云系统的安全性增强算法研究

doi:10.19678/j.issn.1000-3428.0051762

计算机工程 ›› 2019, Vol. 45 ›› Issue (10): 150-154,159. doi: 10.19678/j.issn.1000-3428.0051762

云系统的安全性增强算法研究

张伟^1,2, 王宜怀²

1. 咸阳师范学院计算机学院, 陕西咸阳 712000;
2. 苏州大学计算机科学与技术学院, 江苏苏州 215006

收稿日期:2018-06-06 修回日期:2018-09-04 出版日期:2019-10-15 发布日期:2018-09-17
作者简介:张伟(1981-),男,副教授,主研方向为网络安全、云计算、嵌入式系统、物联网;王宜怀,教授、博士生导师。
基金资助:
国家自然科学基金（61672369）；陕西省教育厅科研计划项目（18JK0838）；陕西省科技厅软科学研究计划项目（2018KRM145）。

Research on Security Enhancement Algorithm in Cloud System

ZHANG Wei^1,2, WANG Yihuai²

1. School of Computer Science, Xianyang Normal University, Xianyang, Shaanxi 712000, China;
2. School of Computer Science and Technology, Soochow University, Suzhou, Jiangsu 215006, China

Received:2018-06-06 Revised:2018-09-04 Online:2019-10-15 Published:2018-09-17

摘要/Abstract

摘要： 当前云系统的安全防护主要针对单一方面进行，难以做到全方位防护且不具备评估云系统安全性的能力。为此，提出一种安全性增强算法。通过4级流水化PF_RING提升云系统的吞吐率和并行性，应用基于神经网络的分析方法进行安全性检测，采用最佳选择算法对安全性进行评估。实验结果表明，该算法能够在云系统中实时进行网络流量捕获和漏洞检测等操作，平均入侵防护率达94.1%，报文捕获率达97.6%，提高了在高速网络环境下对网络数据的实时分析处理能力。

关键词: 云系统, 安全性, 增强算法, 入侵检测, 报文捕获

Abstract: The current security protection of cloud system is mainly carried out in a single aspect.It is difficult to achieve comprehensive security protection and it lacks the ability to evaluate the security of cloud system.Therefore,a security enhancement algorithm is proposed.The throughput rate and parallelism of the cloud system are improved by the fourth-level fluidization PF_RING,an analysis method based on neural network is applied to detect the security of the cloud system,and the optimal selection algorithm is used to evaluate the security of the cloud system.Experimental results show that the proposed algorithm can process network traffic capture and vulnerability detection in the cloud system in real time,the average invasion protection capacity reaches 94.1%,the packet capture rate of cloud system reaches 97.6%,and its real-time analysis and processing ability of network data in high-speed network environment are improved.

Key words: cloud system, security, enhancement algorithm, invasion detection, packet capture

中图分类号:

TP309

张伟, 王宜怀. 云系统的安全性增强算法研究[J]. 计算机工程, 2019, 45(10): 150-154,159.

ZHANG Wei, WANG Yihuai. Research on Security Enhancement Algorithm in Cloud System[J]. Computer Engineering, 2019, 45(10): 150-154,159.

http://www.ecice06.com/CN/Y2019/V45/I10/150

图/表 8

20191014194229

20191014194232

20191014194235

20191014194238

20191014194242

20191014194244

20191014194247

20191014194250

参考文献 20

[1]	ZISSIS D,LEKKAS D.Addressing cloud computing security issues[J].Future Generation Computer Systems,2012,28(3):583-592.
[2]	WANG Cong,WANG Qian,REN Kui,et al.Privacy-preserving public auditing for data storage security in cloud computing[C]//Proceedings of the 29th IEEE International Conference on Computer Communications,Joint Conference of the IEEE Computer and Communications Societies.Washington D.C.,USA:IEEE Press,2010:1-9.
[3]	HONG Gang,HEYGSTER G,NOTHOLT J,et al. Simulations of microwave brightness temperatures at AMSU-B frequencies over a 3D convective cloud system[J].International Journal of Remote Sensing,2010,31(7):1781-1800.
[4]	SULLIVAN M.Tribeca:a stream database manager for network traffic analysis[C]//Proceedings of International Conference on Very Large Data Bases.New York,USA:ACM Press,1996:594.
[5]	TEUTON J,PETERSON E,NORDWALL D,et al.LINEBACkER:bio-inspired data reduction toward real time network traffic analysis[C]//Proceedings of the 6th International Symposium on Resilient Control Systems.Washington D.C.,USA:IEEE Press,2013:170-174.
[6]	JACK K,ROWELL D,FUGUANG S H I,et al.Network traffic analysis using a flow table:US 8169910B1[P].2013-04-30.
[7]	SOMMER R,PAXSON V.Outside the closed world:on using machine learning for network intrusion detection[C]//Proceedings of 2010 IEEE Symposium on Security and Privacy.Washington D.C.,USA:IEEE Press,2010:305-316.
[8]	CORCHADO E,HERRERO Á.Neural visualization of network traffic data for intrusion detection[J].Applied Soft Computing,2011,11(2):2042-2056.
[9]	KOTENKO I,STEPASHKIN M.Attack graph based evaluation of network security[C]//Proceedings of Communications and Multimedia Security.Berlin,Germany:Springer,2006:216-227.
[10]	ALBERTS C J,DOROFEE A.Managing information security risks:the OCTAVE approach [M].Boston,USA:Addison-Wesley Longman Publishing,2002.
[11]	CHAPMAN C,WARD S.Project risk management:processes,techniques and insights [M].Hoboken,USA:Wiley,1996.
[12]	RITCHEY R W,AMMANN P.Using model checking to analyze network vulnerabilities[C]//Proceedings of 2000 IEEE Symposium on Security and Privacy.Washington D.C.,USA:IEEE Press,2000:156-165.
[13]	HA S,SHEYNER O,WING J M.Minimization and reliability analyses of attack graphs [EB/OL].[2018-05-20].http://pdfs.semanticscholar.org/2480/93713c93916ad4063f916294d1fac683aa7d.pdf.
[14]	LYE K,WING J M.Game strategies in network security[J].International Journal of Information Security,2005,4(1/2):71-86.
[15]	ROTHMAIER G,KRUMM H.A framework based approach for formal modeling and analysis of multi-level attacks in computer networks[C]//Proceedings of International Conference on Formal Techniques for Networked and Distributed Systems.Berlin,Germany:Springer,2005:247-260.
[16]	MADAN B B,GOŠEVA-POPSTOJANOVA K,VAIDYANATHAN K,et al.A method for modeling and quantifying the security attributes of intrusion tolerant systems[J].Performance valuation,2004,56(1):167-186.
[17]	SINGH S,LYONS J,NICOL D M.Fast model-based penetration testing[C]//Proceedings of the 2004 Winter Simulation Conference.Berlin,Germany:Springer,2004:309-317.
[18]	KOTENKO I,STEPASHKIN M.Attack graph based evaluation of network security[C]//Proceedings of IFIP International Conference on Communications and Multimedia Security.Berlin,Germany:Springer,2006:216-227.
[19]	LI Wei,CANINI M,MOORE A W,et al.Efficient application identification and the temporal and spatial stability of classification schema[J].Computer Networks,2009,53(6):790-809.
[20]	张伟,解争龙,丁要军,等.GPU Openflow海量网络数据处理模型[J].计算机应用,2014,34(8):2243-2247.

选择文件类型/文献管理软件名称

选择包含的内容

云系统的安全性增强算法研究

Research on Security Enhancement Algorithm in Cloud System

RichHTML

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 8

参考文献 20

相关文章 15

编辑推荐

Metrics

本文评价

[1]	陈仲磊, 伊鹏, 陈祥, 胡涛. 基于集成学习的系统调用实时异常检测框架[J]. 计算机工程, 2023, 49(6): 162-169,179.
[2]	张雷, 鲍蓉, 朱永红, 史新国. 基于CSA-ResNet的人员入侵检测方法[J]. 计算机工程, 2023, 49(4): 297-302,311.
[3]	石磊, 张吉涛, 高宇飞, 卫琳, 陶永才. 基于Transformer与BiLSTM的网络流量入侵检测[J]. 计算机工程, 2023, 49(3): 29-36,57.
[4]	刘强, 张颖, 周卫祥, 蒋先涛, 周薇娜, 周谋国. 自适应类增量学习的物联网入侵检测系统[J]. 计算机工程, 2023, 49(2): 169-174.
[5]	孙扬威, 戚湧. 基于聚类混合采样与PSO-Stacking的车载CAN入侵检测方法[J]. 计算机工程, 2023, 49(1): 138-145.
[6]	刘金硕, 詹岱依, 邓娟, 王丽娜. 基于深度神经网络和联邦学习的网络入侵检测[J]. 计算机工程, 2023, 49(1): 15-21,30.
[7]	董卫宇, 李海涛, 王瑞敏, 任化娟, 孙雪凯. 基于堆叠卷积注意力的网络流量异常检测模型[J]. 计算机工程, 2022, 48(9): 12-19.
[8]	丁晓晖, 曹素珍, 王彩芬. 智能合约辅助下满足前后向安全的动态可搜索加密方案[J]. 计算机工程, 2022, 48(7): 141-150.
[9]	金海波, 赵欣越. 共形预测框架下的高可靠入侵检测算法[J]. 计算机工程, 2022, 48(7): 130-140.
[10]	张超, 彭长根, 丁红发, 许德权. 基于国密SM9的可搜索加密方案[J]. 计算机工程, 2022, 48(7): 159-167.
[11]	生龙, 袁丽娜, 武南南, 姬少培. 基于GSA与DE优化混合核ELM的网络异常检测模型[J]. 计算机工程, 2022, 48(6): 146-153.
[12]	李晋国, 焦旭斌. 雾计算环境下入侵检测模型研究[J]. 计算机工程, 2022, 48(5): 43-52.
[13]	李秋贤, 周全兴, 王振龙, 丁红发, 潘齐欣. 基于隐私保护的可证明安全委托计算协议[J]. 计算机工程, 2021, 47(5): 131-137.
[14]	蔡爵嵩, 严迎建, 朱春生. 结合协方差与变异系数的密码芯片能量泄漏评估模型[J]. 计算机工程, 2021, 47(3): 37-42,52.
[15]	王琦, 曹卫权, 梁杰, 李赟, 吴杰. 面向端到端溯源攻击对手的Tor安全性模型[J]. 计算机工程, 2021, 47(11): 136-143.

模态框（Modal）标题

选择文件类型/文献管理软件名称

选择包含的内容

云系统的安全性增强算法研究

Research on Security Enhancement Algorithm in Cloud System

RichHTML

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 8

参考文献 20

相关文章 15

编辑推荐

Metrics

本文评价