Intrusion Detection Based On D-S Evidence Theory In Private Cloud

In recent years, the development of cloud computing and big data brings convenience for more and more enterprises and individuals. Living in the age of the Internet makes us closer and closer to the cloud. In addition many companies employ private cloud to provide internal services for themselves. However, the complex environment of internal cloud makes the stored data expose to the hacker attack and it is very difficult to guarantee the integrity and confidentiality of the data. Therefore, network security protection measures need to be updated to detect in endlessly attack. From the perspective of network security protection, this paper improves the intrusion detection on the basis of the existing technologies, and integrates the D-S Evidence Theory to the intrusion detection. Then this article designs a new intrusion detection model.First of all, the efficiency of traditional intrusion detection is very low, and the intrusion of hacker is often failed to be detected in time. In the intrusion detection model designed in this paper, the intrusion detection is combined to the honeypot technology. Many honeypots are set up in the network. The honeypots trap the attacker to scan by binding free IP address and virtual operating system, and then record the intrusion behavior for the snort intrusion detection system to analysis. At last we achieve the purpose of active defense.Second, a large number of alarm with the original information are produced by the intrusion detection system, each alarm may be associated with a variety of attacks. This makes it difficult for network administrator to analysis the attack issue through alarms. Aiming at this problem, an alarm recognition module is designed in this paper. First, characteristics of potential attack types of data are extracted, then dig their indicators. Then build the initial belief attribution of the distance between the target sample and the attack data sample through D-S evidence theory, calculate the comprehensive belief of each attack through the D-S fusion rule. Then identify the target alarm through the judgment rule.In this paper, the designed intrusion detection model is simulated on the VMware vSphere simple private cloud platform., which can simulate internal private cloud architecture. The honeypot network can be built on the ESXi operating system through the VMware Client after combining. Then multiple snort intrusion system can be built in different nodes. The environment of the network is protected by the honeypot and the snort together.Finally, in this paper, a test is conducted. The results shows that D-S evidence theory module can complete the task very well, the network administrator can have a more clear ideas on alerts so that to adjust the network and take defensive measures.