| This paper is supported by National High Technology Development 863Program of China, No. 2003AA142060 and No. 2001AA142100, about CooperativeNetwork Security.With the high-speed development of network, people realize the importance ofnetwork security. In the research of network security, audit is the main part of it. Thispaper attempts through a series of model study to solve two problems: discoveringand conforming of security events accurately, highly effective cooperation ofmulti-agents.The main work and innovation of the research are shown as follows.1. A framework about security strong audit is presented. This framework collectsthe information omni-directional (host, network), deploies the system distributional,processes the information in multi-level, and finally realizes the intellectualizedsecurity event discovery and the confirmation. The Intrusion Detection EvidenceExchange Format is presented to enhance the extension of framework.2. A model about audit domain based on the theory of graphs is presented. Modelcan obtain the audit domain and the essential node distribution situation through thecomputation, solved the dynamic deployment problem of audit node in the strongaudit framework, but also was allowed to play the certain monitoring role to theframework running status.3. A model about system call auditing based on the machine learning is presented.This model establishment above the Holland classifies frame, through theimprovement of rule evolution algorithm, has realized the system call sequence auditrule study independently. Based on audit rule study independently model has realizedto the unknown type attack automatic diagnosis.4. A model about security state estimated based on fuzzy logic is presented. As aresult of fuzzy logic merit: Strong robust, similar natural language logical definitionand so on. The model establishes causation relations of warning data, analyzes therelevant of warning data. Then model carry on the appraisal for the system securestate.5. Research about audit software cooperation mechanism under network counterwork and audit software cooperation scheme within agent community hascarried on. Proposed security strong audit coordination mechanism based on theantagonism analysis, this mechanism's goal lies in the solution to act the highlyeffective coordinated work under the network counterwork background. Though thecontrast analysis between software multi-agents pattern and the biology community,proposed the coordination behavior research of multi-agents community in thecounterwork background, the research technique which the attempt use communityhas conducted the research to the software multi-agents pattern, hoped to new way ofsoftware multi-agents pattern research.The above achievements have been applied respectively in "Hacker MonitoringSystem" and "Network Cooperative Security". The two projects have been approvedby 863 expert groups, and applied in Finance department of Shaanxi andExaminations department of Shaanxi, with satisfactory effects."Hacker Monitoring System" attains the technical achievement second prize ofShannxi Province in 2004.
|
PDF Full Text Request