基于虚拟散列安全访问路径VHSAP的云计算路由平台防御DDoS攻击方法

防御分布式拒绝服务DDoS（distributed denial of service）攻击是云计算平台安全保护中的一个关键问题。在研究大规模网络防御DDoS攻击的安全覆盖服务SOS（security overlay service）方法的基础上，揭示了SOS在节点被攻击时的退出机制存在的安全漏洞，根据云计算路由策略改进了一致性散列算法Chord，提出了适用于云计算路由平台三层架构的虚拟散列安全访问路径VHSAP（virtualization hash security access path），在安全访问路径中引入了心跳机制，利用虚拟机技术实现弹性的虚拟节点，完成在云平台中被攻击节点之间的无缝切换，保证用户对云计算平台的安全访问。针对VHSAP防御DDoS的性能进行了仿真实验，重点研究了在散列安全访问路径HSAP中被攻击节点数和切换时延等参数，并将实验结果与SOS方法进行了比较。实验结果表明在DDoS攻击下，VHSAP具有较高的数据通过率，可以提高云计算平台的安全性。

VHSAP-based approach of defending against DDoS attacks for cloud computing routing platforms

Based on the analysis of security overlay service (SOS) approach of defending against DDoS attacks in large scale network,the vulnerability in the exit mechanism of being attacked nodes in SOS approach is explored.The vulnerability is solved by improving the Chord algorithm according to the routing strategy in cloud computing.Hence,the virtualization hash security access path (VHSAP) in three-layer structure is proposed to protect the cloud computing platform.In VHSAP,the heartbeat mechanism is applied to realize virtual nodes by using the virtual technology.Therefore,the virtual nodes have the ability of resilience,which can complete the seamless switching between being attacked nodes in cloud computing platform,and guarantee the legitimate user's authority of accessing to the resource in cloud computing platform.Experiments of VHSAP defending against DDoS attacks are carried out in simulation network environment.The parameters,such as the number of being attacked nodes in hash secure access path (HSAP),and the switching time and the handoff delay between nodes,are focused in experiments.The result shows that VHSAP achieves a higher data pass rate than that of SOS approach,and enhances the security of cloud computing platform.