CAJ | 학술논문

针对当前主流的云安全分析系统存在智能化不高，处理能力不强等缺点，提出了具有并行处理能力的流水化PF_RING的模型，将生物序列匹配算法引入到云入侵检测模型中，并将其与多状态匹配算法、脆弱性评估算法相结合，设计并实现了云安全综合分析系统（Cloud Security Comprehensive Analysis System，CSAS）。实验表明，系统可在海量数据下，对云安全进行流量分析、入侵检测和漏洞扫描，与同类系统相比，处理能力提升近10倍，安全防护提升了65.43%。该系统有效地提高了云安全分析系统入侵检测能力，为云平台的安全性提供了有效的保障。
침대당전주류적운안전분석계통존재지능화불고，처리능력불강등결점，제출료구유병행처리능력적류수화PF_RING적모형，장생물서렬필배산법인입도운입침검측모형중，병장기여다상태필배산법、취약성평고산법상결합，설계병실현료운안전종합분석계통（Cloud Security Comprehensive Analysis System，CSAS）。실험표명，계통가재해량수거하，대운안전진행류량분석、입침검측화루동소묘，여동류계통상비，처리능력제승근10배，안전방호제승료65.43%。해계통유효지제고료운안전분석계통입침검측능력，위운평태적안전성제공료유효적보장。
In view of the shortcomings of current mainstream cloud security analysis system whose intelligence is not high or processing capacity is not strong, the paper puts forward a parallel processing ability of streamline PF_RING model, the biological sequence matching algorithm is introduced into the cloud intrusion detection model, with the combination of state matching algorithm and vulnerability assessment algorithm, so the Cloud Security Comprehensive Analysis System (CSAS)is designed and implemented. Experiments show that the system can carry out flow analysis, intrusion detection and vulnerability scanning under huge amounts of data, compared with the similar system, its processing capacity is pro-moted nearly 10 times and the capacity of security protection is improved 65.43%. This system has effectively improved the ability of cloud security analysis system for intrusion detection, and provides effective protection for the security of cloud platform.