Research On Key Technologies Of Network Information Security System

P~2DR~2 is a dynamic security model based on time, closed loop control and active defense as well. Its realization relies on various security technologies. This dissertation deals with the study of how to improve the performance of some key techniques in the network information security system, including four areas: the Performance Optimization of Network Intrusion Detection System-Snort, the file backup system aimed to save storage space; a Broadcast Encryption Scheme base on RSA and an identity-based broadcast encryption scheme. The main results are detailed as follows:1. The workflow of Snort system is in a single thread, thus, in order to improve the performance, a reformed scheme based on multithreading technique is put forward, including a queue between two function modules and a busy sign flag in every decoder and chain node. The analysis shows that the detection efficiency is increased and the rate of miss-detection is decreased, but the workloads of CPU and the computer memory are increased.2.Base on the network data packets which have a certain common characteristics in a period of time, a scheme of dynamic sorting for rules chain is given. This scheme allows the data packets of same features to match in a short time, so that it increase the detection efficiency3.A snort preprocessor based on agreement flow analysis is designed to reduce the data flow rate needed to be detected and improve the detection efficiency through filtering the relatively secure date packet.4.A LAN P2P Identification System Based on Snort system is designed to improve the detection efficiency through integrated using of port identify and feature matching.5.A file backup scheme based on network coding is proposed. Specifically, with network coding, many backup files are encoded into one encoded file, and then saved in the backup server. The analysis shows that compared with traditional method, this scheme greatly saves storage space and enhances the safe privacy of the backup data, but slightly decreases the recoverability of it and increase the complexity of the system.6.A file backup scheme based on index is proposed. The core of this scheme is to establish an index for the backup files with a two-dimensional chain table, and only store a copy for the same files. In this way, repeated file redundancy can be eliminated, and then storage space is saved. The analysis shows that this scheme saves more storage space than traditional method does, but the time consumption and the system load of the backup process are increased.7.By exploiting group key distribution strategy for authorized users under different modulus, a new broadcast encryption scheme based on RSA encryption scheme is constructed. The proposed scheme can efficiently implement dynamic join for new users without any key update computation. Both the communication transmission bandwidth and key storage size of each user in the scheme are greatly reduced (only one group element), and the encryption-decryption computation cost is the same as that in the RSA scheme. The collusion-resistance security is proved as well.8.An identity-based broadcast encryption scheme based on the difficulty of large integer factoring problem is proposed. The key management is greatly simplified by taking the novel group-key distribution strategy for computing each user's decryption key from system master keys under different modulus. It enables the key distribution center to broadcast a controlling header of less constant transmission size (only two group elements), and the authorized users can recover the session key correctly from the broadcasting information. Both fully coalition-resistance security and dynamic joining are implemented.