面向云环境内部DDoS攻击检测的博弈论优化  被引量：14

作　　者：王一川[1,2] 马建峰[2] 卢笛[2] 张留美[2] 孟宪佳[2] 

机构地区：[1]西安理工大学计算机科学与工程学院,西安710048 [2]西安电子科技大学计算机学院,西安710071

出　　处：《计算机研究与发展》2015年第8期1873-1882,共10页Journal of Computer Research and Development

基　　金：国家科技重大专项基金项目(2012ZX03002003);中央高校基本科研业务费专项资金项目(JY10000903001);西安理工大学博士启动金基金项目(112-256081504)

摘　　要：结合传统基于虚拟机内省(virtual machine introspection-based,VMI)和基于网络(networkbased)入侵检测系统(intrusion detection system,IDS)的特点,提出一种部署在云服务器集群内部的协同入侵检测系统(virtual machine introspection&network-based IDS,VMI-N-IDS)来抵御云环境内部分布式拒绝服务攻击(distributed denial of service,DDoS)攻击威胁,比如"云滴冻结"攻击.将入侵检测系统和攻击者看作是博弈的双方,提出一种针对云服务器集群内部DDoS攻击与检测的博弈论模型;分别给出博弈双方的效用函数,并证明了该模型子博弈精炼纳什均衡;给出了权衡误报率和恶意软件规模控制的最佳防御策略,解决了动态调整云环境内部入侵检测策略的问题.实验表明,VMI-N-IDS能够有效抵御云环境内部DDoS攻击威胁.A collaborative intrusion detection system （IDS） model, entitled virtual machine introspection network-based IDS （VMI-N-IDS） is proposed, which is based on traditional introspection-based IDS and network-based IDS, for the defense of internal distributed denial of service （DDoS） attack threat of cloud cluster （e. g. cloud droplets freezing, CDF Attack）. The CDF attack can exhaust the internal bandwidth of the cluster, the CPU and the memory resources of physical servers. Based on the game theory, IDS and attacker are treated as the two game parties in the VMI-N-IDS model. Utility functions of the two parties are supported, and it is proved that the game model is a non-cooperative and repeated game of incomplete information, and the subgame perfect Nash equilibrium is existent. Finally, the optimal defense strategy is proposed, which is the tradeoff between the false alarm rate and the malicious software size control, for solving the problem of dynamical adjustment strategy of internal intrude detection. The best strategy for the stages of IDS is to increase the threshold value β when the mathematical expectation of the suspicious value is greater than the load of server resources, and to reduce such value conversely. Experimental result shows that the proposed method can effectively defense the internal DDoS attack threat in the cloud environment.

关 键 词：云计算 网络安全 入侵检测 DDOS攻击 博弈论 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]