信息网络安全

信息网络安全 ›› 2017, Vol. 17 ›› Issue (3): 14-20.doi: 10.3969/j.issn.1671-1122.2017.03.003

• • 上一篇    下一篇

安全监控虚拟云安全网络架构研究

门红1(), 姚顺利2   

  1. 1.国家安全生产应急救援指挥中心技术装备部 ,北京100713
    2.清华大学公共安全研究院,北京100084
  • 收稿日期:2016-11-15 出版日期:2017-03-20 发布日期:2020-05-12
  • 作者简介:

    作者简介:门红(1967—),女,河南,高级工程师,硕士,主要研究方向为安全生产应急救援指挥;姚顺利(1985—),男,河北,助理研究员,博士,主要研究方向为公共安全管理研究。

  • 基金资助:
    科技部“十二五”科技支撑项目[2015BAK10B00];国家安全总局安全生产现场应急联动与智能决策系统专项[CCTC30151790]

Research on a Framework Based on Virtual Cloud Network for Monitoring Safe Production

Hong MEN1(), Shunli YAO2   

  1. 1.Department of Technical Equipment, National Administration for Work Safety Emergency Response, Beijing 100713, China
    2.Institute of public safety, Tsinghua University, Beijing 100084, China
  • Received:2016-11-15 Online:2017-03-20 Published:2020-05-12

RichHTML

2

PDF (PC)

329

摘要:

安全云(Security as a Service) 以云计算和云网络为基础,安全能力池化将能有效支撑规模化的网络控制。智能安全监控专网的规模和服务扩展需要解决专网和公网的有效融合、合理的划分安全边界以及异构数据安全共享等难题,安全云具有分布式、按需分配、即插即用、海量支撑等优势,将为建设智能安全监控专网提供很好的参考架构。文章针对安全生产应急救援信息化建设的现状,首先分析了可信网络、SDN安全、区块链以及态势感知与监控专网的可行性关系以及推广适用的潜在问题。然后提出一种新的安全监控虚拟云安全网络架构,定义智能安全监控专网的安全云服务模型CMRP(Control, Monitor, Response and Protection)。构建基于灰色隧道的动态可扩展虚拟私有云,为智能安全监控专网的延伸和扩容提供安全防护,形成安全的虚拟边界。利用区块链技术,实现异构数据的有效安全传输加密。最后通过实例测试,验证新架构能够保证智能安全监控专网的攻击成功检测率能够保持在90%以上,且不依赖于前期攻击特征的学习,提升了安全接入和数据传输性能。

关键词: 安全云, 智能安全监控, SDN, 网络安全

Abstract:

Based on cloud computing and network, SaS(Security as a Service)has provided with a cloud security ability for network control. Smart security monitoring private network has to expand the scale of services for solving the fuse of network, safe security bound and the share of data. As cloud network with distributed, on demand, plug and play, and massive support and other advantages, it provides a good reference for the construction of smart security monitoring network architecture.According to the current construction of emergency rescue information safety, we first analyzes the trusted network, SDN security, block link and situation awareness. Then a new framework based on virtual cloud network for monitoring safe production is proposed. The model of service security cloud is defined. Grey tunnel and block chain are exploited to construct virtual private cloud to improve security.The simulations in OPNET verify that the new architecture can guarantee the successful attack detection rate of intelligent security monitoring network can be maintained at more than 90%, without depending on the learning of former attack features. Those can ensure the performance enhancement of data access and data transmission.

Key words: security as a service, smart security monitoring, SDN, network security

中图分类号: