本文選題：云計算 + 異常檢測�。� 參考：《復(fù)旦大學(xué)》2014年碩士論文

【摘要】：云計算是通過Internet以服務(wù)的方式提供動態(tài)可伸縮的虛擬化資源的計算模式。它同時也是一種按使用量付費(fèi)的模式,能夠讓云租戶得到按需的、可用的和便捷的網(wǎng)絡(luò)訪問。云計算按照所提供服務(wù)的層次、側(cè)重點(diǎn)及對象不同可以分為三層：IaaS(基礎(chǔ)設(shè)施作為一種服務(wù))、PaaS(平臺作為一種服務(wù))和SaaS(軟件作為一種服務(wù))。云計算所提供的服務(wù)是基于現(xiàn)有標(biāo)準(zhǔn)化的網(wǎng)絡(luò)協(xié)議,具有特定的格式及標(biāo)準(zhǔn)。然而現(xiàn)有技術(shù)和標(biāo)準(zhǔn)協(xié)議所存在的安全隱患和脆弱性為非法分子敞開了入侵的大門。傳統(tǒng)的網(wǎng)絡(luò)入侵和云計算特有的入侵使得云計算安全問題日益成為一個很重要的研究方向。作為能夠檢測未知入侵行為的異常檢測通常是被當(dāng)作云環(huán)境中入侵檢測的手段和方法。為了檢測云環(huán)境中的異常,需要對云平臺的運(yùn)行狀況進(jìn)行監(jiān)控,并且能夠搜集運(yùn)行時性能數(shù)據(jù)。搜集到的性能數(shù)據(jù)通常都是無標(biāo)記的,因此如何從這些無標(biāo)記的性能數(shù)據(jù)中獲取關(guān)于云服務(wù)器的健康指標(biāo)是本文所關(guān)心的問題。采集到的性能數(shù)據(jù)有很多屬性是不需要關(guān)心的,需要對真正關(guān)乎云服務(wù)器的數(shù)據(jù)維度進(jìn)行簡化。在維度簡化之前通常會對數(shù)據(jù)進(jìn)行預(yù)處理,找出具有不同特征的維度。信息論中的互信息概念可以很好地找出具有最小相關(guān)性并且對目標(biāo)分類參數(shù)具有很大貢獻(xiàn)的數(shù)據(jù)維度。在得到這些敏感的數(shù)據(jù)維度后,可以利用PCA (Principal Component Analysis,主成分分析方法)對有效的高維數(shù)據(jù)進(jìn)一步降維,得到具有很強(qiáng)特征體現(xiàn)的維度,作為后續(xù)異常檢測的度量及評判標(biāo)準(zhǔn)。云環(huán)境中的異常檢測需要快速和準(zhǔn)確,基于分類的異常檢測方法可以作為云環(huán)境中異常檢測方法。SVM (Support Vector Machine,支持向量機(jī))可以對表征云服務(wù)器性能的數(shù)據(jù)實(shí)例進(jìn)行分類,通過對分類檢測出的疑似異常數(shù)據(jù)實(shí)例提交給云安全管理員進(jìn)行確認(rèn),根據(jù)確認(rèn)結(jié)果對SVM分類器逐步迭代,從而不斷完善異常檢測分類模型,達(dá)到自適應(yīng)的目的。本文設(shè)計自適應(yīng)異常檢測模型CAPS (Cloud Adaptive PCA-SVM),從數(shù)據(jù)獲取及預(yù)處理,到高維數(shù)據(jù)維度約簡,最終能夠完成對云環(huán)境中的異常進(jìn)行標(biāo)記和上報告警等功能。本文后續(xù)利用CAPS,從主機(jī)、網(wǎng)絡(luò)、Hypervisor和分布式等幾方面考慮,研究云環(huán)境中特定情形下安全防護(hù)部署策略。最后在OpenStack上利用真實(shí)的云環(huán)境數(shù)據(jù),對所構(gòu)建的CAPS進(jìn)行性能分析,實(shí)驗(yàn)結(jié)果表明,本文提出的CAPS在云環(huán)境中檢測率較高,誤報率較低,速度較快。
[Abstract]:Cloud computing is a computing model that provides dynamic and scalable virtualization resources through the Internet. It is also a pay-as-you-go model, enabling cloud tenants to have on-demand, usable and convenient network access. Cloud computing can be divided into three layers: IaaS (infrastructure as a service) PaaS (platform as a service) and SaaS (software as a service). Cloud computing provides services based on existing standardized network protocols with specific formats and standards. However, the security risks and vulnerabilities of existing technologies and standard protocols open the door for illegal elements to invade. Traditional network intrusion and cloud computing intrusion make cloud computing security a very important research direction. Anomaly detection, which can detect unknown intrusion behavior, is usually used as a means and method of intrusion detection in cloud environment. In order to detect the anomalies in the cloud environment, it is necessary to monitor the performance of the cloud platform and to collect runtime performance data. The collected performance data is usually unmarked, so how to get health index of cloud server from these unmarked performance data is the concern of this paper. There are many properties of the collected performance data that need not be concerned about, and need to simplify the data dimension that is really related to the cloud server. Data are usually preprocessed before dimensionality is simplified to identify dimensions with different characteristics. The concept of mutual information in information theory can find out the data dimension which has the least correlation and has a great contribution to the target classification parameters. After obtaining these sensitive data dimensions, PCA (Principal component Analysis) can be used to further reduce the dimensionality of high-dimensional data, and the dimension with strong characteristics can be obtained, which can be used as the measurement and evaluation standard for subsequent anomaly detection. Anomaly detection in cloud environment needs to be rapid and accurate. Anomaly detection method based on classification can be used as anomaly detection method in cloud environment. SVM (support Vector Machine) can classify data instances that represent the performance of cloud server. By submitting the suspected abnormal data examples to the cloud security administrator for confirmation, the SVM classifier is iterated step by step according to the confirmation results, and the classification model of anomaly detection is continuously improved to achieve the purpose of self-adaptation. In this paper, an adaptive anomaly detection model, caps (Cloud Adaptive PCA-SVM), is designed. From data acquisition and preprocessing to dimensionality reduction of high-dimensional data, the functions of marking anomalies in cloud environment and reporting warnings are finally completed. In this paper, we study the security protection deployment strategy in the cloud environment from the aspects of host, network hypervisor and distributed, with the help of CAPSs. Finally, using the real cloud environment data on OpenStack, the performance of caps is analyzed. The experimental results show that the proposed caps has higher detection rate, lower false alarm rate and faster speed in cloud environment.
【學(xué)位授予單位】：復(fù)旦大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.09

【參考文獻(xiàn)】

相關(guān)期刊論文 前1條

1 彭志豪;李冠宇;;分布式入侵檢測系統(tǒng)研究綜述[J];微電子學(xué)與計算機(jī);2006年09期

，

本文編號：2117292