云环境下基于信任的入侵防御研究与分析

发布时间：2018-06-23 15:14

本文选题：云计算 + 入侵防御　；参考：《广东工业大学》2014年硕士论文

【摘要】：云计算自从诞生以来就一直是业界炙手可热的研究课题,并且随着计算机技术的不断发展和云计算拥有的高可用性、易扩展性和服务代价小等优点,因此其获得了广大IT企业用户的青睐。IBM、亚马逊、谷歌以及阿里巴巴等全球知名的IT企业也都纷纷相继建立起自己的云计算中心,很多云计算应用也已经逐渐的渗透到实际生活中的各个领域。但是,由于云计算是一种公共基础设施,云中的安全也一直是众多研究者们亟待解决的问题。现有的一些安全检测监控和防御技术,虽然能够解决少许的安全问题,但在面对花样众多的攻击者时已经力不从心。如传统的入侵检测技术和防火墙技术,虽然入侵检测技术能够检测出一些具有某些特征的行为,但对系统的审计日志依赖性太强,防火墙技术也是只能够做到一些简单的过滤功能；使得这些工具的使用有些捉襟见肘。面对多种多样特征的恶意行为,入侵检测无法做到全面检测,而且由于系统检测引擎和日志的单一性,还可能错误地将正常的行为当做恶意行为,因此入侵检测系统有着很高的误报率和漏报率。同时,入侵检测系统还具有检测的滞后性,这也是有很严重的安全问题的。即使是将入侵检测系统和防火墙进行有机结合,进而组成的入侵防御系统的防御功能也是很有限的,无法做到真正意义上的安全防御。那么,云环境下入侵防御便应运而生。为了确保云环境中共享数据资源的安全,本文从可信计算和信任理论思想出发,在充分研究分析了云平台软硬件以及服务可信性的基础上,构建出云环境中的入侵防御模型。 (1)该模型从入侵防御的原理出发,首先从用户行为出发,实时获取该用户的行为特征,然后将这些特征进行规范化并逐步确定各个特征的权重后得出用户节点的信任度后,再来决定是否为其提供服务。 (2)对用户提交的未知安全行为的样本中实时监控采集、获取行为特征,并从这些特征入手,对用户提交的文件进行综合决策分析。再就是对确认为可信的安全用户提交的样本文件进行聚类分析,然后利用多种云端的集群服务器引擎进行检测并将结果反馈给用户,由用户自己做最终决策。这样一来,云端便能够及时快速、高效的抵御恶意行为的攻击,改变了传统入侵防御单兵作战、各自为营以及检测防御滞后的状况,为云用户提供最大安全限度的入侵防御服务,同时也能够确保云端能够抵御攻击,做到云端和云用户双向安全的效果。最后,对云环境下基于信任的入侵防御模型进行有效性验证,对采集获取的恶意行为样本进行综合分析决策,将分析决策的正确率与多个传统的单兵作战的防御软件对比发现,云环境下基于信任的入侵防御模型具有着更加全面的应对多种多样恶意攻击行为的能力。
[Abstract]:Cloud computing has been a hot research topic since its birth. With the development of computer technology and high availability, scalability and low cost of service, cloud computing has many advantages. Therefore, it has won the favor of the vast number of IT enterprise users. IBM, Amazon, Google, Alibaba and other world-renowned IT enterprises have also established their own cloud computing centers one after another. Many cloud computing applications have gradually penetrated into the real life of all areas. However, because cloud computing is a public infrastructure, cloud security has always been an urgent problem for many researchers. Some existing security detection, monitoring and defense technologies, although able to solve a few security problems, but in the face of a variety of attackers have been unable to do. For example, the traditional intrusion detection technology and firewall technology, although the intrusion detection technology can detect some behavior with certain characteristics, but it is too dependent on the audit log of the system. Firewall technology is also able to do some simple filtering functions, making the use of these tools a bit overstretched. In the face of a variety of malicious behavior, intrusion detection can not achieve comprehensive detection, and because of the singularity of system detection engine and log, it may mistakenly regard normal behavior as malicious behavior. Therefore, intrusion detection system has a high false alarm rate and false alarm rate. At the same time, intrusion detection system also has the lag of detection, which is also a very serious security problem. Even if the intrusion detection system and the firewall are combined organically, the defense function of the intrusion prevention system is very limited, which can not achieve the real sense of security defense. In that case, intrusion prevention in the cloud environment emerged as the times require. In order to ensure the security of shared data resources in cloud environment, this paper starts from the theory of trusted computing and trust, and analyzes the software and hardware of cloud platform and the credibility of service. The intrusion prevention model in cloud environment is constructed. (1) based on the principle of intrusion prevention, the model firstly acquires the behavior characteristics of the user from the user's behavior in real time. Then these features are normalized and the weight of each feature is determined step by step, and then the trust degree of the user node is obtained. Then decide whether to provide services for them. (2) real-time monitoring and acquisition of user submitted samples of unknown security behavior to obtain behavior characteristics and start with these characteristics to make a comprehensive decision analysis of the documents submitted by users. Then the cluster analysis of the sample files submitted by the trusted secure users is carried out, and then the cluster server engine in various clouds is used to detect and feedback the results to the users, and the final decision is made by the users themselves. In this way, the cloud will be able to resist malicious attacks in a timely, fast and efficient manner, changing the situation of traditional single-combat intrusion prevention operations, individual battalions, and the detection of delays in defense. It can provide the maximum security limit intrusion prevention service for cloud users, but also can ensure cloud can resist attacks, and achieve the effect of cloud and cloud user two-way security. Finally, the validity of the trust based intrusion prevention model in the cloud environment is verified, and the sample of malicious acts collected is comprehensively analyzed and the correct rate of the analysis decision is compared with the traditional defense software of single combat. The trust-based intrusion prevention model in the cloud environment has a more comprehensive ability to deal with a variety of malicious attacks.
【学位授予单位】：广东工业大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【引证文献】