| With the continuous development of computing and spreading of network technology, network security issues become more prominent. More and more types of network attacks cause the growing social impact and economic losses, which bring new requirements and challenges of network security defense work. Network security is a process of spiral. Network security monitoring, security situational awareness, and network immunization are important parts of network defense. Scientific and effective measures can be taken to significantly curb attacks. Protect the network's healthy and normal orderly operation. By researching on these three techniques, we can enhance emergency response capacity of network security defense organizations.Network traffic anomalies and malicious code are major threat to the network security, so they are the key object to the network security monitoring. To discovery abnormal traffic fast and accurate, to achieve malicious code on the timely and accurate capture, analysis, tracking and monitoring. Indicators for network security posture assessment and support immunization decision-making knowledge to enhance network security emergency response capacity of the organization as a whole.Network security situation assessment index evaluation is an important tool for network security.Indicator reflects the overall assessment of the security properties of an object signage.Also known as network security posture index.Network security situation assessment index system is based on the evaluation objectives and assessment requirements of the contents of a group of construction reflect the level of network security related indicators.According to gather assessment information about the object, the object reflects the assessment of the basic aspects of network security, quality and level of.Network security posture index reflects the comprehensive index of network security situation.Network security situation assessment index system is formed on the standardization of network security assessment based on objective and quantitative analysis of findings.Killing by the virus, patch information device can be realized by means of malicious code and restore the immune.Network immunization strategy is a means of space-time combination of the immune network.From the complex network theory, the whole network node immunization strategy should take what can be achieved both the effectiveness and costs of immunization.At present the main objectives of random immunization and passive immunization immunization strategy, less dynamic Immunity.This paper studies the network traffic monitoring and denial of service attack detection technology, a SIP VoIP system, high-speed flooding attack line real-time detection technology, design techniques based on malicious code Honeynet monitoring and analysis platform to discuss the indicators of network security situation Assessment, analysis of the spread of malicious code, network dynamic properties, combined with complex network theory, a malicious based on information dissemination source dynamic immune model.The main results of this paper is as follows:1.A system for the SIP VoIP flooding attack detection algorithm for online real-time highThe current study focuses on the agreement property per group and the protocol state machine testing.Without considering the interaction of directional signaling and call time distribution.Which may flow through forged to deceive the inspection system.And easy to misjudge the normal high telephone traffic for the attack scenario.By analyzing the INVITE for SIP VoIP system flooding attack,a call duration of VoIP-based flooding attack detectionmethod CDVFD. The method uses the SIP signalinginteraction with isotropic and call the statistical distribution of long, fast and efficient through the Chi-square value to detect flooding attacks, and can be normal to distinguish between high telephone traffic scenarios, experimental results show effectiveness of the method.2.Designed based on honey honey pot sites and malicious code on the dog's large-scale distributed monitoring and analysis systemTrapping techniques for the malicious code, malicious code and malicious code analysis technology tracking in-depth study.Honeypot site based on the realization of malicious code trapping technology, based on gateway malware honeypot network behavior analysis technology, malicious code based on honey dog control server tracking technology, the formation of large scale distributed honeypot network, and through a nationwide the deployment, to quickly capture the spread of malicious code and network attacks, hacker attacks and found that network activity characteristic of malicious code, malicious code control server to track activities, provide network monitoring for network security features, to provide immunity for the malicious code samples support for Situation Assessment Network to provide basic data network threats.3.Proposed based on monitoring of network security posture assessment indicatorsBy perceived risk information system vulnerabilities, malicious code infection threat to the stability of three types of host resources based on the use of data.After the normalization.Based on BP neural network by the network security posture assessment and prediction modeling Index.Finally obtained by the subjective weight assignment method of the target network of network security assessment index. Can reflect the network's overall security goals for network security management and decision-making support.4. A malicious code based on the information dissemination model of dynamic immunization strategyA dynamic immunization model based on alarm information mail spreading was proposed to suppress email worms propagation. This model considers interaction between immunization process and worm infection process other than static immunization strategies. The simulation results show that the model can suppress infection process more effectively without understanding the whole network information than target immunization.
|
PDF Full Text Request