本文選題：云計(jì)算　切入點(diǎn)：云安全　出處：《江蘇科技大學(xué)》2014年碩士論文　論文類型：學(xué)位論文

【摘要】：自從本世紀(jì)初云計(jì)算的概念被提出以來(lái)，在IT應(yīng)用領(lǐng)域得到了迅速的發(fā)展，越來(lái)越多的企業(yè)減少了對(duì)基礎(chǔ)資源的投入，開(kāi)始租用云計(jì)算平臺(tái)。但是，應(yīng)用的過(guò)快擴(kuò)張使得云安全技術(shù)無(wú)法跟上應(yīng)用的腳步，，導(dǎo)致很多安全漏洞不斷涌現(xiàn)。云計(jì)算與普通網(wǎng)絡(luò)相比，運(yùn)行環(huán)境更加復(fù)雜，分布式的結(jié)構(gòu)使運(yùn)營(yíng)節(jié)點(diǎn)遍布網(wǎng)絡(luò)的各個(gè)角落，導(dǎo)致了云安全威脅具有極大的不確定性。事實(shí)上，許多云計(jì)算部署依賴于計(jì)算機(jī)集群，在網(wǎng)絡(luò)上形成一個(gè)龐大的目標(biāo)，容易受到攻擊。傳統(tǒng)的網(wǎng)絡(luò)安全技術(shù)只能在受到攻擊時(shí)采取相應(yīng)的被動(dòng)應(yīng)對(duì)措施，而無(wú)法主動(dòng)降低云的被攻擊概率。 本文應(yīng)用分布式蜜罐技術(shù)來(lái)解決這個(gè)問(wèn)題。本文設(shè)計(jì)的分布式蜜罐與分布式的云計(jì)算具有結(jié)構(gòu)一致性，能夠更加準(zhǔn)確地保護(hù)云計(jì)算框架的安全。在此基礎(chǔ)上給出了三種安全機(jī)制，分別是：誘騙機(jī)制、入侵捕獲機(jī)制和防衛(wèi)與報(bào)警機(jī)制。在對(duì)誘騙機(jī)制的研究中，首先通過(guò)分析云端特征，確定了蜜罐的誘騙目標(biāo)，然后通過(guò)分析黑客的入侵行為習(xí)慣確定了蜜罐誘騙模型的結(jié)構(gòu)，最后給出特征端口開(kāi)放、弱口令設(shè)置、云服務(wù)模擬和文件系統(tǒng)模擬的四種誘騙策略。在入侵捕獲機(jī)制中，本文給出了收集主機(jī)和網(wǎng)絡(luò)通信兩種數(shù)據(jù)的方法，然后利用自主設(shè)計(jì)的規(guī)則庫(kù)給出了對(duì)這兩種數(shù)據(jù)進(jìn)行分析的方法。對(duì)于防衛(wèi)與報(bào)警機(jī)制，本文研究了阻止型、轉(zhuǎn)移型和修改型三種防衛(wèi)策略，分別針對(duì)三種入侵行為采取防衛(wèi)。設(shè)計(jì)了報(bào)警與集群報(bào)警兩種報(bào)警方式，對(duì)分布云端蜜罐的集群進(jìn)行報(bào)警通報(bào)。 從分布式結(jié)構(gòu)到三種安全機(jī)制，本文比較全面地完成了分布式蜜罐對(duì)云的防護(hù)，在一定程度上降低了云受攻擊的概率，又通過(guò)云端蜜罐掌握了入侵者對(duì)云的入侵方法，為進(jìn)一步完善云安全技術(shù)提供參考的依據(jù)。
[Abstract]:Since the concept of cloud computing was put forward at the beginning of this century, it has developed rapidly in the field of IT applications. More and more enterprises have reduced their investment in basic resources and started renting cloud computing platforms. The rapid expansion of applications makes cloud security technology unable to keep up with the application, leading to the emergence of many security vulnerabilities. Cloud computing is more complex than ordinary networks. The distributed architecture makes operation nodes all over the network, leading to great uncertainty about cloud security threats. In fact, many cloud computing deployments depend on computer clusters and form a huge goal on the network. Traditional network security technology can only take corresponding passive response measures when attacked, but can not actively reduce the probability of cloud attack. This paper applies distributed honeypot technology to solve this problem. The distributed honeypot designed in this paper has the same structure with distributed cloud computing. The security of cloud computing framework can be protected more accurately. On the basis of this, three kinds of security mechanisms are given, namely: decoy mechanism, intrusion capture mechanism and defense and alarm mechanism. Firstly, by analyzing cloud features, the target of honeypot deception is determined, then the structure of honeypot decoy model is determined by analyzing hacker's intrusion behavior habits. Finally, the open feature port and weak password setting are given. In the intrusion capture mechanism, this paper gives two kinds of methods to collect the data of host and network communication, such as cloud service simulation and file system simulation. Then, the method of analyzing these two kinds of data is given by using the self-designed rule base. For the defense and alarm mechanism, this paper studies three kinds of defense strategies: blocking, transferring and modifying. The alarm and cluster alarm are designed to alert the cluster of distributed honeypot. From the distributed structure to three kinds of security mechanisms, this paper completes the protection of the distributed honeypot to the cloud, reduces the probability of cloud attack to a certain extent, and grasps the invader's invading method to the cloud through the cloud honeypot. It provides reference for further improving cloud safety technology.
【學(xué)位授予單位】：江蘇科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 糜?jì)寡?李唯佳;;云計(jì)算面臨的問(wèn)題與應(yīng)對(duì)策略研究[J];信息安全與技術(shù);2012年02期

2 姜毅;王偉軍;曹麗;劉凱;陳桂強(qiáng);;基于開(kāi)源軟件的私有云計(jì)算平臺(tái)構(gòu)建[J];電信科學(xué);2013年01期

3 林瑞軍;林毅;;風(fēng)起云涌:探索新媒體行業(yè)的“云計(jì)算”[J];中國(guó)傳媒科技;2013年01期

4 盛紅巖;;蜜網(wǎng)系統(tǒng)的設(shè)計(jì)與實(shí)現(xiàn)[J];重慶工學(xué)院學(xué)報(bào)(自然科學(xué)版);2007年11期

5 陳全;鄧倩妮;;云計(jì)算及其關(guān)鍵技術(shù)[J];計(jì)算機(jī)應(yīng)用;2009年09期

6 鄭艷君;;分布式蜜罐技術(shù)分析及系統(tǒng)設(shè)計(jì)研究[J];制造業(yè)自動(dòng)化;2012年12期

7 褚麗莉;高影;高明濤;;狀態(tài)檢測(cè)防火墻的研究與分析[J];遼寧工學(xué)院學(xué)報(bào);2006年05期

8 陳特放;劉潔;;基于啟發(fā)式SVM的入侵檢測(cè)系統(tǒng)研究[J];企業(yè)技術(shù)開(kāi)發(fā);2008年08期

9 馮登國(guó);張敏;張妍;徐震;;云計(jì)算安全研究[J];軟件學(xué)報(bào);2011年01期

10 王海杰;魯漢榕;胡亞慧;;基于移動(dòng)Agent和蜜罐的入侵檢測(cè)系統(tǒng)分析與設(shè)計(jì)[J];計(jì)算機(jī)工程與設(shè)計(jì);2006年24期

本文編號(hào)：1638997