Extentics-based Network Security Management-related Technology

With the development of network technology and the growing popularity of network applications, an increasing dependence on network emerges in people's social and economic lives. However, the network security becomes the main obstacle preventing people from effectively using network, and as result, various researches and applications on network security technologies boom nowadays. From decentralized and independent to comprehensive and unified, current network security technology develops dramatically, among which the network security management is one of the typical examples. Under the framework of network security management technology, the management concept and the fusing and analysis technologies for security-related factors have been applied to achieve the integral management and control of the network security, meanwhile, a variety of network system security technologies complement and cooperate with each other. The classic network system security technology, network security analysis and management technology are integrated into network security management-related technology.The extentics is a new field of studying the extension possibility of objects and rules of innovative expansion by formative mode, which can be used specifically for conflict problems. At present, the extension theory has formed unique extension methods and the theoretical framework including basic element theory, extension set theory and extension logic theory. The basic element can represent objective things and the relationship between them. The extension set is an important method of dynamic classification of objective things, the description of quantitative and qualitative changes, and also a quantitative tool treating conflict problems. The extension methods, which take the extension transformation as the core theme and establish quantitative tool to describe the quantitative and qualitative changes, are based on the extension reasoning and combine the quantitative computation along with qualitative analysis in order to deal with conflict problems. The extension strategy generating system (ESGS) which is the result of combination of extentics and artificial intelligence is an intelligent system to generate strategy resolving conflict problems through the computer ancillary, and thus has become an important tool dealing with conflict problems automatically.In this paper, the extension theory and method are introduced into the domain of network security to establish network security detection and analysis technology models and the main contents are as follows.一The network security model and extension representationGenerally, the network security detection and analysis technologies are based on the implementation of modeling network security factor. At the same time, the extension representation of knowledge is the foundation of extension method. This paper firstly modeling various network security and then uses basic element to represent them to unify the network security knowledge expression, as a result to elicit the network security management-related technology model.二The intrusion detection model based on extension recognitionFirstly, an analysis model is established for intrusion detection performance and then, the intrusion behavior pattern is expressed both by the classical domains, limited domains and the integrated approaches of evaluation characteristics. Also, two particular detection methods based on dependent function and sequential pattern are presented respectively and their performances are analyzed by the analysis model. In this detection model, the quantitative method, which helps to enhance the universality and robustness of detection model, can achieve different forms of integration of various evaluation characteristics and comprehensive assessment of intrusion behavior. In addition, the detection model can offer the quantitative description about abnormal degree of intrusion behavior and in this way, we can obtain more abundant information for risk assessment and defense.三ESGS based network attack graph automated generation modelFrom the perspective of the attacker, the conflict problem is constructed by using the gap between expectation state and reality state of the attacker in the network, and the automated generation of attack graph is fallen under the ESGS. In the system, the attack behavior is considered as a strategy through which the attacker solves his own conflict problem mentioned above; the attack graph is a set of all strategies that can be taken under existing conditions. At the same time, an atom attack behavior is regarded as an extension transformation for network system state; the attack link is the conduction transformation link; the attack graph is the conduction transformation graph. Constructing relevance net through defining the network states and partial relation among them, the effectiveness of attack graph generation would be greatly improved. Thus, this scheme is a new standardized method to generate attack graph automatically, and the extension method can also provide the theoretical support for the improvement of generation method, analysis and application of attack graph.四Extension evaluation based information security risk assessment modelThe model is simple and flexible, and the user can select evaluation factors and models according to known information and knowledge and then make full use of them to guarantee the accuracy, objectivity and validity of assessment result. In particular, interval distance based assessment scheme is also presented to resolve the difficulty in accurate measure of evaluation factors. Furthermore, through improving the classical interval distance and dependent function in terms of requirement of network risk assessment, a more general dependent function with parameter is constructed in which the optional parameter makes the application of dependent function more flexible and more responsive to actual needs. Finally, a decision-making rule based on threshold and parameter is applied to make up for the impact of inaccurate interval values on validity and accuracy of assessment result.In this paper, the innovations are that the introduction of extension method into the network security management field complements and improves traditional network security management-related technology. The support of extension theory makes for the standardized and unified development of network security management technology to achieve the cooperation of various security technologies as well as the overall control and management of network security, which is consistent with the ultimate target of network security management. Moreover, along with the application, this paper better improves theories related to extentics in order to adapt to the practice needs.