CN102891864A

CN102891864A - Method for acquiring and analyzing credible data of cloud resources based on distributed Agent

Info

Publication number: CN102891864A
Application number: CN2011102004215A
Authority: CN
Inventors: 李小勇; 陈诚
Original assignee: Beijing University of Posts and Telecommunications
Current assignee: Beijing University of Posts and Telecommunications
Priority date: 2011-07-18
Filing date: 2011-07-18
Publication date: 2013-01-23

Abstract

The present invention proposes a method for obtaining and analyzing trusted data of cloud resources based on distributed agents. When calculating the overall credibility of cloud resources, the distributed agent technology is used to dynamically monitor the service process of cloud computing, and the monitored The obtained context data is used as an important basis for credibility evaluation, which can make the evaluation results more dynamic and real-time, so that the evaluation results are more impressive and credible. The implementation scheme is divided into two levels, the calculation agent layer and the monitoring agent layer. The monitoring proxy layer is responsible for the monitoring of raw data, and the computing proxy layer is responsible for data preprocessing, so that the two layers can work in parallel, greatly improving the execution efficiency of the system.

Description

A Distributed Agent-Based Acquisition and Analysis Method of Cloud Resource Trusted Data

技术领域 technical field

本发明属于分布式计算领域，具体涉及集成多种技术，如云计算技术、分布式代理(Agent)技术、网络监控技术等，实现面向云资源可信度评估的一种数据获取与分析方法。The invention belongs to the field of distributed computing, and specifically relates to integrating various technologies, such as cloud computing technology, distributed agent (Agent) technology, network monitoring technology, etc., to realize a data acquisition and analysis method for cloud resource credibility evaluation.

背景技术 Background technique

云计算是分布式处理、并行处理和网格计算的发展，或者说是这些计算机科学概念的商业实现。云计算同时也是计算机资源公共化在商业模型上一个重要革新。通过云计算，用户将从繁重，复杂，易错的计算机资源管理中解放出来，而只需关注业务逻辑。这种业务逻辑与计算资源的分离将大大地降低企业信息化的复杂度。更重要的是，云计算带来的服务整合与按需供给将大大提高当前计算资源的利用率，降低服务的能耗量，并且有效屏弊计算资源的出错问题。Cloud computing is the development of distributed processing, parallel processing and grid computing, or the commercial implementation of these computer science concepts. Cloud computing is also an important innovation in the business model of computer resource sharing. Through cloud computing, users will be freed from heavy, complex, and error-prone computer resource management, and only need to focus on business logic. This separation of business logic and computing resources will greatly reduce the complexity of enterprise informatization. More importantly, the service integration and on-demand supply brought by cloud computing will greatly improve the utilization rate of current computing resources, reduce the energy consumption of services, and effectively prevent errors in computing resources.

为什么用户可把最敏感的数据交给云服务中心去管理？就是建立在大众用户对云计算服务信任的基础之上的，因此，可信问题是云计算赖以生存的基石。Why can users hand over the most sensitive data to the cloud service center for management? It is based on the trust of public users in cloud computing services. Therefore, the issue of credibility is the cornerstone of cloud computing.

在云计算环境里，由于虚拟化技术的使用，云服务提供商的资源和用户的管理方式是开放的，完全分布式的。由于商业利润的驱使，云服务(资源)会存在一些欺诈行为，影响云平台上运行的应用程序。另外由于完全开放的计算环境，在没有权威的管理中心可以监管的情况下，会存在一些自私的服务提供商，提供一些不实资源信息，扰乱整个云系统的运行。同时，面向用户的多样性需求，用户申请的服务有可能需要多个云资源之间进行协作，而进行协作的前提也是云资源彼此之间具有良好的可信关系。由以上分析可以看出，可信管理作为一种有效的网络安全新技术，也是实现云计算资源安全的一个核心技术。并且随着云计算的不断普及，可信问题的重要性呈现逐步上升趋势，已成为制约其发展的重要因素。In the cloud computing environment, due to the use of virtualization technology, the resource and user management methods of the cloud service provider are open and completely distributed. Driven by commercial profits, there will be some fraudulent behaviors in cloud services (resources), which will affect the applications running on the cloud platform. In addition, due to the completely open computing environment, in the absence of an authoritative management center to supervise, there will be some selfish service providers who provide some false resource information and disrupt the operation of the entire cloud system. At the same time, facing the diverse needs of users, the services requested by users may require collaboration among multiple cloud resources, and the prerequisite for collaboration is that cloud resources have a good trustworthy relationship with each other. From the above analysis, it can be seen that trusted management, as an effective new technology of network security, is also a core technology to realize the security of cloud computing resources. And with the continuous popularization of cloud computing, the importance of trustworthiness is gradually increasing, which has become an important factor restricting its development.

本专利提出一种通过分布式Agent技术来监测和分析云计算资源可信数据的新方法，通过动态监控和分析云计算资源相关的可信数据，可以发现云计算环境中的潜在恶意行为，防患于未然。This patent proposes a new method for monitoring and analyzing trusted data of cloud computing resources through distributed Agent technology. Through dynamic monitoring and analysis of trusted data related to cloud computing resources, potential malicious behaviors in the cloud computing environment can be discovered, preventing Before it happens.

发明内容 Contents of the invention

本发明提出通过分布式Agent技术来监测和分析各种云资源可信性相关的上下文的变化，监测的重点是与难点是云资源的行为上下文，云资源行为是云计算应用环境中带来安全隐患的主要原因，通过对云资源行为的监测，可以发现云计算环境中的潜在恶意行为，防患于未然。本发明通过分布式Agent对云资源的服务行为进行监控，监控到的上下文数据作为资源可信性评估与预测的证据，而可信性评估的结果可以作为云计算平台进行资源调度与分配的凭证。The present invention proposes to monitor and analyze the changes of contexts related to the credibility of various cloud resources through distributed Agent technology. The main cause of hidden dangers. By monitoring the behavior of cloud resources, potential malicious behaviors in the cloud computing environment can be found to prevent problems before they happen. The present invention monitors the service behavior of cloud resources through the distributed Agent, and the monitored context data is used as evidence for resource credibility evaluation and prediction, and the result of the credibility assessment can be used as a certificate for resource scheduling and allocation on the cloud computing platform .

为达到上述目的，如图1所示，本发明的技术方案共分为两个层次，计算代理层和监控代理层。In order to achieve the above purpose, as shown in FIG. 1 , the technical solution of the present invention is divided into two levels, the calculation agent layer and the monitoring agent layer.

本发明技术方案分为如下几个基本的执行步骤：Technical scheme of the present invention is divided into following several basic execution steps:

步骤一：代理管理器启动多个分布式的Agent来对不同的云资源的服务数据进行动态监控；具体的监测对象包括：内存和中央处理器(CPU)的使用率、网络端口、网络流量、日志、应用程序的调度过程、进程和系统调用等；Step 1: The agent manager starts a plurality of distributed Agents to dynamically monitor the service data of different cloud resources; the specific monitoring objects include: memory and central processing unit (CPU) usage, network ports, network traffic, Logs, application scheduling processes, processes and system calls, etc.;

步骤二：监控到的上下文数据放入存放原始数据的存储设备之中；Step 2: Put the monitored context data into the storage device storing the original data;

步骤三：计算代理层通过上下文事件服务模块，调用监控到的原始数据，并进行数据的预处理，并将与处理后的数据存入相关的存储设备，管理行为上下文的代理管理器根据事件的紧急程度，可以直接触发上下文事件服务模块，实时的进行可信度的重新评估；Step 3: The computing agent layer invokes the monitored raw data through the context event service module, performs data preprocessing, and stores the processed data in the relevant storage device, and the agent manager that manages the behavior context according to the event The degree of urgency can directly trigger the context event service module to re-evaluate the credibility in real time;

步骤四：云计算平台的可信评估模块根据预处理后的数据来对云资源的信任度进行评估及预测。在评估与预测的过程中，可信评估模块使用上下文信息数据库中的信息，这些信息是通过网络监控模块对云资源进行实时监控而收集到的；Step 4: The trust evaluation module of the cloud computing platform evaluates and predicts the trust degree of cloud resources according to the preprocessed data. In the process of evaluation and prediction, the trusted evaluation module uses the information in the context information database, which is collected through the real-time monitoring of cloud resources by the network monitoring module;

步骤五：根据可信评估模块的计算可信性评估结果，进行云计算资源的任务调度和分配。Step 5: According to the calculation reliability evaluation result of the trust evaluation module, the task scheduling and allocation of cloud computing resources is performed.

本发明有以下一些技术特征：The present invention has the following technical characteristics:

(1)步骤1所述的代理管理器封装了Agent的数据访问和控制功能接口，根据分布式Agent的功能不同，划归不同的代理管理器管理。同时代理管理器将Agent产生的数据转入上下文监控数据库中；(1) The agent manager described in step 1 encapsulates the data access and control function interface of the Agent, and is managed by different agent managers according to the different functions of the distributed Agent. At the same time, the agent manager transfers the data generated by the Agent into the context monitoring database;

(2)步骤2所述的原始的上下文监控数据库，主要用来存放多个代理监控到的云计算资源的服务数据，这些数据其表现形式为在一定范围内的具体值(物理量纲值)或者百分比数据，例如平均无故障时间和扫描重要端口次数，都是一个在某一范围内的具体值，平均无故障时间是沿正向递增的，即越大越好，扫描重要端口次数是沿正向递减的，即越小越好；(2) The original context monitoring database described in step 2 is mainly used to store the service data of cloud computing resources monitored by multiple agents. Percentage data, such as the average time between failures and the number of times to scan important ports, are specific values within a certain range. Decreasing, that is, the smaller the better;

(3)步骤3所述计算代理CA，主要用来做数据预处理。由于行为监测数据的表示多样性，为了便于融合计算，需要把数据表示进行规范化等预处理，即把它们全部表示为在[0，1]区间沿正向递增的无量纲值，这样不仅便于数值融合计算而且也与网络实体信任度测值的范围和方向相一致。(3) The calculation agent CA described in step 3 is mainly used for data preprocessing. Due to the diversity of representations of behavior monitoring data, in order to facilitate fusion calculations, it is necessary to preprocess the data representations such as normalization, that is, to express them all as dimensionless values that increase in the positive direction in the [0, 1] interval, which is not only convenient for numerical The fusion calculation is also consistent with the scope and direction of the network entity trust degree measurement.

(4)步骤4所述的可信评估模块，是整个可信管理中间件的核心模块之一，在资源可信度评估与预测的过程中，可信评估模块使用预处理后上下文信息数据库中的信息，这样可以大大加快整个系统的运行速度，进而提高可信度管理系统的运行效率。(4) The credibility assessment module described in step 4 is one of the core modules of the entire trust management middleware. In the process of resource credibility assessment and prediction, the credibility assessment module uses the preprocessed context information database information, which can greatly speed up the operation speed of the entire system, thereby improving the operating efficiency of the credibility management system.

(5)步骤5所述的云计算资源的任务调度和分配，主要是一种基于可信度评估的动态资源调度策略，该策略区别于传统的静态资源调度策略，具有更好的实时性。(5) The task scheduling and allocation of cloud computing resources described in step 5 is mainly a dynamic resource scheduling strategy based on credibility evaluation, which is different from traditional static resource scheduling strategies and has better real-time performance.

附图说明 Description of drawings

图1为基于分布式Agent的云资源可信性数据监控与分析系统的逻辑框架图。Figure 1 is a logical framework diagram of a distributed agent-based cloud resource credibility data monitoring and analysis system.

图2主要的监控参数。Figure 2 The main monitoring parameters.

具体实施方式 Detailed ways

为使本发明的目的、技术方案及优点更加清楚明白，以下参照附图并举实例对本发明做进一步详细地说明。In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below with reference to the accompanying drawings and examples.

1.系统基本层次结构和功能模块划分1. Basic hierarchical structure and functional module division of the system

本发明的技术方案共分为两个层次，计算代理层和监控代理层。The technical scheme of the present invention is divided into two levels, a calculation agent layer and a monitoring agent layer.

监控代理层主要负责采集云资源和云用户交互过程中的常用行为参数，例如，网络带宽利用率、内存和CPU利用率和应用行为隐患(包括端口、系统调用等可能潜在的入侵行为和恶意行为)等。监控代理层由各种监控代理MA(Monitoring-Agents)、代理管理器和原始的上下文监控数据库构成。The monitoring agent layer is mainly responsible for collecting common behavioral parameters in the interaction process of cloud resources and cloud users, such as network bandwidth utilization, memory and CPU utilization, and application behavior hidden dangers (including ports, system calls, etc. that may potentially intrude and malicious behaviors) )wait. The monitoring agent layer is composed of various monitoring agents MA (Monitoring-Agents), agent manager and original context monitoring database.

计算代理层主要进行数据的预处理计算。计算代理层主要由计算代理(CA，CalculatingAgents)、预处理后的上下文数据库、上下文事件服务和信任评估上下文访问接口组成。The calculation proxy layer mainly performs data preprocessing calculations. The calculation agent layer is mainly composed of calculation agents (CA, CalculatingAgents), preprocessed context database, context event service and trust evaluation context access interface.

2.监控代理层的主要监控参数2. Monitor the main monitoring parameters of the proxy layer

监控代理层主要负责采集云资源和云用户交互过程中的常用行为参数(或者称为指标)，这些参数主要包括：CPU利用率、IP传输效率、内存利用率、带宽利用率、平均吞吐量、资源共享率、作业成功执行率、误码率、IP丢包率、链接建立成功率、平均无故障时间、站点自防御能力、非法链接次数、扫描重要端口次数和尝试越权次数等。主要的监控参数见附图2。The monitoring agent layer is mainly responsible for collecting common behavioral parameters (or indicators) during the interaction between cloud resources and cloud users. These parameters mainly include: CPU utilization, IP transmission efficiency, memory utilization, bandwidth utilization, average throughput, Resource sharing rate, successful job execution rate, bit error rate, IP packet loss rate, link establishment success rate, mean time between failures, site self-defense capability, number of illegal links, number of important port scans, and number of unauthorized attempts, etc. The main monitoring parameters are shown in Figure 2.

3.计算代理层数据的预处理方法3. Calculate the preprocessing method of proxy layer data

通过监控代理层的Agent获得的原始上下文数据，其表现形式为在一定范围内的具体值(物理量纲值)或者百分比数据，例如平均无故障时间和扫描重要端口次数，都是一个在某一范围内的具体值，平均无故障时间是沿正向递增的，即越大越好，扫描重要端口次数是沿正向递减的，即越小越好。由于行为监测数据的表示多样性，为了便于融合计算，需要把数据表示进行规范化等预处理，即把它们全部表示为在[0，1]区间沿正向递增的无量纲值，这样不仅便于数值融合计算而且也与云资源可信度的测量值的范围和方向相一致。The original context data obtained by monitoring the Agent of the agent layer is expressed as a specific value (physical dimension value) or percentage data within a certain range, such as the average time between failures and the number of important port scans, all of which are within a certain range For specific values in , the mean time between failures increases in the positive direction, that is, the larger the better, and the number of times to scan important ports decreases in the positive direction, that is, the smaller the better. Due to the diversity of representations of behavior monitoring data, in order to facilitate fusion calculations, it is necessary to preprocess the data representations such as normalization, that is, to express them all as dimensionless values that increase in the positive direction in the [0, 1] interval, which is not only convenient for numerical Converged computing is also consistent with the range and direction of cloud resource trustworthiness measurements.

预处理我们采用数据规范化的方法。具体方法为将分布式Agent获得的监控数据按照时间进行排列，则在某个时间点n共有n组需要处理的监控数据，这n组数据中的每一组数据称为一个监控样本。这样，在时间点n，就会有待处理的n个样本X＝{x₁，x₂…，x_n}每个样本的属性集合表示为x_j＝{x_j1，x_j2，…，x_jm}，可用矩阵表示为：For preprocessing, we use the method of data normalization. The specific method is to arrange the monitoring data obtained by the distributed agent according to time, then there are n sets of monitoring data to be processed at a certain time point, and each set of data in the n sets of data is called a monitoring sample. In this way, at time point n, there will be n samples to be processed X={x ₁ , x ₂ ..., x _n } The attribute set of each sample is expressed as x _j = {x _j1 , x _j2 , ..., x _jm }, which can be expressed as a matrix:

式中m为可信评估指标(也称为可信属性)的个数。In the formula, m is the number of credible evaluation indicators (also called credible attributes).

对矩阵X按如下公示进行规范化处理，规范化后的矩阵表示为B＝(b_ij)_m×n则：The matrix X is normalized according to the following publicity, and the normalized matrix is expressed as B=(b _ij ) _m×n :

${b b}_{ij ij} = = \{\begin{matrix} {x x}_{ij ij},, & ((a a)) \\ 11 - - {x x}_{ij ij},, & ((b b)) \\ (({x x}_{ij ij} - - {r r}_{min min}^{j j})) / / (({r r}_{max max}^{j j} - - {r r}_{min min}^{j j})),, & ((c c)) \\ (({r r}_{max max}^{j j} - - {x x}_{ij ij})) / / (({r r}_{max max}^{j j} - - {r r}_{min min}^{j j})),, & ((d d)) \end{matrix}$

式中

(a)表示_xij是正向递增百分比；(b)表示x_ij是正向递减百分比；(c)表示x_ij是正向递增量纲值；(d)表示x_ij是正向递减量纲值。通过规范化的预处理所有的监控数据都可以转换为[0，1]范围的正向递增值。In the formula

(a) indicates that _xi j is a positively increasing percentage; (b) indicates that x _ij is a positively decreasing percentage; (c) indicates that x _ij is a positively increasing dimensional value; (d) indicates that x _ij is a positively decreasing dimensional value. All monitoring data can be converted to positively increasing values in the [0, 1] range through normalized preprocessing.

4.可信评估模块对资源可信度的计算4. Calculation of resource credibility by the credibility evaluation module

可信评估模块主要通过调用规范化的数据对资源的可信度进行评估计算，计算的结果可以作为云资源动态调度和分配的依据。由计算代理层的计算结果可知，通过规范化的处理之后，每个监控数据的值越大，该证据对云计算资源的可信度评估的贡献也越大。因此，我们采用如下方法计算资源的总体可信度：The credibility assessment module mainly evaluates and calculates the credibility of resources by invoking standardized data, and the calculation results can be used as the basis for dynamic scheduling and allocation of cloud resources. It can be seen from the calculation results of the computing agent layer that after standardized processing, the greater the value of each monitoring data, the greater the contribution of this evidence to the credibility evaluation of cloud computing resources. Therefore, we calculate the overall trustworthiness of a resource as follows:

${T T}_{P P} ((n no)) = = \frac{{Σ Σ}_{k k = = 11}^{m m} {b b}_{ij ij}}{m m}$

式中T_P(n)表示资源P在时间点n的可信度，m为可信评估指标的个数。In the formula, T _P (n) represents the credibility of resource P at time point n, and m is the number of credibility evaluation indicators.

5.基于可信度的云计算资源的任务调度和分配方法5. Task scheduling and allocation method of cloud computing resources based on credibility

当有一个用户向云计算服务提供者提出资源需求时，云计算的资源管理者可以采用基于可信度的云计算资源的任务调度和分配方法，具体方法如下：When a user proposes a resource requirement to the cloud computing service provider, the resource manager of the cloud computing can adopt a task scheduling and allocation method based on the credibility of the cloud computing resource, and the specific method is as follows:

(1)根据计算得到的每一个云资源的总体可信度，对可选资源进行排序；(1) sort the optional resources according to the calculated overall credibility of each cloud resource;

(2)根据排序结果，选择可信度值最大的资源，并提交作业到该资源执行；(2) According to the sorting result, select the resource with the largest credibility value, and submit the job to the resource for execution;

(3)等待作业结果，如果按时成功执行则进行后续工作如支付报酬、下载结果文件等，并回馈正面的评价，并根据相关算法增加资源的信任度；(3) Wait for the result of the job, and if it is successfully executed on time, follow-up work such as payment of remuneration, download of the result file, etc., and positive evaluation will be given back, and the trust of resources will be increased according to the relevant algorithm;

(4)如果执行超时或失败，则回馈较低的评价，根据相关算法降低资源的可信度，并从排序列表中删除该资源。(4) If the execution times out or fails, a lower evaluation is given back, the credibility of the resource is reduced according to the relevant algorithm, and the resource is deleted from the ranking list.

Claims

1. The method for obtaining and analyzing trusted data of cloud resources based on distributed Agent is characterized in that, when calculating the overall credibility of cloud resources, distributed Agent technology is used to dynamically monitor the service process of cloud computing, and the The monitored context data is an important basis for credibility evaluation, which can make the evaluation results more dynamic and real-time, so that the evaluation results are more impressive and credible.

2. The method according to claim 1, wherein the implementation scheme is divided into two levels, a calculation agent layer and a monitoring agent layer. The monitoring proxy layer is responsible for the monitoring of raw data, and the computing proxy layer is responsible for data preprocessing, so that the two layers can work in parallel, greatly improving the execution efficiency of the system.

3. The method according to claim 1, wherein the monitoring agent layer is mainly responsible for collecting common behavior parameters in the interaction process of cloud resources and cloud users, and these parameters mainly include: CPU utilization rate, IP transmission efficiency, memory utilization rate , bandwidth utilization, average throughput, resource sharing rate, successful job execution rate, bit error rate, IP packet loss rate, link establishment success rate, mean time between failures, site self-defense capability, number of illegal links, and number of important port scans and the number of unauthorized attempts.

4. The method according to claim 1, characterized in that the calculation agent layer mainly performs data preprocessing calculations. The computing agent layer is mainly composed of computing agent (CA), preprocessed context database, context event service and trust evaluation context access interface.

5. The method according to claim 1, characterized in that, we use the data normalization method for preprocessing, and all monitoring data can be converted into positive incremental values in the range of [0, 1] through normalized preprocessing, and every The greater the value of a monitoring data, the greater the contribution of this evidence to the credibility evaluation of cloud computing resources.

6. The method according to claim 1, characterized in that, when a user proposes a resource requirement to the cloud computing service provider, the resource manager of cloud computing can adopt task scheduling and Allocation method.