基于KVM的虚拟机网络监控系统设计与实现

发布时间：2018-05-29 05:07

本文选题：虚拟化安全 + 云监控　；参考：《北京邮电大学》2017年硕士论文

【摘要】：近年来,云计算技术得到了快速发展,各种各样的云服务逐渐走到了社会生活中,云计算得到了越来越广泛的应用,虚拟化技术作为云计算的基础技术,其自身的安全性收到了越来越多的关注,虚拟化安全直接影响着云平台的可靠性。越来越多的专家学者投入到虚拟化安全的研究中。云监控便是云安全领域的重要技术之一。虚拟化技术的出现,改变了以往的计算机系统的体系结构,由于其具有便捷性、高效性和隔离性等特点,现在越来越多的计算系统逐渐向虚拟计算环境靠拢。以往的安全监控系统运行在稳定的计算环境和网络环境,而虚拟化技术改变了传统的计算环境,操作系统不再是直接位于硬件层之上,同一个硬件平台上可以运行多个操作系统,每个系统上运行不同的服务。虚拟化技术的出现给安全监控带来了挑战。面的复杂多变的虚拟计算环境,本文提出了一种透明的虚拟机网络监控系统。针对虚拟机的中运行的不同服务,可以对虚拟机域配置检测规则,将虚拟机与服务类型绑定。主要原理是根据流入和流出虚拟机的所有数据包都会经过虚拟化层的网桥,可以通过检测软件嗅探到所有的网络数据包,监控系统部署在管理域便可以进行特定数据包的过滤和检测。网络防火墙模块是对传统网络防火墙的改进,增加了域自适应检测的功能,根据每个虚拟机域运行的服务进行数据包的过滤。通过虚拟机防火墙的网络数据有两个流向,一是到达目标虚拟机域,二是到达位于管理域的入侵检测模块,入侵检测模块基于Snort改进而来,Snort是基于规则文件的入侵检测系统,能够识别出已经存在的网络攻击行为。入侵检测模块与虚拟机网络防火墙形成联动的系统,入侵检测模块发现攻击行为并能够影响防火墙过滤规则。防火墙域自适应过滤过程能够影响入侵检测的效率。通过实验对系统进行了测试,包括监控系统功能测试和性能测试,经过试验,证明的监控系统的有效性,在不给系统成太大的性能损失的条件下,监控系统增强了云平台的安全性。
[Abstract]:In recent years, cloud computing technology has been rapid development, a variety of cloud services have gradually come to social life, cloud computing has been more and more widely used, virtualization technology as the basic technology of cloud computing, Its own security has received more and more attention. Virtualization security directly affects the reliability of cloud platform. More and more experts and scholars put into the research of virtualization security. Cloud monitoring is one of the most important technologies in the field of cloud security. With the appearance of virtualization technology, the architecture of computer system has been changed. Because of its convenience, efficiency and isolation, more and more computing systems are becoming more and more close to the virtual computing environment. The security monitoring system used to run in the stable computing environment and network environment, but virtualization technology has changed the traditional computing environment, the operating system is no longer directly located on the hardware layer. Multiple operating systems can be run on the same hardware platform, with different services running on each system. The emergence of virtualization technology brings challenges to security monitoring. In this paper, a transparent virtual machine network monitoring system is proposed. For the different services running in the virtual machine, we can configure the detection rules for the virtual machine domain and bind the virtual machine to the service type. The main principle is that all packets flowing into and out of the virtual machine will pass through the bridge of the virtualization layer, and all network packets can be sniffed by the detection software. Monitoring system deployed in the administrative domain can be used to filter and detect specific packets. The network firewall module is an improvement to the traditional network firewall. It adds the function of domain adaptive detection and filters packets according to the service running in each virtual machine domain. There are two flows of network data through virtual machine firewall, one is to reach the target virtual machine domain, the other is to arrive at the intrusion detection module located in the management domain. The intrusion detection module is an intrusion detection system based on rule file, which is improved by Snort. Ability to identify existing network attacks. Intrusion detection module and virtual machine network firewall form a linkage system. Intrusion detection module detects attack behavior and can affect firewall filtering rules. Firewall domain adaptive filtering process can affect the efficiency of intrusion detection. The system is tested through experiments, including the function test and performance test of the monitoring system. The effectiveness of the monitoring system is proved by the experiment, and the performance loss is not too great for the system. Monitoring system enhances the security of cloud platform.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP393.0

【参考文献】