning system, which can take full advantage of cloud computing resources to achieve efficient distributed virtual scan engine management. At the same time, the state and data of the virtual nodes can be properly monitored to optimize the allocation of resources, greatly improve the efficiency of task execution and provide failure virtual node alarming and online tasks migration. As the basis for the virtual node management methods, this thesis completes a virtualization deployment of distributed cluster-based vulnerability scanning nodes with XEN virtualization technology. It also analyzes the lifecycle of a virtual node, proposes management in the stage of deployment, distribution, running and recovery of the whole cycle and provides virtual node monitoring relying on XEN virtual machine. After the actual deployment and the test both in function and performance of the module, it can effectively manage the virtual nodes.