一個在雲端環境上的二階段入侵偵測合作機制

Abstract

隨著雲端環境運算的進步，有許多相關的議題被熱烈討論，資訊安全是其中一項重要課題。本論文將專注於入侵攻擊的防範，並探討如何運用已建構在雲端中多個入侵偵測系統，使它們彼此合作成為一個可行方案。一個兩階段的合作機制被提出來加強雲端安全。第一階段是建構信譽管理模型，此模型被設計用來建立入侵偵測系統之間的信賴關係。它是由三個步驟的方法所構成，分別是傳送驗證訊息，鼓勵回應以及考慮信譽的遞移性。第二階段是協同合作，是利用系統之間彼此的信賴關係，來加強合作的品質；而這些信賴關係是在第一階段中被建立完成。第二階段有兩種協同合作方法，分別是警報關聯整合與攻擊徵狀的分享。入侵偵測系統能夠藉由系統間分享彼此的資訊，顯著的提升偵測的效能。最後，透過模擬結果分析，本機制在偵測系統對攻擊最敏感的情況下，平均偵測準確度98%，明顯高於不合作的情況(88%)或是其他學者提出的合作機制(90%)。

With the advent of cloud computing, a number of issues are discussed and among them, security is an important one. This thesis concentrates on intrusion detection. It studies how to apply the intrusion detection systems (IDS) in cloud and makes them cooperate with each other to provide a more secure solution. A two-phase collaborative mechanism is proposed to enhance the security in cloud. The first phase is constructing the trust management model. Such model is designed to establish the trustworthiness relationships between each IDS. It is contributed by three steps, sending test messages, encouraging replying, and considering the transitivity of trust. The second phase is collaborating. The trustworthiness between each system, derived at first phase, is used to strengthen the quality of collaboration. There are two ways to collaborate, alert correlation and symptoms sharing. An IDS can increase the performance obviously by sharing the information with each other. Eventually, with analyzing the simulation results, the average detection accuracy of IDSs in the proposed mechanism is 98% when the IDSs are sensitive to attacks. It is higher than the non-cooperation (88%) and the other proposal (90%).