Research On Cloud-based Network Security Architecture

With the progress of cloud computing,the problem of security is causing attention increasingly,which it impedes the promotion and development of cloud computing.Therefore,cloud computing security has become an urgent problem.Though IT giants and researchers have been devoted to solve the problem,and remarkable achievements have made in many security fields about cloud computing.However,the nature of cloud computing security threats are not analyzed from the source of threats,thus the problem has not been effectively resolved.In order to solve cloud computing being attacked by data tampering,session hijacking,cross-site scripting attacks,SQL injection and other security threats,this dissertation intends to provide customized network security services,scalability and fault tolerance services,detection and filtering services to solve the problem.Cloud computing is built on network services,and its security threats mainly come from network attacks.Nowadays many researchers consider data security about cloud computing as research priorities,but they ignore the fact that malicious network attacks are the root causes of cloud computing security threats.Cloud computing is currently facing with the following challenges in network security:First,cloud computing hosts thousands of types of services,in which each type of security service requirements is not the same,therefore,these services need cloud computing to provide them with customized security services.The existing cloud computing security can not provide such services,and not afford the cost of security devices,configuration,and maintenance and management.Second,the existing defense system uses middlebox chain to protect cloud computing security,but it is lack of effective scalability,fault tolerance,which leads to middlebox overload and even failure when accessing the service flow instantly increases giving rise to middlebox low load when accessing the service flow appears instant attenuation.Third,in order to ensure cloud computing security,the access cloud services stream is required to flow through one or multiple middleboxes in the current program.Because of thousands of security rules and signatures within each middlebox,it needs through a large number of rules and signatures to filter and detect these stream,this leads to increasing service latency,degraded throughput,even no usability.Software defined network(SDN)is a new network-based virtualization architecture with the global static network topology,the entire dynamic network forwarding information,the whole network resource utilization,fault status information,etc.Traditionally,it is merely used as a network service control center.Some studies have attempted prior to combine SDN with middlebox and cloud computing,then control and command them to complete network security detection and filtering.But the studies only focus on a certain type of network security resulting in the lack of overall network security architecture.This dissertation first proposes customized network security cloud service,scalability and fault tolerance service,and fine-grained parallelism detection and filtering services for cloud computing,then to build cloud-based network security architecture(NetSecCC)based on the above services.It has proved by theoretical analysis and experimental results that the architecture can not only prevent from malicious internal and external network attacks,but also provide cloud computing with good scalability and fault tolerance.This dissertation innovations are listed as follows:Firstly,the mutual beneficial integration between SDN,cloud computing and Mbox offers customized network security services,scalability and fault tolerance services,and high-performance variable-grained parallelism detection services for cloud computing network security.Secondly,this dissertation defines the concept and evaluation criteria of customized network security services,and builds its methods and procedures by this way that SDN control middlebox.Thirdly,this dissertation defines the concept and evaluation criteria of scalability and fault tolerance services,and builds their methods and procedures by this way that SDN interacts with middlebox about load resource.Fourthly,this dissertation divides the methods and procedures of fine-grained scanning with respective to the task time,and builds high-performance variable-grained parallelism detection mechanism by automatic detection granularity division.Finally,according to the above researches,this dissertation proposes a new cloudbased network security architecture with low cost,easy maintain,scalability,high fault tolerant and high-performance characteristics.Experimental results show that the architecture can effectively prevent tampering,hijacking,cross-site scripting attacks,SQL injection and other network security attacks.