计算机研究与发展
計算機研究與髮展
계산궤연구여발전
Journal of Computer Research and Development
2015年
8期
1873-1882
,共10页
王一川%马建峰%卢笛%张留美%孟宪佳
王一川%馬建峰%盧笛%張留美%孟憲佳
왕일천%마건봉%로적%장류미%맹헌가
云计算%网络安全%入侵检测%DDoS攻击%博弈论
雲計算%網絡安全%入侵檢測%DDoS攻擊%博弈論
운계산%망락안전%입침검측%DDoS공격%박혁론
cloud computing%network security%intrusion detection%DDoS attack%game theory
结合传统基于虚拟机内省(virtual machine introspection‐based ,VMI)和基于网络(network‐based)入侵检测系统(intrusion detection system ,IDS)的特点,提出一种部署在云服务器集群内部的协同入侵检测系统(virtual machine introspection & network‐based IDS ,VMI‐N‐IDS)来抵御云环境内部分布式拒绝服务攻击(distributed denial of service ,DDoS)攻击威胁,比如“云滴冻结”攻击。将入侵检测系统和攻击者看作是博弈的双方,提出一种针对云服务器集群内部DDoS攻击与检测的博弈论模型;分别给出博弈双方的效用函数,并证明了该模型子博弈精炼纳什均衡;给出了权衡误报率和恶意软件规模控制的最佳防御策略,解决了动态调整云环境内部入侵检测策略的问题。实验表明,V M I‐N‐IDS能够有效抵御云环境内部DDoS攻击威胁。
結閤傳統基于虛擬機內省(virtual machine introspection‐based ,VMI)和基于網絡(network‐based)入侵檢測繫統(intrusion detection system ,IDS)的特點,提齣一種部署在雲服務器集群內部的協同入侵檢測繫統(virtual machine introspection & network‐based IDS ,VMI‐N‐IDS)來牴禦雲環境內部分佈式拒絕服務攻擊(distributed denial of service ,DDoS)攻擊威脅,比如“雲滴凍結”攻擊。將入侵檢測繫統和攻擊者看作是博弈的雙方,提齣一種針對雲服務器集群內部DDoS攻擊與檢測的博弈論模型;分彆給齣博弈雙方的效用函數,併證明瞭該模型子博弈精煉納什均衡;給齣瞭權衡誤報率和噁意軟件規模控製的最佳防禦策略,解決瞭動態調整雲環境內部入侵檢測策略的問題。實驗錶明,V M I‐N‐IDS能夠有效牴禦雲環境內部DDoS攻擊威脅。
결합전통기우허의궤내성(virtual machine introspection‐based ,VMI)화기우망락(network‐based)입침검측계통(intrusion detection system ,IDS)적특점,제출일충부서재운복무기집군내부적협동입침검측계통(virtual machine introspection & network‐based IDS ,VMI‐N‐IDS)래저어운배경내부분포식거절복무공격(distributed denial of service ,DDoS)공격위협,비여“운적동결”공격。장입침검측계통화공격자간작시박혁적쌍방,제출일충침대운복무기집군내부DDoS공격여검측적박혁론모형;분별급출박혁쌍방적효용함수,병증명료해모형자박혁정련납십균형;급출료권형오보솔화악의연건규모공제적최가방어책략,해결료동태조정운배경내부입침검측책략적문제。실험표명,V M I‐N‐IDS능구유효저어운배경내부DDoS공격위협。
A collaborative intrusion detection system ( IDS ) model , entitled virtual machine introspection & network‐based IDS (VMI‐N‐IDS ) is proposed , which is based on traditional introspection‐based IDS and network‐based IDS , for the defense of internal distributed denial of service (DDoS) attack threat of cloud cluster (e .g .cloud droplets freezing ,CDF Attack) .The CDF attack can exhaust the internal bandwidth of the cluster , the CPU and the memory resources of physical servers .Based on the game theory ,IDS and attacker are treated as the two game parties in the VMI‐N‐IDS model .Utility functions of the two parties are supported ,and it is proved that the game model is a non‐cooperative and repeated game of incomplete information , and the subgame perfect Nash equilibrium is existent .Finally ,the optimal defense strategy is proposed ,w hich is the tradeoff between the false alarm rate and the malicious software size control ,for solving the problem of dynamical adjustment strategy of internal intrude detection .The best strategy for the stages of IDS is to increase the threshold value βw hen the mathematical expectation of the suspicious value is greater than the load of server resources ,and to reduce such value conversely .Experimental result show s that the proposed method can effectively defense the internal DDoS attack threat in the cloud environment .
