Advertisement

The Realization Path of Network Security Technology Under Big Data and Cloud Computing

  • Nan KangEmail author
  • Xuesong ZhangEmail author
  • Xinzhou ChengEmail author
  • Bingyi FangEmail author
  • Hong JiangEmail author
Conference paper
  • 572 Downloads
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 550)

Abstract

This paper studies the cloud and big data technology based on the characters of network security, including virus invasion, data storage, system vulnerabilities, network management etc. It analyzes some key network security problems in the current cloud and big data network. Above all, this paper puts forward technical ways of achieving network security. Cloud computing is a service that based on the increased usage and delivery of the internet related services, it promotes the rapidly development of the big data information processing technology, improves the processing and management abilities of big data information. With tie rapid development of computer technology, big data technology brings not only huge economic benefits, but the evolution of social productivity. However, serials of safety problems appeared. How to increase network security has been become the key point. This paper analyzes and discusses the technical ways of achieving network security.

Keywords

Network security Big data Cloud 

1 Introduction

Cloud computing is a kind of widely-used distributed computing technology [1, 2, 3]. Its basic concept is to automatically divide the huge computing processing program into numerous smaller subroutines through the network, and then hand the processing results back to the user after searching, calculating and analyzing by a large system of multiple servers [4, 5, 6]. With this technology, web service providers can process tens of millions, if not billions, of information in a matter of seconds, reaching a network service as powerful as a supercomputer [7, 8]. Cloud computing is a resource delivery and usage model, it means get resource (Hardware, software) via network. The network of providing resource is called ‘Cloud’. The hardware resource in the ‘Cloud’ seems scalable infinitely and can be used whenever [9, 10, 11].

Cloud computing is the product of the rapid development of computer science and technology. However, the problem of computer network security in the background of cloud computing brings a lot of trouble to people’s life, work and study [12, 13, 14]. Therefore, scientific and effective management measures should be taken in combination with the characteristics of cloud computing technology to minimize the risk of computer network security and improve the stability and security of computer network. This paper briefly introduces cloud computing, analyzes the network security problem of computer under cloud computing, and expounds the network security protection measures under cloud computing.

2 Model Construction of Cloud Computing Technology in Data Processing

Processing data by cloud computing can save the energy expenditure and reduce the dealing cost of big data, so that it can improve the healthy development of cloud computing technology. Analyzing big data by cloud computing technology can be shown by a directed acyclic data flow graph \( G = (V,E) \), and the cloud service module in the Parallel selection mechanism is made up by a serial group \( V = \{ i|i = 1,2, \ldots ,v\} \) and a serial of remote data transfer hidden channels \( E = \{ (i,j)|i,j \in V\} \). Assuming the date transmission distance of the data flow model in \( C/S \) framework is \( T0 + B + is + Td + ji + 1 < T0 + B + is + Td \).

The directed graph model \( GP = (VP,EP,SCAP) \) explanation, EP represent LKSET, the VP cross channel bearing the physical node set, the SCAP explains the quantity of data unit of physical node. Besides, assuming undirected graph \( GS = (VS,ES,SARS) \) expresses data packet markers input by application. The process of link mapping between cloud computing components and overall architecture can be explained by:
$$ eS = P\left( {vS \to vt} \right),eS \in ES,( \, vs,vt) \in VS $$
(1)

For the different customer demands, building an optimized resource-allocated model to build the application model that processed by big data. The built-in network link structure for big data information processing as follows:

In Fig. 1, the ith transmission package in the cloud computer is ith. Let Ti represent the transmission time of ith. The interval of Component is mapped to thread or process is showed by \( j_{i} = T_{i} - T_{d} \), when \( j_{i} = T_{i} - T_{d} \) in the range of (−∞, ∞), the weight of node I is Wi which computing time, the detail application model of big data information processing is shown in Fig. 2
Fig. 1.

Built-in network link structure for big data information processing

Fig. 2.

The application model of the big data information processing

3 The Formulation of Cloud Computing in Computer Data Processing

In the mobile cloud system model, the grid architecture that relies on local computing resources and the wireless network to build cloud computing, which will select the components of data flow graph to migrate to the cloud, Computer data processing cloud computing formula modeling, \( \{ G(V,E),si,di,j\} \) is the given data flow applications, assuming that the channel capacity is infinite, the problem of using cloud computing technology to optimize big data information processing is described as follows
$$ \mathop {\hbox{max} \hbox{max} }\limits_{xi,yi,jxi,yi,j} TP = \frac{1}{tp},i,j \in \{ 0,1, \cdots ,v + 1\} $$
(2)
Among them:
$$ tp = \hbox{max} \{ \mathop {\hbox{max} }\limits_{i \in v} \mathop {\hbox{max} }\limits_{i \in v} (x_{i} .\frac{si}{\eta p}\sum\limits_{i \in v}^{{}} {X_{i} } ),\mathop {\hbox{max} }\limits_{(i,j) \in E} \mathop {\hbox{max} }\limits_{(i,j) \in E} (\frac{{d_{i,j} (x_{i} - x_{j} )^{2} }}{{y_{i,j} }})\} $$
(3)
The energy overhead of data flow migrating between groups in mobile cloud computing is described as:
$$ k = Int(\frac{{n\,\overline{Q} }}{{1 - \overline{Q} }}) + 1 $$
(4)

4 Main Characteristics of Network Security Technology

4.1 Security

In the context of big data, cloud computing, users can save the data in the cloud and then process and manage the data. Compared with the original network technology, it has certain data network risks, but its security coefficient is higher. Cloud security technology can utilize modern network security technology to realize centralizing upgrade and guarantee the overall security of big data. Since the data is stored in the cloud, enhancing the cloud management is the only way to ensure the security of the data.

4.2 Convenience

Big data stored in the cloud usually affects network data. Most enterprises will connect multiple servers so as to build computing terminals with strong performance. Cloud computing itself has the convenience. Customers of its hardware facilities do not need to purchase additional services. They only need to purchase storage and computing services. Due to its particularity, cloud computing can effectively reduce resource consumption and is also a new form of energy conservation and environmental protection.

4.3 Participatory

When local computers encounter risks, data stored in the cloud will not be affected, nor will it be lost, and at the same time these data will be shared. The sharing and transfer of raw data is generally based on physical connections, and then data transfer is implemented. Compared with the original data research, data sharing in big data cloud computing can be realized by using the cloud. Users can collect data with the help of various terminals, so as to have a strong data sharing function.

5 Security Issues

5.1 System Vulnerabilities

Most computer networks have risks from system vulnerabilities. Criminals use illegal means to make use of system vulnerabilities to invade other systems. System vulnerabilities not only include the vulnerabilities of the computer network system itself, but also can easily affect the computer system due to the user’s downloading of unknown plug-ins, thus causing system vulnerability problems.

5.2 Virus Invasion

With the continuous development of the network, its virus forms are also diverse, but mainly refers to a destructive program created by human factors. Due to the diversity of the virus, the degree of impact is also different. Customer information and files of enterprises can be stolen by viruses, resulting in huge economic losses, and some of the viruses are highly destructive, which will not only damage the relevant customer data, but also cause network system paralysis.

5.3 Data Storage

In the context of big data cloud computing, external storage of the cloud computing platform can be realized through various distributed facilities. The service characteristic index of the system is mainly evaluated through high efficiency, security and stability. Storage security plays a very important role in the computer network system. Computer network system has different kinds, large storage, the data has diversified characteristics. The traditional storage methods have been unable to meet the needs of social development. Optimizing the data encryption methods cannot meet the demand of the network. The deployment of cloud computing data and finishing need data storage has certain stability and security, to avoid economic losses to the user.

5.4 Network Management

In order to ensure data security, it is necessary to strengthen computer network management. All computer managers and application personnel are the main body of computer network security management.

If the network management personnel do not have a comprehensive understanding of their responsibilities and adopt an unreasonable management method, data leakage will occur. Especially for enterprise, government and other information management, network security management is very important. In the process of application, many computers do not pay enough attention to network security management, leading to the crisis of computer intrusion, thus causing data exposure problems.

6 Ways to Achieve Network Security

6.1 Save and Encrypt Data

One of the main factors influencing the big data cloud save system is data layout. Exploring it at the present stage is usually combined with the characteristics of the data to implement the unified layout. Management and preservation function are carried out through data type distribution, and the data is encrypted. The original data stored in more than one cloud, different data management level has different abilities to resist attacks. For cloud computing, data storage, transmission and sharing can apply encryption technology. During data transmission, the party receiving the data can decrypt the encrypted data, so as to prevent the data from being damaged or stolen during the transmission.

6.2 Build Network Walls

The intelligent firewall can identify the data through statistics, decision-making, memory and other ways, and achieve the effect of access control. By using the mathematical concept, it can eliminate the large-scale computing methods applied in the matching verification process and realize the mining of the network’s own characteristics, so as to achieve the effect of direct access and control. The intelligent firewall technology includes risk identification, data intrusion prevention and outlaw personnel supply warning. Compared with the original firewall technology, the intelligent firewall technology can further prevent the network system from being damaged by human factors and improve the security of network data.

6.3 Introduction of Encryption Protection Technology

The system encryption technology is generally divided into public key and private key with the help of encryption algorithm to prevent the system from being attacked. Meanwhile, service operators are given full attention to monitor the network operation and improve the overall security of the network. In addition, users should improve their operation management of data. In the process of being attacked by viruses, static and dynamic technologies are used. Dynamic technologies are efficient in operation and can support multiple types of resources.

7 Use Case: Shenzhen E-Government Resource Center Security Isolation System

Safety isolation system is usually called virtualizes distributed firewalls (VDFW). It made up of security isolation system centralized management center and security service virtual machine (SVM). The main role of this system is to achieve network security. The key functions of the system are as follows.

7.1 Access Control

Access control functions analyze source/destination IP addresses, MAC address, port and protocol, time, application characteristics, virtual machine object, user and other dimensions based on state detection access control. Meanwhile, it supports many functions, including the access control policy grouping, search, conflict detection.

7.2 Intrusion Defense

Intrusion prevention module judge the intrusion behavior by using protocol analysis and pattern recognition, statistical threshold and comprehensive technical means such as abnormal traffic monitoring. It can accurately block eleven categories of more than 4000 kinds of network attacks, including overflow attacks, RPC attack, WEBCGI attack, denial of service, trojans, worms, system vulnerabilities. Moreover, it supports custom rules to detect and alert network attack traffic, abnormal messages in traffic, abnormal traffic, flood and other attacks.

7.3 Malicious Code Protection

It can check and kill the Trojan, worm, macro, script and other malicious codes contained in the email body/attachments, web pages and download files based on streaming and transparent proxy technology. It supports FTP, HTTP, pop3, SMTP and other protocols.

7.4 Apply Identification

It identifies the traffic of various application layers, identify over 2000 protocols; its built-in thousands of application recognition feature library.

8 Conclusion

This paper studies the cloud and big data technology. In the context of large data cloud computing, the computer network security problem is gradually a highlight, and in this case, the computer network operation condition should be combined with the modern network frame safety technology, so as to ensure the security of the network information, thus creating a safe network operation environment for users.

References

  1. 1.
    Zhou, X., Lu, L.: Application and operation of computer network security prevention under the background of big data era. Netw. Secur. Technol. Appl. 05, 24–30 (2017)Google Scholar
  2. 2.
    Sun, H., Jia, R.: Research on enterprise network information security technology system in the context of big data. Commun. Technol. 50(02), 334–339 (2007)Google Scholar
  3. 3.
    Xu, L., Cheng, X., Chen, Y., Chao, K., Liu, D., Xing, H.: Self-optimised coordinated traffic shifting scheme for LTE cellular systems. In: 1st EAI International Conference on Self-Organizing Networks, pp. 67–75. Springer Press, Beijing (2015)CrossRefGoogle Scholar
  4. 4.
    Gao, M.: Network security technology in big data environment. Inf. Commun. 01, 158–159 (2017)Google Scholar
  5. 5.
    Xu, L., Zhao, X., Yu, Y., et al.: Data mining for base station evaluation in LTE cellular systems. In: 3rd International Conference on Signal and Information Processing, Networking and Computers, pp. 356–364. Springer Press, Chongqing (2017)Google Scholar
  6. 6.
    Xu, L., Chen, Y., Schormans, J., et al.: User-vote assisted self-organizing load balancing for OFDMA cellular systems. In: 22nd IEEE International Symposium on Personal Indoor and Mobile Radio Communications, pp. 217–221. IEEE Press, Toronto (2011)Google Scholar
  7. 7.
    Wang, F.: Discussion on network information security in the context of big data. Digital Technol. Appl. 05, 210 (2016)Google Scholar
  8. 8.
    Xu, L., Luan, Y., Cheng, X., et al.: Telecom big data based user offloading self-optimisation in heterogeneous relay cellular systems. Int. Jo. Distrib. Syst. Technol. 8(2), 27–46 (2017)CrossRefGoogle Scholar
  9. 9.
    Zhou, H.: Application of cloud computing technology in computer secure storage. Netw. Secur. Technol. Appl. (10):78–79 (2017)Google Scholar
  10. 10.
    Xu, L., Zhao, X., Luan, Y., et al.: User perception aware telecom data mining and network management for LTE/LTE-advanced networks. In: 4rd International Conference on Signal and Information Processing, Networking and Computers, pp. 237–245. Springer Press, Qingdao (2018)Google Scholar
  11. 11.
    Xu, L., Luan, Y., Cheng, X., Xing, H., Liu, Y., Jiang, X., Chen, W., Chao, K.: Self-optimised joint traffic offloading in heterogeneous cellular networks. In: 16th IEEE International Symposium on Communications and Information Technologies, pp. 263–267. IEEE Press, Qingdao (2016)Google Scholar
  12. 12.
    Huang, Y.: Network information security control mechanism and evaluation system in the context of big data. Inf. Comput. (Theor. Ed.) 20, 201–202 (2016)Google Scholar
  13. 13.
    Xu, L., Cheng, X., et al.: Mobility load balancing aware radio resource allocation scheme for LTE-advanced cellular networks. In: 16th IEEE International Conference on Communication Technology, pp. 806–812. IEEE Press, Hangzhou (2015)Google Scholar
  14. 14.
    Xu, L., Luan, Y., Cheng, X., et al.: WCDMA data based LTE site selection scheme in LTE deployment. In: 1st International Conference on Signal and Information Processing, Networking and Computers, pp. 249–260. CRC Press Taylor & Francis Group, Beijing (2015)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  1. 1.Unicom Cloud Data Limited Liability CompanyChina United Network Communications CorporationBeijingPeople’s Republic of China
  2. 2.Network Technology Research InstituteChina United Network Communications CorporationBeijingPeople’s Republic of China

Personalised recommendations