| Currently cloud computing system is facing a lot of security threats, among which network security is a very important one. However, because cloud platform system is very large and complex, it is very difficult to have a comprehensive understanding and control of the system security. Therefor it’s very necessary to apply network security situation assessment in cloud computing to give a real-time analysis of the network security risk. According to the cloud platform security situation assessment result, administrator can have a clear understanding of the current system security threats. When a security risk occurs, he can make the right decisions in a timely manner and take appropriate measures to prevent the spread of the security threats in cloud platform network.The paper presents the research background and significance at first. Then it gives an explanation of the key technology of cloud platform security situation assessment, including assessment indicators, alert verification and alert correlation in alert processing technology and situation assessment method. Assessment indicators determine the assessment object and according to the characteristics of situation assessment, the selected assessment indicators mainly include threat factors. Through the relevance calculation of the alert and the target host, alert verification can filter out unrelated alerts and false alerts, whose relevance is low, and provides the basis for alert confidence calculation in alert correlation. Alert correlation can correlate the alerts which belong to the same attack process together, forming an attack scene, and use alert verification results to calculate each attack step’s confidence. Assessment method solves how to assess, and uses the outcome attack graph of alert correlation to extract assessment indicators, giving a quantitative assessment of the security risk. After the situation assessment technology research, based on the general risk analysis model, this paper analyses the functional requirement of the system, providing the basis of system design. After that, based on demand analysis, the paper gives the design of system architecture and function module. Because the whole system is very large and data analysis is the core part of the system, the paper presents a detailed design and implementation of the data analysis subsystem of the cloud platform security situation assessment system. The paper shows the experiment and result analysis at last. It gives the experiment method and results of alert verification, alert correlation and risk assessment, and analyzes the results, showing the feasibility and accuracy of above method. |
PDF Full Text Request