Research On The Key Technology Of Computer Network Defense Policy Refinement

With the rapid development in computer network technology and the expansion ofnetwork scale, hacking attack becomes more and more complicated along with the emergentkinds of applications and businesses. In the large, complicated, and isomerous networkenvironment, the traditional manual configuration management for the security device, suchas firewall and intrusion detection system, depends on managers’ professional experience andmanual configuration is a tedious job and more likely to cause mistakes. These may result inproblems such as configuration vulnerabilities for security devices, which lead to a number ofcorrect and safe behaviors that cannot be executed. So it is extremely challenging to constructa computer network defense policy refinement(CNDPR) approach for defense that addressesprotection, detection, response, and recovery, and then verify its accuracy.For these problems, this thesis focuses on the research of computer network defensepolicy refinement, its semantic modeling approach, and semantic consistency analysisapproach. In addition, in order to verify the effectiveness of the approach and solve theproblem of the difficulty of comparing, analyzing and verifying the network survivabilitymodels, we applied our researches in the field of modeling and verification for networksurvivability model. We center on the research about modeling and simulation verificationapproach for the mobile Ad Hoc network survivability model. The key research findings areshown as follow:(1)A policy refinement approach for computer network defenseThe existing methods of policy refinement in computer network defense (CND) can onlysupport the refinement of access control and VPN policies. However, it cannot combinevarieties of defense means and mechanism, and support the policy refinement in protection,detection, response, and recovery for the defense. To solve this problem, we proposed anapproach of computer network defense policy refinement, and constructed a computernetwork defense policy refinement model and defined the formalism specifications ofcomputer network defense policies including protection (i.e., access control, userauthentication, encryption communication, backup), detection (i.e., intrusion detection,vulnerabilities detection), response (i.e., system rebooting, shutdown) and recovery (i.e., rebuild, patch making). An algorithm of CND policy refinement was designed, whichincludes transformation algorithm of policy refinement and the instance choosing algorithm ofdefense entity. And a system was provided for CND policy refinement. At last, theeffectiveness of our methods was verified through three experiments including the refinementof access control policy, policies refinement for making patch and system rebooting, as wellas other policies refinement with intrusion detection, vulnerabilities detection, and accesscontrol. By analyzing the time used for refinement of CND policy, we verified the efficiencyof refinement approach.(2)A semantic modeling approach for policy refinement of computer network defenseAt present, due to absence of an approach in semantic expression and analysis in thepolicy refinement of computer network defense, the semantic consistency before the defensepolicy refinement and after the refinement cannot be verified and the accuracy of the defensepolicy refinement cannot be guaranteed. To solve these problems, we proposed a semanticmodeling approach for the CNDPR. At first, based on the Nivre algorithm which is a semanticdependency analysis algorithm of the natural language processing, we proposed a modifiedsemantic dependency analysis algorithm for the CND policies. The effectiveness of thisalgorithm was verified through experiments. Secondly, based on semantic dependencyrelation which are obtained by our semantic dependency analysis algorithm for the policies,high-level policies and operational-level policies, we constructed a semantic model of theCNDPR based on description logic. Some inference rules are defined based on SWRL. At last,the semantic inference and query experiment proved the effectiveness of the semanticmodeling approach of the CNDPR based on Racer.(3)A semantic consistency analysis approach of policy refinement of computer networkdefenseThe current policy refinement of computer network defense is a process based onmachine’s symbol inference, which ignores the semantics of problem solving in the process.This may result in semantic differences before and after substitution. In order to analyze thesemantic differences and guarantee the semantic consistency of CNDPR, we proposed anapproach to analyze the consistency of the CNDPR from conceptual and semanticdependency structure. We provided formalism definitions including semantic consistency and inconsistency of concept, structure, and conflict of semantic relations. Using the inferencetool of Racer based on description logic, we designed an algorithm of semantic consistency inconcept and an algorithm of semantic consistency in structure. Some inference rules ofsemantic refinement in concept and structure based on SWRL were provided. At last, theeffectiveness of the CNDPR approach used for semantic consistency analysis was verifiedthrough ours experiments. The time utilized by our approach validated its efficiency.(4)A modeling and verification approach for the mobile Ad Hoc network survivabilitymodelIt is difficult to compare the network survivability models because of the differences inmodel descriptions, experimental environments, and some other factors. In this thesis, weproposed a modeling and simulation verification approach to evaluate various survivabilitymodels. Based on the ontology theory, we constructed a high-level description for thesurvivability model according to the definitions of survivability. We thus suggested atransformation technique used in the implementation from the high-level description tolow-level simulation. In response to the automatically generated attacking path, we designedan automatic deployment method for defense simulation tasks and completed the simulationverification of the survivability models. At last, in the environment of Tactical Mobile Ad Hocnetwork, we used our method to conduct the modeling and verification of SAMNAR Modeland Group Recovery Model. The experiment proved the effectiveness of our method.