作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2013, Vol. 39 ›› Issue (6): 21-27,33. doi: 10.3969/j.issn.1000-3428.2013.06.004

• 专栏 • 上一篇    下一篇

基于云计算架构的网络入侵协同预警技术

许 佳1,苏璞睿2,符易阳1,3   

  1. (1. 江南计算技术研究所,江苏 无锡 214083;2. 中国科学院软件研究所信息安全国家重点实验室,北京 100049; 3. 北京大学信息科学技术学院,北京 100871)
  • 收稿日期:2012-05-02 出版日期:2013-06-15 发布日期:2013-06-14
  • 作者简介:许 佳(1981-),男,工程师、博士,主研方向:网络与系统安全,云计算;苏璞睿,副研究员、博士;符易阳,硕士研究生
  • 基金资助:

    国家“863”计划基金资助项目(2009AA01Z435)

Collaborative Warning Technology Against Network Intrusions Based on Cloud Computing Architecture

XU Jia    1, SU Pu-rui     2, FU Yi-yang     1,3   

  1. (1. Jiangnan Institute of Computing Technology, Wuxi 214083, China; 2. State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing 100049, China; 3. School of Electronics Engineering and Computer Science, Peking University, Beijing 100871, China)
  • Received:2012-05-02 Online:2013-06-15 Published:2013-06-14

摘要:

目前主流的网络预警系统普遍存在自适应性差和协同分析能力弱等问题。为此,提出一种基于云计算架构的大规模网络入侵协同预警技术,采用基于分布式哈希表的分布式报警消息存储和查询算法,利用树状对等覆盖网实现入侵关联分析的自适应任务调度。实验结果表明,使用该技术实现报警聚合和关联分析,不仅能使网络预警系统架构具备较好的扩展性,并且可以缩短大规模网络入侵的预警反应时间,同时保证报警关联分析的准确度。

关键词: 大规模入侵, 协同预警, 云计算, 分布式调度, 报警关联

Abstract:

Current prevalent network warning systems generally lack of ability of self-adaption and collaborarive analysis. A collaborative warning technology against massive network invasions is proposed, which is based on cloud computing architecture. This technology implements the global sharing of network intrusion alerts using distributed hash table, and adopts a tree-structured Peer-to-Peer(P2P) overlay, so that the task scheduling of intrusion correlation can be handled in a self-adaptive way. Experimental results based on a proof-of-concept prototype system demonstrate that, the alert aggregation and correlation through this technology, not only make the architechture of network warning system highly scalable, but also remarkably reduce the reaction time of warning against massive network intrusions without degradation in accuracy.

Key words: massive intrusion, collaborative warning, cloud computing, distributed scheduling, alerts correlation

中图分类号: