Research On Some Key Problems Of Initiative Intrusion Tolerance Systems And Self-regeneration Technologies

Recently, network intrusion becames more and more frequent with the wide application of distributed networks, and these bring on the phenomenon that no system can resist all the fault and intrusion. For its abilities of tolerating the intrusions and guaranteeing the key sevices of systems, intrusion tolerance attracts more and more attention.A recent survey of the intrusion tolerance system (ITS) and intrusion tolerance technology is given firstly in this dissertation, and the conclusion that initiative reactive ITS and self-regeneration technology are the new progress is achieved by analyzing, then some key problems of these two aspects are studied and systemic conclusions are achieved.In the aspect of ITS, the author suggested an initiative reactive ITS which initiatively reacts by intrusion prediction instead of by intrusion detection in the existed reactive ITS to get more reacting time, then focuses on the two key technologies, modeling and predicting method of intrusion, which are appropriate to trig the reactive intrusion tolerance system.1) Modeling the Intrusion: An intrusion model of state transition of attackers'capability and its constructing algorithm is presented. The model pays its emphasis on the influence of the intrusion upon the system and describes the intrusion as the state transition process of the attackers'capability. The constructing algorithm correlates the intrusion detection alerts into meta-attack, and defines cover as the reduction of meta-attack. Then the method of transforming the cover of meta-attack to intrusion model and the proofs of the equivalences among intrusion model, meta-attack and its cover are given. And then an algorithm for describing the intrusion model adaptively is present in which the manual work is not employed as the existing methods. In the end, both the intrusion model and the algorithms for constructing and describing this model show their good performances in the correlation experiment.2) Predicting the Intrusion: A hybrid Bayesian network method for intrusion predicting is presented which is based on the intrusion model of state transition of attackers'capability. The network model shows the casual relation of the...