| The study of information security operation under network environment is not only comprehensive but also profound. In the face of the increasingly complicated threat of network environment, this paper focuses on the study of theories and key technologies of information security operation about network adversary, operation architecture, attack detection, attack prevention, attack deception and vulnerability analysis.The purpose of the researches is to explore new methods for information security assurance so that we can have the initiative on information security. Seven main achievements in this paper are as follows:Firstly, one network adversary model is proposed, which is composed of three sub-models: network adversary mental sub-model, network adversary attack decision-making sub-model and network adversary attack behavior sub-model. Having avoided the weakness of those previous models, the model has strong capability of describing the characteristics of network adversary mental, the decisions of network adversary attack and the changes of network adversary behavior.Secondly, a multi-agent-based coordinated operation architecture is proposed, which meets the needs of mentality, decision and behavior of network adversary. The operation architecture, the basic element of which is operation intelligence agent, is composed of target architecture, policy architecture, structure architecture and function architecture. The relations between every part of coordinated operationarchitecture are formally described and analyzed, thus abstract level model of operation architecture presented. At the same time, cooperation conditions, cooperation model and cooperation process of operation agents are studied. Compared with current defense architecture, By making use of multi-agent technologies and avoiding isolated, single-dimension, passive and no-intelligence defense method, the operation architecture form one coordinated defense architecture, which is capable of resisting multi-dimension space of network adversary and which is intelligent, active and evolutional.Thirdly, one attack context-based intrusion detection model and algorithm is suggested. With full use of context information of attack environment and attack effect, the model and algorithm detect intrusion behavior of network adversary in reference to the features of every network attack phrase and their dependency upon each other. The accuracy of intrusion detection is improved, because it is not by attack tools and methods of network adversary, but by the attack effect upon network environment or targets that the context-based detection method finds intrusion behaviors.Fourthly, based on the researches and analysis of the background for high performance computing and network intrusion detection, then a parallel computing-based network intrusion detection system (briefly PNIDS) is proposed, and some corresponding high performance algorithms are designed. The prototype of the PNIDS shows that the PNIDS can make use of advantages of cluster computing to improve the capability of high performance computing of the NIDS and to decrease false alarm rate.Fifthly, one agent-based network vulnerability analysis system (briefly named ANVAS) is designed, and some key technologies of the ANVAS are studied and analyzed. The MPI-based algorithm for vulnerability information quick collection and relation model-based method for vulnerability analysis are proposed.Sixthly, one cluster-Based intrusion prevention system (briefly named CBIPS) is presented. The experimentation prototype of the CBIPS shows that it can improve theperformance of network attack prevention by using multi-computer for parallel process.Seventhly, technology reference model for network attack deception and program algorithms-based attack deception method are suggested; the deception technologies for network scanning is studied; the deception software system prototype of anti-webscanner is implemented; the experimentation data shows that it has good effect.
|
PDF Full Text Request