發(fā)布時間：2018-06-23 15:14

  本文選題：云計算 + 入侵防御��； 參考：《廣東工業(yè)大學(xué)》2014年碩士論文

【摘要】：云計算自從誕生以來就一直是業(yè)界炙手可熱的研究課題,并且隨著計算機技術(shù)的不斷發(fā)展和云計算擁有的高可用性、易擴展性和服務(wù)代價小等優(yōu)點,因此其獲得了廣大IT企業(yè)用戶的青睞。IBM、亞馬遜、谷歌以及阿里巴巴等全球知名的IT企業(yè)也都紛紛相繼建立起自己的云計算中心,很多云計算應(yīng)用也已經(jīng)逐漸的滲透到實際生活中的各個領(lǐng)域。 但是,由于云計算是一種公共基礎(chǔ)設(shè)施,云中的安全也一直是眾多研究者們亟待解決的問題�，F(xiàn)有的一些安全檢測監(jiān)控和防御技術(shù),雖然能夠解決少許的安全問題,但在面對花樣眾多的攻擊者時已經(jīng)力不從心。如傳統(tǒng)的入侵檢測技術(shù)和防火墻技術(shù),雖然入侵檢測技術(shù)能夠檢測出一些具有某些特征的行為,但對系統(tǒng)的審計日志依賴性太強,防火墻技術(shù)也是只能夠做到一些簡單的過濾功能；使得這些工具的使用有些捉襟見肘。面對多種多樣特征的惡意行為,入侵檢測無法做到全面檢測,而且由于系統(tǒng)檢測引擎和日志的單一性,還可能錯誤地將正常的行為當做惡意行為,因此入侵檢測系統(tǒng)有著很高的誤報率和漏報率。同時,入侵檢測系統(tǒng)還具有檢測的滯后性,這也是有很嚴重的安全問題的。即使是將入侵檢測系統(tǒng)和防火墻進行有機結(jié)合,進而組成的入侵防御系統(tǒng)的防御功能也是很有限的,無法做到真正意義上的安全防御。那么,云環(huán)境下入侵防御便應(yīng)運而生。 為了確保云環(huán)境中共享數(shù)據(jù)資源的安全,本文從可信計算和信任理論思想出發(fā),在充分研究分析了云平臺軟硬件以及服務(wù)可信性的基礎(chǔ)上,構(gòu)建出云環(huán)境中的入侵防御模型。 (1)該模型從入侵防御的原理出發(fā),首先從用戶行為出發(fā),實時獲取該用戶的行為特征,然后將這些特征進行規(guī)范化并逐步確定各個特征的權(quán)重后得出用戶節(jié)點的信任度后,再來決定是否為其提供服務(wù)。 (2)對用戶提交的未知安全行為的樣本中實時監(jiān)控采集、獲取行為特征,并從這些特征入手,對用戶提交的文件進行綜合決策分析。再就是對確認為可信的安全用戶提交的樣本文件進行聚類分析,然后利用多種云端的集群服務(wù)器引擎進行檢測并將結(jié)果反饋給用戶,由用戶自己做最終決策。 這樣一來,云端便能夠及時快速、高效的抵御惡意行為的攻擊,改變了傳統(tǒng)入侵防御單兵作戰(zhàn)、各自為營以及檢測防御滯后的狀況,為云用戶提供最大安全限度的入侵防御服務(wù),同時也能夠確保云端能夠抵御攻擊,做到云端和云用戶雙向安全的效果。 最后,對云環(huán)境下基于信任的入侵防御模型進行有效性驗證,對采集獲取的惡意行為樣本進行綜合分析決策,將分析決策的正確率與多個傳統(tǒng)的單兵作戰(zhàn)的防御軟件對比發(fā)現(xiàn),云環(huán)境下基于信任的入侵防御模型具有著更加全面的應(yīng)對多種多樣惡意攻擊行為的能力。
[Abstract]:Cloud computing has been a hot research topic since its birth. With the development of computer technology and high availability, scalability and low cost of service, cloud computing has many advantages. Therefore, it has won the favor of the vast number of IT enterprise users. IBM, Amazon, Google, Alibaba and other world-renowned IT enterprises have also established their own cloud computing centers one after another. Many cloud computing applications have gradually penetrated into the real life of all areas. However, because cloud computing is a public infrastructure, cloud security has always been an urgent problem for many researchers. Some existing security detection, monitoring and defense technologies, although able to solve a few security problems, but in the face of a variety of attackers have been unable to do. For example, the traditional intrusion detection technology and firewall technology, although the intrusion detection technology can detect some behavior with certain characteristics, but it is too dependent on the audit log of the system. Firewall technology is also able to do some simple filtering functions, making the use of these tools a bit overstretched. In the face of a variety of malicious behavior, intrusion detection can not achieve comprehensive detection, and because of the singularity of system detection engine and log, it may mistakenly regard normal behavior as malicious behavior. Therefore, intrusion detection system has a high false alarm rate and false alarm rate. At the same time, intrusion detection system also has the lag of detection, which is also a very serious security problem. Even if the intrusion detection system and the firewall are combined organically, the defense function of the intrusion prevention system is very limited, which can not achieve the real sense of security defense. In that case, intrusion prevention in the cloud environment emerged as the times require. In order to ensure the security of shared data resources in cloud environment, this paper starts from the theory of trusted computing and trust, and analyzes the software and hardware of cloud platform and the credibility of service. The intrusion prevention model in cloud environment is constructed. (1) based on the principle of intrusion prevention, the model firstly acquires the behavior characteristics of the user from the user's behavior in real time. Then these features are normalized and the weight of each feature is determined step by step, and then the trust degree of the user node is obtained. Then decide whether to provide services for them. (2) real-time monitoring and acquisition of user submitted samples of unknown security behavior to obtain behavior characteristics and start with these characteristics to make a comprehensive decision analysis of the documents submitted by users. Then the cluster analysis of the sample files submitted by the trusted secure users is carried out, and then the cluster server engine in various clouds is used to detect and feedback the results to the users, and the final decision is made by the users themselves. In this way, the cloud will be able to resist malicious attacks in a timely, fast and efficient manner, changing the situation of traditional single-combat intrusion prevention operations, individual battalions, and the detection of delays in defense. It can provide the maximum security limit intrusion prevention service for cloud users, but also can ensure cloud can resist attacks, and achieve the effect of cloud and cloud user two-way security. Finally, the validity of the trust based intrusion prevention model in the cloud environment is verified, and the sample of malicious acts collected is comprehensively analyzed and the correct rate of the analysis decision is compared with the traditional defense software of single combat. The trust-based intrusion prevention model in the cloud environment has a more comprehensive ability to deal with a variety of malicious attacks.
【學(xué)位授予單位】：廣東工業(yè)大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08

【引證文獻】

相關(guān)期刊論文 前1條

1 萬方;;淺析云安全檢測技術(shù)的安全問題[J];網(wǎng)絡(luò)安全技術(shù)與應(yīng)用;2015年10期

相關(guān)碩士學(xué)位論文 前2條

1 劉金亮;云計算環(huán)境下基于信任的訪問控制研究[D];河北科技大學(xué);2015年

2 張艷雪;基于模糊—隱馬爾可夫模型的復(fù)合式攻擊預(yù)測方法研究[D];河北師范大學(xué);2015年

，

本文編號：2057549