Abstract: In view of the shortcomings of current mainstream cloud security analysis system whose intelligence is not high or processing capacity is not strong, the paper puts forward a parallel processing ability of streamline PF_RING model, the biological sequence matching algorithm is introduced into the cloud intrusion detection model, with the combination of state matching algorithm and vulnerability assessment?algorithm, so the Cloud Security Comprehensive Analysis System（CSAS） is designed and implemented. Experiments show that the system can carry out flow analysis, intrusion detection and vulnerability scanning under huge amounts of data, compared with the similar system, its processing capacity is promoted nearly 10 times and the capacity of security protection is improved 65.43%. This system has effectively improved the ability of cloud security analysis system for intrusion detection, and provides effective protection for the security of cloud platform.

Key words: cloud security, cloud security analysis system, Intrusion Detection System（IDS）, network traffic analysis

摘要： 针对当前主流的云安全分析系统存在智能化不高，处理能力不强等缺点，提出了具有并行处理能力的流水化PF_RING的模型，将生物序列匹配算法引入到云入侵检测模型中，并将其与多状态匹配算法、脆弱性评估算法相结合，设计并实现了云安全综合分析系统（Cloud Security Comprehensive Analysis System，CSAS）。实验表明，系统可在海量数据下，对云安全进行流量分析、入侵检测和漏洞扫描，与同类系统相比，处理能力提升近10倍，安全防护提升了65.43%。该系统有效地提高了云安全分析系统入侵检测能力，为云平台的安全性提供了有效的保障。

关键词: 云安全, 云安全分析系统, 入侵检测系统, 流量分析