Design of Software Defined Intrusion Detection System in Cloud

doi:10.3969/j.issn.1671-1122.2015.09.043

Abstract

Abstract:

The technology of cloud computing has received the attention of academia and industry in the development of the last ten years, but the security problem restricts its development. Towards the security issues faced by the cloud, the cloud often use a variety of security means the combination of solutions to ensure its security. In these security measures, intrusion detection system (IDS) is an important and indispensable link in cloud security solutions. In this paper, towards to the cloud platform which used software defined network (SDN), and the intrusion detection system deployed on it. We analysis the issues the IDS faced and conclude the correspond solutions, put forward the design goal of the IDS, and designed a software defined IDS based on SDN. The system has robustness, it can save the cloud resource consumption, and after the virtual machine migration, it’s still under the protection of the IDS, finally realize the important modules of the system.

Key words: cloud computing, intrusion detection system, software defined network

CLC Number:

TP309

Yi-zhou ZHOU, Bin WANG, Xiao-quan XIE. Design of Software Defined Intrusion Detection System in Cloud[J]. Netinfo Security, 2015, 15(9): 191-195.

Figures/Tables 6

References 14

[1]	唐春明,郑晓龙. 云计算中一种对大群组用户的隐私保护公共审计方案[J]. 信息网络安全,2015,(2):19-25.
[2]	左青云,陈鸣,赵广松等. 基于OpenFlow的SDN技术研究[J]. 软件学报,2013,24(5):1076-1097.
[3]	左青云,张海粟. 基于OpenFlow的SDN网络安全分析与研究[J]. 信息网络安全,2015,(2):26-32.
[4]	陈驰,于晶等. 云计算安全体系(信息安全国家重点实验室信息安全丛书)[M]. 北京:科学出版社,2014.
[5]	WINKLER V.云计算安全架构、战略、标准与运营[M]. 北京:机械工业出版社,2012.
[6]	戚名钰,刘铭,傅彦铭. 基于PCA的SVM网络入侵检测研究[J]. 信息网络安全,2015,(2):15-18.
[7]	熊海泉,刘志勇,徐卫志. VMM中Guest OS非陷入系统调用指令截获与识别[J]. 计算机研究与发展,2014,51(10):2348-2359.
[8]	崔竞松,郭迟,陈龙. 创建软件定义网络中的进程级纵深防御体系结构[J]. 软件学报,2014,(10):2251-2265.
[9]	SAHBA S.Towards migrating security policies along with virtual machine in cloud[D]. Montreal: Concordia University, 2013.
[10]	孙玉伟,童新海,张林惠,等. 云桌面中USB设备重定向技术研究[J]. 信息网络安全,2015,(4):78-85.
[11]	虚拟化与云计算小组. 虚拟化与云计算[M]. 北京:电子工业出版社,2009.
[12]	任永杰,单海涛. KVM虚拟化技术实战与原理解析[M]. 北京:机械工业出版社,2013.
[13]	周国安,李强,陈新,等. 云环境下海量小文件存储技术研究综述[J]. 信息网络安全,2014,(6):11-17.
[14]	马恒太,蒋建春,陈伟锋,等. 基于Agent的分布式入侵检测系统模型[J]. 软件学报,2000,11(10):1312-1319.

[1]	Yuan LIU, Wei QIAO. Research and Optimization of Container Network Based on Kubernetes Cluster System in Cloud Environment [J]. Netinfo Security, 2020, 20(3): 36-44.
[2]	Jiameng BAI, Yingshuai KOU, Zeyi LIU, Daren ZHA. Docker-based RBAC Task Management System [J]. Netinfo Security, 2020, 20(1): 75-82.
[3]	Liangqin REN, Wei WANG, Qiongxiao WANG, Linli LU. A New Cloud Cryptographic Computing Platform Architecture and Implementation [J]. Netinfo Security, 2019, 19(9): 91-95.
[4]	Yi YU, Liangshuang LV, Xiaojian LI, Tianbo WANG. Dynamic Network Topology Description Language for Mobile Cloud Computing Scenario [J]. Netinfo Security, 2019, 19(9): 120-124.
[5]	Zixuan WANG, Liangshuang LV, Xiaojian LI, Tianbo WANG. A Shared Storage-based Virtual Machine Application Distribution Strategy for OpenStack [J]. Netinfo Security, 2019, 19(9): 125-129.
[6]	Yanpeng CUI, Luming FENG, Zheng YAN, Huaqing LIN. Research on Software Security Model of Cloud Computing Based on Program Slicing Technology [J]. Netinfo Security, 2019, 19(7): 31-41.
[7]	Xinrui GE, Wei CUI, Rong HAO, Jia YU. Verifiable Keywords Ranked Search Scheme over Encrypted Cloud Data [J]. Netinfo Security, 2019, 19(7): 82-89.
[8]	Chunqi TIAN, Jing LI, Wei WANG, Liqing ZHANG. A Method for Improving the Performance of Spark on Container Cluster Based on Machine Learning [J]. Netinfo Security, 2019, 19(4): 11-19.
[9]	Pu ZHAO, Wei CUI, Rong HAO, Jia YU. A Secure Outsourcing Computation Scheme for El-Gamal Signature Generation [J]. Netinfo Security, 2019, 19(3): 81-86.
[10]	Zhenfeng ZHANG, Zhiwen ZHANG, Ruichao WANG. Model of Cloud Computing Security and Compliance Capability for Classified Protection of Cybersecurity 2.0 [J]. Netinfo Security, 2019, 19(11): 1-7.
[11]	Xinyang FENG, Jianjing SHEN. A Yarn and NMF Based Big Data Clustering Algorithm [J]. Netinfo Security, 2018, 18(8): 43-49.
[12]	Yuan TAO, Tao HUANG, Mohan ZHANG, Shuilin LI. Research and Development Trend Analysis of Key Technologies for Cyberspace Security Situation Awareness [J]. Netinfo Security, 2018, 18(8): 79-85.
[13]	Qi ZHANG, Xijun LIN, Haipeng QU. Identity-based Encryption Scheme Support Authorization Equality Test in Cloud Environment [J]. Netinfo Security, 2018, 18(6): 52-60.
[14]	Jianbiao ZHANG, Shisong YANG, Shanshan TU, Xiao WANG. Research on vTPCM Trust Management Technology for Cloud Computing Environment [J]. Netinfo Security, 2018, 18(4): 9-14.
[15]	Yan CHEN, Jianyong GE, Jing LAI, Zhen LU. Security System of the Information System in the Cloud [J]. Netinfo Security, 2018, 18(4): 79-86.