摘要
随着安全问题成为云计算面临的主要问题,虽然基于主机、网络的传统入侵检测技术在一定程度上可以保证云计算服务的可靠性和安全性,但会受到欺骗、攻击等威胁。虚拟机监视器具有高度的隔离性和透明性,基于无代理的方式对虚拟机行为和网络信息进行提取分析可以有效提升异常行为检测的准确性和安全性。文章分析了实体环境中的异常行为检测技术,结合传统入侵检测算法提出了基于KVM虚拟化环境的异常行为检测模型,并对检测模型进行了实验和分析。实验结果表明,该模型可以有效检测出客户虚拟机的异常行为。
With the security problem becoming the major problem of cloud computing, the traditional anomaly detection technology based on hosts and network can guarantee the reliability and security of the cloud computing service to a certain extent, but still faces deceiving and attacking threats. VMM has a high degree of isolation and transparency,the analysis of virtual machine behavior and network information can effectively improve the accuracy and security of anomaly behavior detection based on the agentless out-VM monitoring method. This paper analyzes anomaly behavior detection technology on physical environment,mixes the traditional intrusion detection algorithms, proposes anomaty behavior detection method based on KVM virtualization environment, experiments and analyses some aspects of the detection model. The results shows that the model can effectively detect the anomaty behavior of guest OS.
作者
张健
蔡长亮
宫良一
顾兆军
ZHANG Jian;CAI Changliang;GONG Liangyi;GU Zhaojun(School o f Computer Science and Engineering, Tianjin University of Technology, Tianjin 300384, China;Information Security Evaluation Center of Civil Aviation, Civil Aviation University of China, Tiaryjin 300300, China)
出处
《信息网络安全》
CSCD
2017年第11期1-6,共6页
Netinfo Security
基金
国家重点研发计划[2016YFB0800805]
天津市科技服务业科技重大专项[16ZXFWGX00140]
中国民航大学信息安全测评中心开放基金课题[CAAC-ISECCA-201501]
关键词
云计算
虚拟化技术
检测
KVM
异常行为
cloud computing
virtualization technology
detection
KVM
anomaly behavior
