基于分布式蜜罐的云端安全机制研究

发布时间：2018-03-20 12:04

本文选题：云计算　切入点：云安全　出处：《江苏科技大学》2014年硕士论文　论文类型：学位论文

【摘要】：自从本世纪初云计算的概念被提出以来，在IT应用领域得到了迅速的发展，越来越多的企业减少了对基础资源的投入，开始租用云计算平台。但是，应用的过快扩张使得云安全技术无法跟上应用的脚步，，导致很多安全漏洞不断涌现。云计算与普通网络相比，运行环境更加复杂，分布式的结构使运营节点遍布网络的各个角落，导致了云安全威胁具有极大的不确定性。事实上，许多云计算部署依赖于计算机集群，在网络上形成一个庞大的目标，容易受到攻击。传统的网络安全技术只能在受到攻击时采取相应的被动应对措施，而无法主动降低云的被攻击概率。本文应用分布式蜜罐技术来解决这个问题。本文设计的分布式蜜罐与分布式的云计算具有结构一致性，能够更加准确地保护云计算框架的安全。在此基础上给出了三种安全机制，分别是：诱骗机制、入侵捕获机制和防卫与报警机制。在对诱骗机制的研究中，首先通过分析云端特征，确定了蜜罐的诱骗目标，然后通过分析黑客的入侵行为习惯确定了蜜罐诱骗模型的结构，最后给出特征端口开放、弱口令设置、云服务模拟和文件系统模拟的四种诱骗策略。在入侵捕获机制中，本文给出了收集主机和网络通信两种数据的方法，然后利用自主设计的规则库给出了对这两种数据进行分析的方法。对于防卫与报警机制，本文研究了阻止型、转移型和修改型三种防卫策略，分别针对三种入侵行为采取防卫。设计了报警与集群报警两种报警方式，对分布云端蜜罐的集群进行报警通报。从分布式结构到三种安全机制，本文比较全面地完成了分布式蜜罐对云的防护，在一定程度上降低了云受攻击的概率，又通过云端蜜罐掌握了入侵者对云的入侵方法，为进一步完善云安全技术提供参考的依据。
[Abstract]:Since the concept of cloud computing was put forward at the beginning of this century, it has developed rapidly in the field of IT applications. More and more enterprises have reduced their investment in basic resources and started renting cloud computing platforms. The rapid expansion of applications makes cloud security technology unable to keep up with the application, leading to the emergence of many security vulnerabilities. Cloud computing is more complex than ordinary networks. The distributed architecture makes operation nodes all over the network, leading to great uncertainty about cloud security threats. In fact, many cloud computing deployments depend on computer clusters and form a huge goal on the network. Traditional network security technology can only take corresponding passive response measures when attacked, but can not actively reduce the probability of cloud attack. This paper applies distributed honeypot technology to solve this problem. The distributed honeypot designed in this paper has the same structure with distributed cloud computing. The security of cloud computing framework can be protected more accurately. On the basis of this, three kinds of security mechanisms are given, namely: decoy mechanism, intrusion capture mechanism and defense and alarm mechanism. Firstly, by analyzing cloud features, the target of honeypot deception is determined, then the structure of honeypot decoy model is determined by analyzing hacker's intrusion behavior habits. Finally, the open feature port and weak password setting are given. In the intrusion capture mechanism, this paper gives two kinds of methods to collect the data of host and network communication, such as cloud service simulation and file system simulation. Then, the method of analyzing these two kinds of data is given by using the self-designed rule base. For the defense and alarm mechanism, this paper studies three kinds of defense strategies: blocking, transferring and modifying. The alarm and cluster alarm are designed to alert the cluster of distributed honeypot. From the distributed structure to three kinds of security mechanisms, this paper completes the protection of the distributed honeypot to the cloud, reduces the probability of cloud attack to a certain extent, and grasps the invader's invading method to the cloud through the cloud honeypot. It provides reference for further improving cloud safety technology.
【学位授予单位】：江苏科技大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】