摘要
Internet security problems remain a major challenge with many security concerns such as Internet worms, spam, and phishing attacks. Botnets, well-organized distributed network attacks, consist of a large number of bots that generate huge volumes of spam or launch Distributed Denial of Service (DDoS) attacks on victim hosts. New emerging botnet attacks degrade the status of Internet security further. To address these problems, a practical collaborative network security management system is proposed with an effective collaborative Unified Threat Management (UTM) and traffic probers. A distributed security overlay network with a centralized security center leverages a peer-to-peer communication protocol used in the UTMs collaborative module and connects them virtually to exchange network events and security rules. Security functions for the UTM are retrofitted to share security rules. In this paper, we propose a design and implementation of a cloud-based security center for network security forensic analysis. We propose using cloud storage to keep collected traffic data and then processing it with cloud computing platforms to find the malicious attacks. As a practical example, phishing attack forensic analysis is presented and the required computing and storage resources are evaluated based on real trace data. The cloud- based security center can instruct each collaborative UTM and prober to collect events and raw traffic, send them back for deep analysis, and generate new security rules. These new security rules are enforced by collaborative UTM and the feedback events of such rules are returned to the security center. By this type of close-loop control, the collaborative network security management system can identify and address new distributed attacks more quickly and effectively.
Internet security problems remain a major challenge with many security concerns such as Internet worms, spam, and phishing attacks. Botnets, well-organized distributed network attacks, consist of a large number of bots that generate huge volumes of spam or launch Distributed Denial of Service (DDoS) attacks on victim hosts. New emerging botnet attacks degrade the status of Internet security further. To address these problems, a practical collaborative network security management system is proposed with an effective collaborative Unified Threat Management (UTM) and traffic probers. A distributed security overlay network with a centralized security center leverages a peer-to-peer communication protocol used in the UTMs collaborative module and connects them virtually to exchange network events and security rules. Security functions for the UTM are retrofitted to share security rules. In this paper, we propose a design and implementation of a cloud-based security center for network security forensic analysis. We propose using cloud storage to keep collected traffic data and then processing it with cloud computing platforms to find the malicious attacks. As a practical example, phishing attack forensic analysis is presented and the required computing and storage resources are evaluated based on real trace data. The cloud- based security center can instruct each collaborative UTM and prober to collect events and raw traffic, send them back for deep analysis, and generate new security rules. These new security rules are enforced by collaborative UTM and the feedback events of such rules are returned to the security center. By this type of close-loop control, the collaborative network security management system can identify and address new distributed attacks more quickly and effectively.
基金
supported by the National Key Basic Research and Development (973) Program of China(Nos.2011CB302805,2011CB302505,2012CB315801,and2013CB228206)
the National Natural Science Foundation of China(No.61233016)
supported by Intel Research Councils UPO program with the title of Security Vulnerability Analysis Based on Cloud Platform
作者简介
Zhen Chen is an associate professor in Research Institute of Intbrmation Technology at Tsinghua University. He received his BEng and PhD degrees fi'om Xidian University in 1998 and 2004. He works as postdoctoral research in Network Institute of Department of Computer Science and Technology in TsinghuaUniversity during 2004 to 2006. He is also a visiting scholar in UC Berkeley ICSI in 2006. His research interests include overlay networking architecture, Internet security, P2P systems and Trusted Computing. He has published around 60 academic papers.Fuye Han is a master student in Department of Computer Science and Technology in Tsinghua University. He graduated fiom PLA Information Engineering University in 2008, major in Information Engineering. His research interests include botnet, traffic archiving and other network security issues. Hejoined the Cloud Computing and loT lab in 2010.Junwei Cao is currently Professor ant Deputy Director of Research Institute of hlformation Technology, Tsinghu University, China. He is also Director ol Open Platform and Technology Division Tsinghua National Laboratory fol Information Science and Technology. Hi. research is focused on advanced computintechnology and applications Junwei Cao was a Research Before joining Tsinghua in 2006, Scientist of Massachusetts Institute of Technology, USA. Before that he worked as a research staff" member of NEC Europe Ltd., Germany. Junwei Cao got his PhD in computer science from University of Warwick, UK, in 2001. He got his MEng and BEng degrees from Tsinghua University in 1998 and 1996, respectively. Junwei Cao has published over 130 academic papers and books, cited by international researchers for over 3000 times. Junwei Cao is a Senior Member of the IEEE Computer Society and a Member of the ACM and CCEXin Jiang is working as computer security researcher. He received the PhD degree in Computer Science from Institute of Computer Network of Department of Computer Science and Technology in Tsinghua University in 2010. He got BEng degree in PLA Univ. of Sci. & Tech in 1998. His main research interests includecomputer network security, performance evaluation, and wireless networks.Shuo Chen is a master student supervised by Prof. Junwei Cao from Department of Automation. He got BEng degree in Tsinghua University, Beijing, China, in 2012. His research interests include distributed computing and content centric networking.
