Research On Virtual Network Protection Technology Against Insider Threats For Cloud Computing Environment

As cloud computing technology continues to mature,people are more likely to use cloud services.For most Iaa S cloud services,the tenant's network and data will be hosted in the cloud in the form of virtual network and virtual machine image,and users will lose the absolute control over the network and data.At present,some researches have proposed to transmit user data in the virtual network by means of encrypted tunnel or to audit the data transmitted in the virtual network by means of network monitoring,however,these works focus on the external security threats of virtual network,and pay less attention to the internal threats of virtual network.Since the cloud service provider controls the management interface of the tenant network,malicious cloud managers or internal operations and maintenance personnel may use the privilege to change the tenant network and steal user data.For example,you can directly perform unauthorized operations on the virtual network equipment,and you can perform indirect operations on the virtual network through unauthorized interface calls.Therefore,how to detect and defend against the security threats brought by internal malicious personnel to protect the tenant virtual network has become an important problem to be solved in current cloud computing applications.From the above questions,this paper analysis the behavior of the cloud computing environment provided by the cloud service features and cloud environment internal threat virtual network characteristics,this paper proposes a virtual network security framework for internal threat(VNGuarder),is mainly studied the data forwarding control,building tenant normal behavior and behavior based backtracking method of key technology such as internal threats found.The main research results are as follows:1.This paper proposes a data forwarding control method based on virtual network equipment.This method is based on the SDN idea,firstly,SDN controller is used to monitor the flow table of the network virtual network switch in Iaa S cloud computing environment,so as to make sure that the flow table in the virtual network switch is issued through the SDN controller rather than whether it is the illegal change or injection of malicious internal malicious personnel.Later,when the virtual switch in malicious flow table,SDN controller to forward the information to the monitoring module control module,set by the forward control module control strategy,will be deleted or malicious injection flow chart will be issued again,malicious changes the flow chart of implementation of the virtual network equipment directly manipulate internal blocking malicious behavior.Finally,the simulation experiment is carried out in the cloud environment,show that the proposed method can effectively detect the illegal flow table injected or changed by internal personnel maliciously and has little impact on the connection performance of the virtual network cloud service.2.This paper proposes a behavior building method based on trusted invocation hierarchical association analysis of tenant's normal behavior based on trusted invocation hierarchical association.This method firstly analyzes the life cycle of cloud service virtual network and summarizes the complete process of legal tenant management of virtual network.Secondly,the concept of trusted invocation hierarchical correlation is introduced to analyze the source code of Neutron network component in Openstack,an open source cloud platform.Finally,a finite state machine is used to describe the normal behavior of the tenant,and a finite state machine generation algorithm is presented to construct the normal behavior of the tenant based on trusted call hierarchy association.Finally,verify the effectiveness.3.This paper proposes a method of detecting internal threats in virtual network based on behavior traceability.This method firstly sets up collection points at different levels on different nodes such as virtual network service interface,remote call interface,virtual network management interface,virtual network implementation interface and virtualization process,and then fuses log monitoring and behavior tracing to analyze the behavior information of each interface being invoked.After that,the behavior matching algorithm is presented by comparing with the normal behaviors of the tenants constructed before,and the malicious internal threat behavior is identified by judging whether the behaviors at all levels can be fully matched.Finally,the experiment shows that the method can detect the illegal management of virtual network by internal staff more accurately.4.The VNGuarder prototype was implemented.Firstly,based on the Open Stack framework and the above research results,the design idea,architecture and execution process of VNGuarder are presented.Secondly,build the Open Stack cloud platform on the host and deploy the VNGuarder prototype.Finally,the paper compares the performance of cloud service operating system and host before and after the deployment of VNGuarder,that VNGuarder has better performance and practicability.