安全监控虚拟云安全网络架构研究
|
摘要
安全云(Security as a Service) 以云计算和云网络为基础,安全能力池化将能有效支撑规模化的网络控制。智能安全监控专网的规模和服务扩展需要解决专网和公网的有效融合、合理的划分安全边界以及异构数据安全共享等难题,安全云具有分布式、按需分配、即插即用、海量支撑等优势,将为建设智能安全监控专网提供很好的参考架构。文章针对安全生产应急救援信息化建设的现状,首先分析了可信网络、SDN安全、区块链以及态势感知与监控专网的可行性关系以及推广适用的潜在问题。然后提出一种新的安全监控虚拟云安全网络架构,定义智能安全监控专网的安全云服务模型CMRP(Control, Monitor, Response and Protection)。构建基于灰色隧道的动态可扩展虚拟私有云,为智能安全监控专网的延伸和扩容提供安全防护,形成安全的虚拟边界。利用区块链技术,实现异构数据的有效安全传输加密。最后通过实例测试,验证新架构能够保证智能安全监控专网的攻击成功检测率能够保持在90%以上,且不依赖于前期攻击特征的学习,提升了安全接入和数据传输性能。
Based on cloud computing and network, Sa S(Security as a Service)has provided with a cloud security ability for network control. Smart security monitoring private network has to expand the scale of services for solving the fuse of network, safe security bound and the share of data. As cloud network with distributed, on demand, plug and play, and massive support and other advantages, it provides a good reference for the construction of smart security monitoring network architecture.According to the current construction of emergency rescue information safety, we first analyzes the trusted network, SDN security, block link and situation awareness. Then a new framework based on virtual cloud network for monitoring safe production is proposed. The model of service security cloud is defined. Grey tunnel and block chain are exploited to construct virtual private cloud to improve security.The simulations in OPNET verify that the new architecture can guarantee the successful attack detection rate of intelligent security monitoring network can be maintained at more than 90%, without depending on the learning of former attack features. Those can ensure the performance enhancement of data access and data transmission.
Based on cloud computing and network, Sa S(Security as a Service)has provided with a cloud security ability for network control. Smart security monitoring private network has to expand the scale of services for solving the fuse of network, safe security bound and the share of data. As cloud network with distributed, on demand, plug and play, and massive support and other advantages, it provides a good reference for the construction of smart security monitoring network architecture.According to the current construction of emergency rescue information safety, we first analyzes the trusted network, SDN security, block link and situation awareness. Then a new framework based on virtual cloud network for monitoring safe production is proposed. The model of service security cloud is defined. Grey tunnel and block chain are exploited to construct virtual private cloud to improve security.The simulations in OPNET verify that the new architecture can guarantee the successful attack detection rate of intelligent security monitoring network can be maintained at more than 90%, without depending on the learning of former attack features. Those can ensure the performance enhancement of data access and data transmission.
引文
[1]ORMAN H.Both Sides Now:Thinking about Cloud Security[J].IEEE Internet Computing,2016,20(1):83-87.
[2]傅颖勋,罗圣美,舒继武.安全云存储系统与关键技术综述[J].计算机研究与发展,2013(1):136-145.
[3]陆昆仑.安全云服务的发展趋势和背后的关键能力分析[J].信息安全研究,2016(6):568-572.
[4]杨灿.基于P2DR模型的策略模式分析[J].信息网络安全,2010(6):54-55.
[5]RAWAT D,REDDY S.Software Defined Networking Architecture,Security and Energy Efficiency:A Survey[J].IEEE Communications Surveys&Tutorials,2016,19(1):325-346.
[6]吴琨.可信网络访问控制关键技术研究[D].北京:北京邮电大学,2012.
[7]张焕国,陈璐,张立强.可信网络连接研究[J].计算机学报,2010(4):706-717.
[8]李小勇,桂小林.可信网络中基于多维决策属性的信任量化模型[J].计算机学报,2009(3):405-416.
[9]左青云,张海粟.基于Open Flow的SDN网络安全分析与研究[J].信息网络安全,2015(2):26-32.
[10]何龚敏.SDN安全态势评估系统[D].西安:西安电子科技大学,2014.
[11]齐忠厚,谢旭东,张乃斌.浅议SDN发展对网络安全的影响[J].信息网络安全,2014(9):95-97.
[12]谢辉,王健.区块链技术及其应用研究[J].信息网络安全,2016(9):192-195.
[13]袁勇,王飞跃.区块链技术发展现状与展望[J].自动化学报,2016(4):481-494.
[14]谢丽霞,王亚超.网络安全态势感知新方法[J].北京邮电大学学报,2014(5):31-35.
[15]席荣荣,云晓春,金舒原,等.网络安全态势感知研究综述[J].计算机应用,2012(1):1-4+59.
[16]何蕾.基于改进PDRR模型的电力企业网络安全模型研究[D].北京:华北电力大学,2015.
[17]周娜.行业专网建设方案的研究[D].北京:北京邮电大学,2012.
[18]王刚.一种基于SDN技术的多区域安全云计算架构研究[J].信息网络安全,2015(9):20-24.
[19]毛小玲,张朋柱.基于MPLS VPN构建跨域电子政务专网方案研究与设计[J].重庆邮电大学学报(自然科学版),2009(3):407-410,431.
[20]刘占霞,王景丽,金雅飞,等.我国公共安全集群通信专网发展建议[J].现代电信科技,2014(6):1-8.
[2]傅颖勋,罗圣美,舒继武.安全云存储系统与关键技术综述[J].计算机研究与发展,2013(1):136-145.
[3]陆昆仑.安全云服务的发展趋势和背后的关键能力分析[J].信息安全研究,2016(6):568-572.
[4]杨灿.基于P2DR模型的策略模式分析[J].信息网络安全,2010(6):54-55.
[5]RAWAT D,REDDY S.Software Defined Networking Architecture,Security and Energy Efficiency:A Survey[J].IEEE Communications Surveys&Tutorials,2016,19(1):325-346.
[6]吴琨.可信网络访问控制关键技术研究[D].北京:北京邮电大学,2012.
[7]张焕国,陈璐,张立强.可信网络连接研究[J].计算机学报,2010(4):706-717.
[8]李小勇,桂小林.可信网络中基于多维决策属性的信任量化模型[J].计算机学报,2009(3):405-416.
[9]左青云,张海粟.基于Open Flow的SDN网络安全分析与研究[J].信息网络安全,2015(2):26-32.
[10]何龚敏.SDN安全态势评估系统[D].西安:西安电子科技大学,2014.
[11]齐忠厚,谢旭东,张乃斌.浅议SDN发展对网络安全的影响[J].信息网络安全,2014(9):95-97.
[12]谢辉,王健.区块链技术及其应用研究[J].信息网络安全,2016(9):192-195.
[13]袁勇,王飞跃.区块链技术发展现状与展望[J].自动化学报,2016(4):481-494.
[14]谢丽霞,王亚超.网络安全态势感知新方法[J].北京邮电大学学报,2014(5):31-35.
[15]席荣荣,云晓春,金舒原,等.网络安全态势感知研究综述[J].计算机应用,2012(1):1-4+59.
[16]何蕾.基于改进PDRR模型的电力企业网络安全模型研究[D].北京:华北电力大学,2015.
[17]周娜.行业专网建设方案的研究[D].北京:北京邮电大学,2012.
[18]王刚.一种基于SDN技术的多区域安全云计算架构研究[J].信息网络安全,2015(9):20-24.
[19]毛小玲,张朋柱.基于MPLS VPN构建跨域电子政务专网方案研究与设计[J].重庆邮电大学学报(自然科学版),2009(3):407-410,431.
[20]刘占霞,王景丽,金雅飞,等.我国公共安全集群通信专网发展建议[J].现代电信科技,2014(6):1-8.