期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

云安全综合分析系统的设计与实现 被引量:3

Design and implementation of cloud security comprehensive analysis system
下载PDF
导出
摘要 针对当前主流的云安全分析系统存在智能化不高,处理能力不强等缺点,提出了具有并行处理能力的流水化PF_RING的模型,将生物序列匹配算法引入到云入侵检测模型中,并将其与多状态匹配算法、脆弱性评估算法相结合,设计并实现了云安全综合分析系统(Cloud Security Comprehensive Analysis System,CSAS)。实验表明,系统可在海量数据下,对云安全进行流量分析、入侵检测和漏洞扫描,与同类系统相比,处理能力提升近10倍,安全防护提升了65.43%。该系统有效地提高了云安全分析系统入侵检测能力,为云平台的安全性提供了有效的保障。 In view of the shortcomings of current mainstream cloud security analysis system whose intelligence is not high or processing capacity is not strong, the paper puts forward a parallel processing ability of streamline PF_RING model,the biological sequence matching algorithm is introduced into the cloud intrusion detection model, with the combination of state matching algorithm and vulnerability assessment algorithm, so the Cloud Security Comprehensive Analysis System(CSAS)is designed and implemented. Experiments show that the system can carry out flow analysis, intrusion detection and vulnerability scanning under huge amounts of data, compared with the similar system, its processing capacity is promoted nearly 10 times and the capacity of security protection is improved 65.43%. This system has effectively improved the ability of cloud security analysis system for intrusion detection, and provides effective protection for the security of cloud platform.
作者 张伟 董群锋
机构地区 咸阳师范学院信息工程学院 咸阳师范学院物理与电子信息工程学院
出处 《计算机工程与应用》 CSCD 2014年第19期89-94,共6页 Computer Engineering and Applications
基金 国家自然科学基金(No.61102018) 陕西省教育厅科研计划项目(No.12JK0933) 咸阳师范学院专项科研基金(No.12XSYK068)
关键词 云安全 云安全分析系统 入侵检测系统 流量分析 cloud security cloud security analysis system Intrusion Detection System(IDS) network traffic analysis
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献16

  • 1Armbrust M,Fox A,Griffith R,et al.A view of cloud computing[J].Communications of the ACM,2010,53(4):50-58.
  • 2冯登国,张敏,张妍,徐震.云计算安全研究[J].软件学报,2011,22(1):71-83. 被引量:1072
  • 3Buyya R,Yeo C S,Venugopal S,et al.Cloud computing and emerging IT platforms:vision,hype,and reality for delivering computing as the 5th utility[J].Future Generation Computer Systems,2009,25(6):599-616.
  • 4Zissis D,Lekkas D.Addressing cloud computing security issues[J].Future Generation Computer Systems,2012,28(3):583-592.
  • 5Fusco F,Deri L.High speed network traffic analysis with commodity multi-core systems[C]//Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement.[S.l.]:ACM,2010:218-224.
  • 6Teuton J,Peterson E,Nordwall D,et al.LINEBACkER:Bio-inspired data reduction toward real time network traffic analysis[C]//Proceedings of the 6th International Symposium on Resilient Control Systems(ISRCS).[S.l.]:IEEE,2013:170-174.
  • 7Sommer R,Paxson V.Outside the closed world:On using machine learning for network intrusion detection[C]//Proceedings of the IEEE Symposium on Security and Privacy(SP).[S.l.]:IEEE,2010:305-316.
  • 8Corchado E,Herreroá.Neural visualization of network traffic data for intrusion detection[J].Applied Soft Computing,2011,11(2):2042-2056.
  • 9Deri L,Suin S.Effective traffic measurement using ntop[J].Communications Magazine,2000,38(5):138-143.
  • 10聂楚江,赵险峰,陈恺,韩正清.一种微观漏洞数量预测模型[J].计算机研究与发展,2011,48(7):1279-1287. 被引量:7

二级参考文献73

  • 1罗武庭.DJ—2可变矩形电子束曝光机的DMA驱动程序[J].LSI制造与测试,1989,10(4):20-26. 被引量:373
  • 2Organization for the Advancement of Structured Information Standards (OASIS) http://www.oasis-open.org/.
  • 3Distributed Management Task Force (DMTF) http://www.dmtf.org/home.
  • 4Cloud Security Alliance http://www.cloudsecurityalliance.org.
  • 5Crampton J, Martin K, Wild P. On key assignment for hierarchical access control. In: Guttan J, ed, Proc. of the 19th IEEE Computer Security Foundations Workshop--CSFW 2006. Venice: IEEE Computer Society Press, 2006. 5-7.
  • 6Damiani E, De S, Vimercati C, Foresti S, Jajodia S, Paraboschi S, Samarati P. An experimental evaluation of multi-key strategies for data outsourcing. In: Venter HS, Eloff MM, Labuschagne L, Eloff JHP, Solms RV, eds. New Approaches for Security, Privacy and Trust in Complex Environments, Proc. of the IFIP TC-11 22nd Int'l Information Security Conf. Sandton: Springer-Verlag, 2007. 395-396.
  • 7Bethencourt J, Sahai A, Waters B. Ciphertext-Policy attribute-based encryption. In: Shands D, ed. Proc. of the 2007 IEEE Symp. on Security and Privacy. Oakland: IEEE Computer Society, 2007. 321-334. [doi: 10.1109/SP.2007.11].
  • 8Yu S, Ren K, Lou W, Li J. Defending against key abuse attacks in KP-ABE enabled broadcast systems. In: Bao F, ed. Proc. of the 5th Int'l Conf. on Security and Privacy in Communication Networks. Singapore: Springer-Verlag, http://www.linkpdf.com/ ebook-viewer.php?url=http://www.ualr.edu/sxyul/file/SecureCommO9_AFKP_ABE.pdf.
  • 9Ibraimi L, Petkovic M, Nikova S, Hartel P, Jonker W. Ciphertext-Policy attribute-based threshold decryption with flexible delegation and revocation of user attributes. Technical Report, Centre for Telematics and Information Technology, University of Twente, 2009.
  • 10Roy S, Chuah M. Secure data retrieval based on ciphertext policy attribute-based encryption (CP-ABE) system for the DTNs. Technical Report, 2009.

共引文献1086

同被引文献23

引证文献3

二级引证文献7

计算机工程与应用
2014年 第19期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部