摘要
为提高通信防火墙攻击捕获的有效性,提出基于可信赖云计算的通信防火墙攻击捕获系统。系统硬件设计过滤器、内核防火墙和捕获器,过滤器执行数据分流过滤,内核防火墙执行iptables命令和ebtables命令完成信息匹配,捕获器对5种虚拟路径进行分析,完成信息捕获。可信赖云计算软件设计,构建不同数据包的概率密度函数,判读数据是否为攻击信息。实验结果表明,所设计系统能够保证计算密集型任务的执行成功率达到90%以上,降低计算过程的收敛程度。
In order to improve the effectiveness of communication firewall attack capture,a communication firewall attack capture system based on trusted cloud computing is proposed.The hardware design of the system includes a filter,a kernel firewall and a catcher.The filter performs data streaming filtering,and the kernel firewall performs iptables command and ebtables command to complete information matching.Besides,the catcher analyzes five virtual paths to complete information capturing.The design of the trusted cloud computing software includes building the probability density function of different data packets to judge whether the data is the attack information.The experiment results show that the designed system can ensure the success rate of computing-intensive tasks to reach more than 90%,and reduce the convergence degree of computing process.
作者
李炜
LI Wei(Information Center,Renmin Hospital of Wuhan University,Wuhan 430060,China)
出处
《信息技术》
2024年第3期134-139,共6页
Information Technology
关键词
可信赖云计算
通信防火墙
防火墙攻击
攻击捕获
捕获系统
trusted cloud computing
communication firewall
firewall attack
attack capture
capture system