本文選題：云計(jì)算 + 入侵防御　； 參考：《廣東工業(yè)大學(xué)》2014年碩士論文

【摘要】：云計(jì)算自從誕生以來(lái)就一直是業(yè)界炙手可熱的研究課題,并且隨著計(jì)算機(jī)技術(shù)的不斷發(fā)展和云計(jì)算擁有的高可用性、易擴(kuò)展性和服務(wù)代價(jià)小等優(yōu)點(diǎn),因此其獲得了廣大IT企業(yè)用戶的青睞。IBM、亞馬遜、谷歌以及阿里巴巴等全球知名的IT企業(yè)也都紛紛相繼建立起自己的云計(jì)算中心,很多云計(jì)算應(yīng)用也已經(jīng)逐漸的滲透到實(shí)際生活中的各個(gè)領(lǐng)域。 但是,由于云計(jì)算是一種公共基礎(chǔ)設(shè)施,云中的安全也一直是眾多研究者們亟待解決的問(wèn)題。現(xiàn)有的一些安全檢測(cè)監(jiān)控和防御技術(shù),雖然能夠解決少許的安全問(wèn)題,但在面對(duì)花樣眾多的攻擊者時(shí)已經(jīng)力不從心。如傳統(tǒng)的入侵檢測(cè)技術(shù)和防火墻技術(shù),雖然入侵檢測(cè)技術(shù)能夠檢測(cè)出一些具有某些特征的行為,但對(duì)系統(tǒng)的審計(jì)日志依賴性太強(qiáng),防火墻技術(shù)也是只能夠做到一些簡(jiǎn)單的過(guò)濾功能；使得這些工具的使用有些捉襟見(jiàn)肘。面對(duì)多種多樣特征的惡意行為,入侵檢測(cè)無(wú)法做到全面檢測(cè),而且由于系統(tǒng)檢測(cè)引擎和日志的單一性,還可能錯(cuò)誤地將正常的行為當(dāng)做惡意行為,因此入侵檢測(cè)系統(tǒng)有著很高的誤報(bào)率和漏報(bào)率。同時(shí),入侵檢測(cè)系統(tǒng)還具有檢測(cè)的滯后性,這也是有很嚴(yán)重的安全問(wèn)題的。即使是將入侵檢測(cè)系統(tǒng)和防火墻進(jìn)行有機(jī)結(jié)合,進(jìn)而組成的入侵防御系統(tǒng)的防御功能也是很有限的,無(wú)法做到真正意義上的安全防御。那么,云環(huán)境下入侵防御便應(yīng)運(yùn)而生。 為了確保云環(huán)境中共享數(shù)據(jù)資源的安全,本文從可信計(jì)算和信任理論思想出發(fā),在充分研究分析了云平臺(tái)軟硬件以及服務(wù)可信性的基礎(chǔ)上,構(gòu)建出云環(huán)境中的入侵防御模型。 (1)該模型從入侵防御的原理出發(fā),首先從用戶行為出發(fā),實(shí)時(shí)獲取該用戶的行為特征,然后將這些特征進(jìn)行規(guī)范化并逐步確定各個(gè)特征的權(quán)重后得出用戶節(jié)點(diǎn)的信任度后,再來(lái)決定是否為其提供服務(wù)。 (2)對(duì)用戶提交的未知安全行為的樣本中實(shí)時(shí)監(jiān)控采集、獲取行為特征,并從這些特征入手,對(duì)用戶提交的文件進(jìn)行綜合決策分析。再就是對(duì)確認(rèn)為可信的安全用戶提交的樣本文件進(jìn)行聚類分析,然后利用多種云端的集群服務(wù)器引擎進(jìn)行檢測(cè)并將結(jié)果反饋給用戶,由用戶自己做最終決策。 這樣一來(lái),云端便能夠及時(shí)快速、高效的抵御惡意行為的攻擊,改變了傳統(tǒng)入侵防御單兵作戰(zhàn)、各自為營(yíng)以及檢測(cè)防御滯后的狀況,為云用戶提供最大安全限度的入侵防御服務(wù),同時(shí)也能夠確保云端能夠抵御攻擊,做到云端和云用戶雙向安全的效果。 最后,對(duì)云環(huán)境下基于信任的入侵防御模型進(jìn)行有效性驗(yàn)證,對(duì)采集獲取的惡意行為樣本進(jìn)行綜合分析決策,將分析決策的正確率與多個(gè)傳統(tǒng)的單兵作戰(zhàn)的防御軟件對(duì)比發(fā)現(xiàn),云環(huán)境下基于信任的入侵防御模型具有著更加全面的應(yīng)對(duì)多種多樣惡意攻擊行為的能力。
[Abstract]:Cloud computing has been a hot research topic since its birth. With the development of computer technology and high availability, scalability and low cost of service, cloud computing has many advantages. Therefore, it has won the favor of the vast number of IT enterprise users. IBM, Amazon, Google, Alibaba and other world-renowned IT enterprises have also established their own cloud computing centers one after another. Many cloud computing applications have gradually penetrated into the real life of all areas. However, because cloud computing is a public infrastructure, cloud security has always been an urgent problem for many researchers. Some existing security detection, monitoring and defense technologies, although able to solve a few security problems, but in the face of a variety of attackers have been unable to do. For example, the traditional intrusion detection technology and firewall technology, although the intrusion detection technology can detect some behavior with certain characteristics, but it is too dependent on the audit log of the system. Firewall technology is also able to do some simple filtering functions, making the use of these tools a bit overstretched. In the face of a variety of malicious behavior, intrusion detection can not achieve comprehensive detection, and because of the singularity of system detection engine and log, it may mistakenly regard normal behavior as malicious behavior. Therefore, intrusion detection system has a high false alarm rate and false alarm rate. At the same time, intrusion detection system also has the lag of detection, which is also a very serious security problem. Even if the intrusion detection system and the firewall are combined organically, the defense function of the intrusion prevention system is very limited, which can not achieve the real sense of security defense. In that case, intrusion prevention in the cloud environment emerged as the times require. In order to ensure the security of shared data resources in cloud environment, this paper starts from the theory of trusted computing and trust, and analyzes the software and hardware of cloud platform and the credibility of service. The intrusion prevention model in cloud environment is constructed. (1) based on the principle of intrusion prevention, the model firstly acquires the behavior characteristics of the user from the user's behavior in real time. Then these features are normalized and the weight of each feature is determined step by step, and then the trust degree of the user node is obtained. Then decide whether to provide services for them. (2) real-time monitoring and acquisition of user submitted samples of unknown security behavior to obtain behavior characteristics and start with these characteristics to make a comprehensive decision analysis of the documents submitted by users. Then the cluster analysis of the sample files submitted by the trusted secure users is carried out, and then the cluster server engine in various clouds is used to detect and feedback the results to the users, and the final decision is made by the users themselves. In this way, the cloud will be able to resist malicious attacks in a timely, fast and efficient manner, changing the situation of traditional single-combat intrusion prevention operations, individual battalions, and the detection of delays in defense. It can provide the maximum security limit intrusion prevention service for cloud users, but also can ensure cloud can resist attacks, and achieve the effect of cloud and cloud user two-way security. Finally, the validity of the trust based intrusion prevention model in the cloud environment is verified, and the sample of malicious acts collected is comprehensively analyzed and the correct rate of the analysis decision is compared with the traditional defense software of single combat. The trust-based intrusion prevention model in the cloud environment has a more comprehensive ability to deal with a variety of malicious attacks.
【學(xué)位授予單位】：廣東工業(yè)大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08

【引證文獻(xiàn)】

相關(guān)期刊論文 前1條

1 萬(wàn)方;;淺析云安全檢測(cè)技術(shù)的安全問(wèn)題[J];網(wǎng)絡(luò)安全技術(shù)與應(yīng)用;2015年10期

相關(guān)碩士學(xué)位論文 前2條

1 劉金亮;云計(jì)算環(huán)境下基于信任的訪問(wèn)控制研究[D];河北科技大學(xué);2015年

2 張艷雪;基于模糊—隱馬爾可夫模型的復(fù)合式攻擊預(yù)測(cè)方法研究[D];河北師范大學(xué);2015年

，

本文編號(hào)：2057549