Research On Cloud Environment Network Security Monitoring Architecture And Security Assurance

With the widespread application of cloud computing,cloud computing security issues have been gradually highlighted in the literature and it is becoming one of the important factors that restrict the development of cloud computing.Cloud environment has to face with all security threats to which the traditional network environment deals with,and addition,it must also face many new threats due to its big attack surfaces compared to the traditional network,such as with its resource virtualization,highly dynamic,sharing and so on.Facing these problems,on the one hand,cloud service providers crucially need a way to protect network security of the cloud environment;on the other hand,considering that the cloud shields users from underlying information,cloud users need an effective manner to keep abreast of the security status of cloud services.Therefore,researchers put forward cloud security monitoring.Cloud security monitoring can monitor clouds' physical nodes,virtual nodes,software,user status and behaviors,and integrate security tools such as firewall,vulnerability detection,intrusion detection and deep packet inspection.It can also collect and analyze data,visually present results to help administrators or users effectively understand the security situation to protect cloud environment security.Cloud environment is distinguished by its large-scale,complex heterogeneous,flexible and sharing features.Its run-time has been accompanied by the creation,destruction and migration of virtual resources,such that traditional network security monitoring technologies with static structure and physical nodes do not adapt to the characteristics of the cloud environment.Therefore,the design and optimization of the security monitoring architecture and security assurance methods to adapt to cloud environment characteristics is one of the basis for ensuring the best performance of cloud security monitoring,and it's the key issue of cloud security monitoring research.This paper puts research on cloud environment network security monitoring architecture and security assurance.Research on the architecture of cloud environment network security monitoring is carried out to meet scalability,flexibility and adaptability.On this basis,network security assurance methods such as network security hardening based on attack graph,intrusion detection and deep packet inspection for cloud environment are being studied to make them suits the cloud environment characteristics,andimprove practical value.The main research contents are as follows:Firstly,a multi-granularity Pub/Sub model cloud security monitoring architecture based on communication load forecasting is proposed by dividing the monitoring domain to meet the scalability of monitoring architecture,using the publish/subscribe mode to meet elastic requirements,employing the multi-user characteristics of agent and publish / subscribe model to meet comprehensive,and the relationships among timeliness,accuracy and adaptability of multi-granularity adaptive mechanism balance monitoring architecture based on communication load forecasting are proposed.Secondly,with the view of the existing attack graph analysis methods with high complexity and unsatisfactory reinforcement strategy,a generation method of cloud environment network security hardening stretagies based on attack graph is proposed.A risk assessment method is put forward considering the attack difficulty,severity,path length and the importance of target node,calculating the maximum risk coefficient of the attack path by ant colony algorithm,limiting search process by risk threshold,reducing algorithm complexity,using heuristic algorithm to solve the problem of optimal repair set,and calculate network security hardening strategy with low cost.Thirdly,a security intrusion detection method based on feature selection is proposed for large scale and massive data of cloud environment.In view of the shortcomings of existing feature evaluation methods,a heuristic feature selection alogorithm based on average mutual information is proposed.The algorithm takes average mutual information to measure the importance of the features,and truly reflects the relationship of the selected features,selected features and classified labels.For the problem that the algorithm is easy to fall into the local optimum,a heuristic stochastic search algorithm is taked to obtain the smaller feature subset and improve intrusion detection efficiency in a cloud environment.Finally,after analyzing the state explosion problem of DFA,a combination of two DFAs state increase was used to measure the actual state increase of combination of multiple regular expressions.Make the issue of regular expression optimal grouping reduced to k-maximum cut with weighted undirected graph.On this basis,a grouping algorithm of heuristic regular expression for efficient deep package inspection of cloud environment is proposed,which reduces the size of merging DFA and improves efficiency of deep packet inspection.