面向云计算的基于Chord协议的安全路径生成算法

发布时间：2018-03-28 08:47

本文选题：云计算　切入点：DoS攻击　出处：《中国民航大学》2017年硕士论文

【摘要】：拒绝服务(Denial of Service,DoS)攻击是云计算平台面临的主要安全威胁之一。针对云计算环境下路由平台容易遭受DoS攻击的问题,研究了基于安全访问路径(Security Access Path,SAP)的云计算路由平台防御DoS攻击的方法。在研究云计算环境中DoS攻击的基础上,根据云计算平台泛联路由策略,基于Chord协议,改进传统安全覆盖网服务(Secure Overlay Service,SOS)方法,提出了安全访问路径算法(Security Access Path Algorithm,SAPA)。该算法在逻辑上将泛联路由平台分为安全接入层、中间层和秘密传输层,利用各个节点维护的节点路由表(Node Route Table,NRT),生成安全路径,并在数据中心与泛联路由平台核心层外围设置过滤策略;该算法采用周期性随机更新角色节点以及缓存安全路径的策略,以保证安全路径的动态性,提高路由平台的安全性以及访问请求处理效率。本文建立了SAPA数学模型,设计验证算法的性能指标。在OMNeT++仿真实验平台中对提出方法进行了仿真测试,并在实际网络环境中搭建Test-bed平台,验证SAPA性能及其对DoS攻击的防御效果;从防御DoS攻击效果的角度将SAPA与SOS进行比较分析,实验结果表明:SAPA有较为理想的通信性能,比SOS更有效地降低DoS攻击对路由平台通信成功率的影响,同时提高了用户访问效率。
[Abstract]:Denial of Service dos) attack is one of the main security threats to cloud computing platform. This paper studies the method of defending DoS attack on cloud computing routing platform based on secure access path (Access path). On the basis of studying DoS attack in cloud computing environment, according to the ubiquitous routing strategy of cloud computing platform, based on Chord protocol, this paper proposes a new approach to protect cloud computing routing platform from DoS attack. By improving the traditional secure Overlay Service SOS method, a secure access path algorithm, Security Access Path algorithm, is proposed, which logically divides the pan-linked routing platform into secure access layer, intermediate layer and secret transport layer. The node routing table (Node Route TableNRTN) maintained by each node is used to generate the secure path, and the filtering strategy is set up around the core layer of the data center and the Pan-Union routing platform, and the algorithm adopts the strategy of periodically updating the role node and caching the security path. In order to ensure the dynamic nature of the secure path and improve the security of the routing platform and the efficiency of access request processing, the SAPA mathematical model is established in this paper. The performance index of the verification algorithm is designed. The proposed method is simulated and tested in the OMNeT simulation experiment platform, and the Test-bed platform is built in the actual network environment to verify the performance of SAPA and its defensive effect on DoS attack. The comparison between SAPA and SOS from the point of view of defending against DoS attack shows that SAPA has better communication performance than SOS, and it can reduce the influence of DoS attack on the communication success rate of routing platform more effectively than SOS. At the same time, it improves the user access efficiency.
【学位授予单位】：中国民航大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP393.08

【相似文献】