Cloud computing is facing severe safety challenges because of its open operation environment.Traditional instruction detection system (IDS)can no longer fully adapt to new computing network environment,such as cloud computing.In view of that the end-user’s credibility has significant impact on the credibility of virtual machine,we present a user abnormal level-based dynamic configuration strategy of defense levels for virtual machines by making use of the credibility mechanism of dynamic behaviour and the idea of social trust.First,the strategy uses sliding window-based behaviour assessment mechanism to assess user’s behaviour,then based on the assessment result it divides the virtual machine the user located into different safety level domains.At last,it realises the dynamic configuration of safety levels of virtual machine through domain division rules chain,which greatly improves the efficiency of IDS.Simulation experiment shows that the proposed multi-level defense mechanism has good reliability.%云计算环境下,开放的运行环境使其面临重大的安全挑战,传统的入侵检测系统已经不能完全适合云计算等新型计算网络环境。鉴于终端用户的可信性对虚拟机可信性的影响,利用动态的行为可信性机制和社会信任的思想,提出一种基于用户异常等级的虚拟机防御等级动态配置策略。首先,利用滑动窗口行为评估机制评估用户行为,然后根据评估结果将用户所在的虚拟机划分为不同安全等级域,最后,通过分域规则链机制实现虚拟机安全等级的动态配置,有效提高入侵检测系统的效率。模拟实验表明,提出的多等级的防御机制具有良好的可靠性。
展开▼
