| 摘要 |
The disclosed computer-implemented method for monitoring virtual networks includes (1) an identification module 104 identifying a virtual network 204 containing at least one virtualized switching device 202 that routes network traffic from a source port 210 within the virtual network to a destination port 206, (2) a providing module 106 providing within the virtualized switching device, a set of software-defined network rules 212 containing criteria for identifying packets having at least one predetermined property associated with a security policy, (3) an intercepting module 108 intercepting, at the source port 210, a packet destined for the destination port 206, (4) a determination module 110 determining that at least one characteristic of the packet satisfies at least one of the rules 212, and (5) in response to determining that the characteristic of the packet satisfies at least one of the rules, a forward module 112 forwarding a copy of the packet to a virtual tap port 208 that analyzes the packet for security threats. By identifying (via, e.g., a set of OPENFLOW rules) packets having properties indicative of potential security threats, the methods may forward copies of suspicious packets to a virtual tap port to analyze the packet copies for malware attacks, data leaks, etc. In addition, by implementing a set of software-defined network rules based on any type of physical wiretap mechanism, the method may efficiently monitor virtual networks using techniques proven to be effective within physical networks. Furthermore, by implementing virtual wiretaps within portions of cloud-based computing platforms dedicated to cloud-based applications of various tenants, the method may provide the tenants with granular and customizable network monitoring services. |
