一种基于软件定义安全和云取证趋势分析的云取证方法  被引量：9

作　　者：刘雪花[1,2] 丁丽萍 刘文懋[5] 郑涛 李彦峰[1,2] 吴敬征 Liu Xuehua;Ding Liping;Liu Wenmao;Zheng Tao;Li Yanfeng;Wu Jingzheng(Laboratory of Parallel Software and Computational Science,Institute of Software,Chinese Academy of Sciences,Beijing 100190;School of Computer Science and Technology,University of Chinese Academy of Sciences,Beijing 100049;Digital Forensics Laboratory,Institute of Software Application Technology,Guangzhou and Chinese Academy of Sciences,Guangzhou 511458;Guangdong Chinese Academy of Sciences&Realdata Science and Technology Company Limited,Guangzhou 511458;NSFOCUS Information Technology Company Limited,Beijing 100089;China United Network Communications Corporation Limited,Beijing 100033;Intelligent Software Research Center,Institute of Software,Chinese Academy of Sciences,Beijing 100190)

机构地区：[1]中国科学院软件研究所并行软件与计算科学实验室,北京100190 [2]中国科学院大学计算机科学与技术学院,北京100049 [3]广州中国科学院软件应用技术研究所电子数据取证实验室,广州511458 [4]广东中科实数科技有限公司,广州511458 [5]北京神州绿盟信息安全科技股份有限公司,北京100089 [6]中国联合网络通信有限公司,北京100033 [7]中国科学院软件研究所智能软件研究中心,北京100190

出　　处：《计算机研究与发展》2019年第10期2262-2276,共15页Journal of Computer Research and Development

基　　金：江西省经济犯罪侦查与防控技术协同创新中心开放基金资助课题（JXJZXTCX-007,JXJZXTCX-009）;国家重点研发计划项目（2016QY01W0200）;广州市科技计划项目（201802020015）;羊城创新创业领军人才支持计划资助（领军人才2016008)~~

摘　　要：随着云计算的发展与普及,云计算环境下的安全问题日益突出.云取证技术作为事后追责与惩治技术手段,对维护云计算环境安全具有重大意义.云取证技术研究发展尚处于早期,云取证面临电子证据不完整、取证开销较大、取证过程智能化不足等难题.为缓解这些问题,提出一种基于软件定义安全(software defined security,SDS)和云取证趋势分析的智能云取证方法.首先,提出一种基于软件定义安全的云取证架构,实现云网络与云计算平台协同实时取证.其次,提出基于隐Markov模型的云取证趋势分析算法,实现云取证架构中的智能取证策略决策和智能取证资源调度.实验结果表明:相较于单独的网络取证与云计算平台取证,该方法取证能力提高至91.6%,而取证开销则介于两者之间.该方法对云服务商提供云取证服务具有广泛的借鉴意义.With the development and popularization of cloud computing,the security situation of cloud computing environment is getting worse.Cloud forensics is of great significance for safeguarding the cloud computing security.The current cloud forensics technology research is at an early stage,and cloud forensics is faced with problems such as lack of digital evidence integrity,high forensics overhead and low intelligence.Therefore,an intelligent cloud forensics method based on SDS(software defined security)and cloud forensics trend analysis is proposed to mitigate some of these problems.Firstly,a cloud forensics architecture based on software defined security is proposed to realize collaborative real-time forensics between cloud network and cloud computing platform.Secondly,a cloud forensics trend analysis algorithm based on the HMM(hidden Markov model)is proposed to realize intelligent forensics strategy decision-making and forensics resource scheduling in the cloud forensics architecture.The experimental results show that,compared with the separate network forensics method and cloud computing platform forensics method,the forensics capacity of this method increases to 91.6%,and the forensics overhead of this method is in between,achieving a better effect between forensics capability and forensics overhead.This method has some referential significance for cloud service providers to provide cloud forensics service.

关 键 词：云计算 云取证 电子数据取证 软件定义安全 隐MARKOV模型 云取证趋势 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]