Fusion And Correlation Analysis Of Privacy Infringement Events In The Cloud Environment

Cloud computing has become a mainstream of the current information technology,with the rapid development of cloud computing,the security problem is increasingly prominent.The cloud environment is dynamic,open and heterogeneous.Malicious programs are easily transferred to the cloud environment.Privacy security has become a problem that must be solved in the development of cloud computing.In the cloud environment,it is easy to destroy the traces of users' privacy theft,and it is difficult to locate and track the source of malicious samples.Therefore,privacy security in the cloud environment has always been a challenge.Aiming at the privacy security problem in cloud environment,a privacy invasion event fusion and correlation analysis system is designed and developed.Firstly,the intrusion detection system BRO is deployed at the entrance of the cloud environment to capture the malicious traffic,and VMI(Virtual Machine Introspection)technology is used to simulate the user environment.At the same time,the network bridge is configured,using Inet Sim(Internet Services Simulating)to provide simple network responses.Then,in the simulated environment,the malicious traffic is analyzed at multiple levels: Dynamic stain tracking analysis obtain the data flow of privacy leakage;Instruction level attack replay analysis get control flow and behavior of files and registries;Continuous memory image analysis compare memory objects to obtain detailed behavior of malicious samples.Inet Sim was used to capture the information related to the network in the three analyses.Meanwhile,the method of snapshot technology and setting synchronization point was used to make the running state of malicious samples in the multiple analyses as consistent as possible.Then,normalization,de-duplication,fusion and malicious determination of dynamic stain tracking,instruction level attack replay,continuous memory image and Inet Sim logs were carried out to obtain the complete timeline,control flow and data flow of the sample,so as to have a clear judgment and analysis on whether there is privacy violation behavior of the sample.Finally,a friendly visual interface was provided by B/S(Browser/Server)architecture.The test results show that the privacy invasion event fusion and correlation analysis system can effectively capture malicious traffic and privacy invasion behavior.The system can analyze the malicious traffic with a success rate of 95%,and fully find the evidence of privacy violation,effectively protecting the privacy and security of the cloud environment.