| With the continuous development of cloud computing technology,electric power enterprises will move their service from the traditional data center to the cloud data center.Cloud data center improves the resource utilization of physical equipment s and provides convenient services for electric power enterprises,but it also brings some new security problems.Because the existing network security protection measures are generally located at the network boundary,the huge internal network of cloud data center is often in an undefended state.Therefore,electric power enterprises need to strengthen the security protection of cloud internal network.In order to ensure the smooth operation of cloud data center and improve the internal security of cloud data center,based on the concept of micro-isolation,this paper designs and implements a service isolation system for power cloud,and constructs a fine-grained security protection system inside the cloud.First of all,in order to clarify the requirements of the service isolation system,this paper analyzes the functional and non-functional requirements of the system,and defines the roles of the system and the business process of each module.Secondly,because the traffic data collected from the cloud data center does not have labels,it is necessary to identify network services without any prior kn owledge.Therefore,the network traffic identified in this paper is redefined,and the network traffic patterns extraction algorithm based on graph difference is designed.According to the obtained traffic patterns,the network traffic metrics extraction algorithm based on traffic patterns is designed.Thirdly,for the extracted network traffic flow metrics,this paper designs a network servieces identification framework based on deep clustering.An improved self-organizing map algorithm is proposed.Combining the self encoder with the improved algorithm,a deep clustering model for network services identification is proposed.The performance of the algorithm is evaluated by experiments and the internal evaluation index of the clustering algorithm.Fourthly,for the problem of services isolation group partition in cloud data center,this paper proposes an overlapping subgraph partition model based on graph attention model by combining the information contained in undirected weighted network adjacency matrix and services attribute matrix of network nodes.The experimental results show that the model has better performance in the internal evaluation index of overlapping subgraph partition problem.Finally,based on the network services identification framework and overlapping subgraph partition framework proposed in this paper,a service isolation system is designed and implemented by combining the extracted network service flow metrics.System tests show that the system constructed in this paper meets the functional requirements.And it also can effectively identify network services and partition isolation groups. |
PDF Full Text Request