發(fā)布時間：2018-03-20 12:04

  本文選題：云計算　切入點：云安全　出處：《江蘇科技大學》2014年碩士論文　論文類型：學位論文

【摘要】：自從本世紀初云計算的概念被提出以來，在IT應用領域得到了迅速的發(fā)展，越來越多的企業(yè)減少了對基礎資源的投入，開始租用云計算平臺。但是，應用的過快擴張使得云安全技術(shù)無法跟上應用的腳步，，導致很多安全漏洞不斷涌現(xiàn)。云計算與普通網(wǎng)絡相比，運行環(huán)境更加復雜，分布式的結(jié)構(gòu)使運營節(jié)點遍布網(wǎng)絡的各個角落，導致了云安全威脅具有極大的不確定性。事實上，許多云計算部署依賴于計算機集群，在網(wǎng)絡上形成一個龐大的目標，容易受到攻擊。傳統(tǒng)的網(wǎng)絡安全技術(shù)只能在受到攻擊時采取相應的被動應對措施，而無法主動降低云的被攻擊概率。 本文應用分布式蜜罐技術(shù)來解決這個問題。本文設計的分布式蜜罐與分布式的云計算具有結(jié)構(gòu)一致性，能夠更加準確地保護云計算框架的安全。在此基礎上給出了三種安全機制，分別是：誘騙機制、入侵捕獲機制和防衛(wèi)與報警機制。在對誘騙機制的研究中，首先通過分析云端特征，確定了蜜罐的誘騙目標，然后通過分析黑客的入侵行為習慣確定了蜜罐誘騙模型的結(jié)構(gòu)，最后給出特征端口開放、弱口令設置、云服務模擬和文件系統(tǒng)模擬的四種誘騙策略。在入侵捕獲機制中，本文給出了收集主機和網(wǎng)絡通信兩種數(shù)據(jù)的方法，然后利用自主設計的規(guī)則庫給出了對這兩種數(shù)據(jù)進行分析的方法。對于防衛(wèi)與報警機制，本文研究了阻止型、轉(zhuǎn)移型和修改型三種防衛(wèi)策略，分別針對三種入侵行為采取防衛(wèi)。設計了報警與集群報警兩種報警方式，對分布云端蜜罐的集群進行報警通報。 從分布式結(jié)構(gòu)到三種安全機制，本文比較全面地完成了分布式蜜罐對云的防護，在一定程度上降低了云受攻擊的概率，又通過云端蜜罐掌握了入侵者對云的入侵方法，為進一步完善云安全技術(shù)提供參考的依據(jù)。
[Abstract]:Since the concept of cloud computing was put forward at the beginning of this century, it has developed rapidly in the field of IT applications. More and more enterprises have reduced their investment in basic resources and started renting cloud computing platforms. The rapid expansion of applications makes cloud security technology unable to keep up with the application, leading to the emergence of many security vulnerabilities. Cloud computing is more complex than ordinary networks. The distributed architecture makes operation nodes all over the network, leading to great uncertainty about cloud security threats. In fact, many cloud computing deployments depend on computer clusters and form a huge goal on the network. Traditional network security technology can only take corresponding passive response measures when attacked, but can not actively reduce the probability of cloud attack. This paper applies distributed honeypot technology to solve this problem. The distributed honeypot designed in this paper has the same structure with distributed cloud computing. The security of cloud computing framework can be protected more accurately. On the basis of this, three kinds of security mechanisms are given, namely: decoy mechanism, intrusion capture mechanism and defense and alarm mechanism. Firstly, by analyzing cloud features, the target of honeypot deception is determined, then the structure of honeypot decoy model is determined by analyzing hacker's intrusion behavior habits. Finally, the open feature port and weak password setting are given. In the intrusion capture mechanism, this paper gives two kinds of methods to collect the data of host and network communication, such as cloud service simulation and file system simulation. Then, the method of analyzing these two kinds of data is given by using the self-designed rule base. For the defense and alarm mechanism, this paper studies three kinds of defense strategies: blocking, transferring and modifying. The alarm and cluster alarm are designed to alert the cluster of distributed honeypot. From the distributed structure to three kinds of security mechanisms, this paper completes the protection of the distributed honeypot to the cloud, reduces the probability of cloud attack to a certain extent, and grasps the invader's invading method to the cloud through the cloud honeypot. It provides reference for further improving cloud safety technology.
【學位授予單位】：江蘇科技大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP393.08

【參考文獻】

相關(guān)期刊論文 前10條

1 糜嫻雅;李唯佳;;云計算面臨的問題與應對策略研究[J];信息安全與技術(shù);2012年02期

2 姜毅;王偉軍;曹麗;劉凱;陳桂強;;基于開源軟件的私有云計算平臺構(gòu)建[J];電信科學;2013年01期

3 林瑞軍;林毅;;風起云涌:探索新媒體行業(yè)的“云計算”[J];中國傳媒科技;2013年01期

4 盛紅巖;;蜜網(wǎng)系統(tǒng)的設計與實現(xiàn)[J];重慶工學院學報(自然科學版);2007年11期

5 陳全;鄧倩妮;;云計算及其關(guān)鍵技術(shù)[J];計算機應用;2009年09期

6 鄭艷君;;分布式蜜罐技術(shù)分析及系統(tǒng)設計研究[J];制造業(yè)自動化;2012年12期

7 褚麗莉;高影;高明濤;;狀態(tài)檢測防火墻的研究與分析[J];遼寧工學院學報;2006年05期

8 陳特放;劉潔;;基于啟發(fā)式SVM的入侵檢測系統(tǒng)研究[J];企業(yè)技術(shù)開發(fā);2008年08期

9 馮登國;張敏;張妍;徐震;;云計算安全研究[J];軟件學報;2011年01期

10 王海杰;魯漢榕;胡亞慧;;基于移動Agent和蜜罐的入侵檢測系統(tǒng)分析與設計[J];計算機工程與設計;2006年24期

本文編號：1638997