本文選題：虛擬化安全 + 云監(jiān)控�。� 參考：《北京郵電大學(xué)》2017年碩士論文

【摘要】：近年來,云計(jì)算技術(shù)得到了快速發(fā)展,各種各樣的云服務(wù)逐漸走到了社會(huì)生活中,云計(jì)算得到了越來越廣泛的應(yīng)用,虛擬化技術(shù)作為云計(jì)算的基礎(chǔ)技術(shù),其自身的安全性收到了越來越多的關(guān)注,虛擬化安全直接影響著云平臺(tái)的可靠性。越來越多的專家學(xué)者投入到虛擬化安全的研究中。云監(jiān)控便是云安全領(lǐng)域的重要技術(shù)之一。虛擬化技術(shù)的出現(xiàn),改變了以往的計(jì)算機(jī)系統(tǒng)的體系結(jié)構(gòu),由于其具有便捷性、高效性和隔離性等特點(diǎn),現(xiàn)在越來越多的計(jì)算系統(tǒng)逐漸向虛擬計(jì)算環(huán)境靠攏。以往的安全監(jiān)控系統(tǒng)運(yùn)行在穩(wěn)定的計(jì)算環(huán)境和網(wǎng)絡(luò)環(huán)境,而虛擬化技術(shù)改變了傳統(tǒng)的計(jì)算環(huán)境,操作系統(tǒng)不再是直接位于硬件層之上,同一個(gè)硬件平臺(tái)上可以運(yùn)行多個(gè)操作系統(tǒng),每個(gè)系統(tǒng)上運(yùn)行不同的服務(wù)。虛擬化技術(shù)的出現(xiàn)給安全監(jiān)控帶來了挑戰(zhàn)。面的復(fù)雜多變的虛擬計(jì)算環(huán)境,本文提出了一種透明的虛擬機(jī)網(wǎng)絡(luò)監(jiān)控系統(tǒng)。針對(duì)虛擬機(jī)的中運(yùn)行的不同服務(wù),可以對(duì)虛擬機(jī)域配置檢測(cè)規(guī)則,將虛擬機(jī)與服務(wù)類型綁定。主要原理是根據(jù)流入和流出虛擬機(jī)的所有數(shù)據(jù)包都會(huì)經(jīng)過虛擬化層的網(wǎng)橋,可以通過檢測(cè)軟件嗅探到所有的網(wǎng)絡(luò)數(shù)據(jù)包,監(jiān)控系統(tǒng)部署在管理域便可以進(jìn)行特定數(shù)據(jù)包的過濾和檢測(cè)。網(wǎng)絡(luò)防火墻模塊是對(duì)傳統(tǒng)網(wǎng)絡(luò)防火墻的改進(jìn),增加了域自適應(yīng)檢測(cè)的功能,根據(jù)每個(gè)虛擬機(jī)域運(yùn)行的服務(wù)進(jìn)行數(shù)據(jù)包的過濾。通過虛擬機(jī)防火墻的網(wǎng)絡(luò)數(shù)據(jù)有兩個(gè)流向,一是到達(dá)目標(biāo)虛擬機(jī)域,二是到達(dá)位于管理域的入侵檢測(cè)模塊,入侵檢測(cè)模塊基于Snort改進(jìn)而來,Snort是基于規(guī)則文件的入侵檢測(cè)系統(tǒng),能夠識(shí)別出已經(jīng)存在的網(wǎng)絡(luò)攻擊行為。入侵檢測(cè)模塊與虛擬機(jī)網(wǎng)絡(luò)防火墻形成聯(lián)動(dòng)的系統(tǒng),入侵檢測(cè)模塊發(fā)現(xiàn)攻擊行為并能夠影響防火墻過濾規(guī)則。防火墻域自適應(yīng)過濾過程能夠影響入侵檢測(cè)的效率。通過實(shí)驗(yàn)對(duì)系統(tǒng)進(jìn)行了測(cè)試,包括監(jiān)控系統(tǒng)功能測(cè)試和性能測(cè)試,經(jīng)過試驗(yàn),證明的監(jiān)控系統(tǒng)的有效性,在不給系統(tǒng)成太大的性能損失的條件下,監(jiān)控系統(tǒng)增強(qiáng)了云平臺(tái)的安全性。
[Abstract]:In recent years, cloud computing technology has been rapid development, a variety of cloud services have gradually come to social life, cloud computing has been more and more widely used, virtualization technology as the basic technology of cloud computing, Its own security has received more and more attention. Virtualization security directly affects the reliability of cloud platform. More and more experts and scholars put into the research of virtualization security. Cloud monitoring is one of the most important technologies in the field of cloud security. With the appearance of virtualization technology, the architecture of computer system has been changed. Because of its convenience, efficiency and isolation, more and more computing systems are becoming more and more close to the virtual computing environment. The security monitoring system used to run in the stable computing environment and network environment, but virtualization technology has changed the traditional computing environment, the operating system is no longer directly located on the hardware layer. Multiple operating systems can be run on the same hardware platform, with different services running on each system. The emergence of virtualization technology brings challenges to security monitoring. In this paper, a transparent virtual machine network monitoring system is proposed. For the different services running in the virtual machine, we can configure the detection rules for the virtual machine domain and bind the virtual machine to the service type. The main principle is that all packets flowing into and out of the virtual machine will pass through the bridge of the virtualization layer, and all network packets can be sniffed by the detection software. Monitoring system deployed in the administrative domain can be used to filter and detect specific packets. The network firewall module is an improvement to the traditional network firewall. It adds the function of domain adaptive detection and filters packets according to the service running in each virtual machine domain. There are two flows of network data through virtual machine firewall, one is to reach the target virtual machine domain, the other is to arrive at the intrusion detection module located in the management domain. The intrusion detection module is an intrusion detection system based on rule file, which is improved by Snort. Ability to identify existing network attacks. Intrusion detection module and virtual machine network firewall form a linkage system. Intrusion detection module detects attack behavior and can affect firewall filtering rules. Firewall domain adaptive filtering process can affect the efficiency of intrusion detection. The system is tested through experiments, including the function test and performance test of the monitoring system. The effectiveness of the monitoring system is proved by the experiment, and the performance loss is not too great for the system. Monitoring system enhances the security of cloud platform.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類號(hào)】：TP393.0

【參考文獻(xiàn)】

相關(guān)期刊論文 前4條

1 陳康;鄭緯民;;云計(jì)算:系統(tǒng)實(shí)例與研究現(xiàn)狀[J];軟件學(xué)報(bào);2009年05期

2 張興東,胡華平,況曉輝,陳輝忠;防火墻與入侵檢測(cè)系統(tǒng)聯(lián)動(dòng)的研究與實(shí)現(xiàn)[J];計(jì)算機(jī)工程與科學(xué);2004年04期

3 李承,王偉釗,程立,汪為農(nóng),李家濱;基于防火墻日志的網(wǎng)絡(luò)安全審計(jì)系統(tǒng)研究與實(shí)現(xiàn)[J];計(jì)算機(jī)工程;2002年06期

4 張慧敏,何軍,黃厚寬;入侵檢測(cè)系統(tǒng)[J];計(jì)算機(jī)應(yīng)用研究;2001年09期

，

本文編號(hào)：1949609