高级检索

    一种基于软件定义安全和云取证趋势分析的云取证方法

    A Cloud Forensics Method Based on SDS and Cloud Forensics Trend Analysis

    • 摘要: 随着云计算的发展与普及,云计算环境下的安全问题日益突出.云取证技术作为事后追责与惩治技术手段,对维护云计算环境安全具有重大意义.云取证技术研究发展尚处于早期,云取证面临电子证据不完整、取证开销较大、取证过程智能化不足等难题.为缓解这些问题,提出一种基于软件定义安全(software defined security, SDS)和云取证趋势分析的智能云取证方法.首先,提出一种基于软件定义安全的云取证架构,实现云网络与云计算平台协同实时取证.其次,提出基于隐Markov模型的云取证趋势分析算法,实现云取证架构中的智能取证策略决策和智能取证资源调度.实验结果表明:相较于单独的网络取证与云计算平台取证,该方法取证能力提高至91.6%,而取证开销则介于两者之间.该方法对云服务商提供云取证服务具有广泛的借鉴意义.

       

      Abstract: With the development and popularization of cloud computing, the security situation of cloud computing environment is getting worse. Cloud forensics is of great significance for safeguarding the cloud computing security. The current cloud forensics technology research is at an early stage, and cloud forensics is faced with problems such as lack of digital evidence integrity, high forensics overhead and low intelligence. Therefore, an intelligent cloud forensics method based on SDS (software defined security) and cloud forensics trend analysis is proposed to mitigate some of these problems. Firstly, a cloud forensics architecture based on software defined security is proposed to realize collaborative real-time forensics between cloud network and cloud computing platform. Secondly, a cloud forensics trend analysis algorithm based on the HMM (hidden Markov model) is proposed to realize intelligent forensics strategy decision-making and forensics resource scheduling in the cloud forensics architecture. The experimental results show that, compared with the separate network forensics method and cloud computing platform forensics method, the forensics capacity of this method increases to 91.6%, and the forensics overhead of this method is in between, achieving a better effect between forensics capability and forensics overhead. This method has some referential significance for cloud service providers to provide cloud forensics service.

       

    /

    返回文章
    返回