A security event description of intelligent applications in edge-cloud environment

Abstract

In traditional network environment, the attack topology of the network is usually obtained based on a graph traversal algorithm. It uses connection relationships to describe the process of the attack, thus completing the description of network security event. However, in the edge-cloud environment, the control logic and data forwarding of network devices are separated from each other. The control layer is responsible for the centralized management of network edge nodes. After acquiring the entire network topology, it can automatically generate a visualized network structure. This architecture extends traditional cloud computing architecture to the edge of the network, helping to handle some latency-sensitive service requirements, especially for most IoT applications. Therefore, security analysts can grasp the connection status of the devices on the entire network in the control domain. This network topology generation method based on the control layer information is directly and efficiently, which can greatly simplify the description of security events in the edge-cloud environment. At the same time, the separate structure also hides specific details of the underlying network device. Petri-net, as a formal description tool, can be used to describe such structure. Among existing security event description methods, the CORAS modeling tool has the advantages of graphical description, reusability and refinement description. And it also provides analysis guides to guide the operation steps. Based on the edge-cloud environment, this paper combines the advantages of CORAS modeling and analysis with Object-oriented Petri-net theory, and proposes a COP (CORAS-based Object-oriented Petri-net)-based Intelligent Applications security event description method. Experiments verify that this method is suitable for describing the complexity and dynamics of security events in edge cloud environment.