Research On The Survivability Of Network Information System Based On Automotic Computing

The concept of System Survivability first came from the research report of United States Department of Defense. It focused on how to prevent the appearance of disaster after military commanding information system failed. After that, it was widely interested by the researchers in the filed of network and system security. Because the network security technologies of first and the second generations based on information insurance and information protection can not satisfy the increasing requirement on the information security of human being, intrusion tolerance and automatic attack response oriented information surviving technologies which can be considered as the third generation one get more and more attentions. How to survive the network intrusions and disasters, and continuous providing critical service gradually become the hot spot of information security filed.The research on system survivability can be considered from two aspects, survivability evaluation and survivability enhancing. Survivability evaluation maily works on the definition of suitable survivability evaluation metrics, predicting the surviving tendency and vulnerability from the qualification results, and making some guidance for survivability enhancing. In additional, survivability enhancing focuses on how to improve the survivability of information system with less cost. These two aspects depend on each other, the former is the primary work of the later, the later is the goal of the former one.Automotic computing firstly proposed by IBM at 2001, aims at developing a class of computing system which can manage itselfs automatically to overcome the problem of resourse cusuming at managing computer system. In another word, the main feature of automotic computing locates at the following aspects-managing the distributed computing resources automatically, adapting system to touch the step of environment changes, and hiding the complexity of low-level components. Automatic system can make decision, optimize itself, and adapt to touch the environment changes according to the pre-defined high-level rules.Although in field of system survivability, a great deal of achievements have been made, some drawbacks like lacking time reality and the detailed model description, the process of survivability enhancing still needs manual operation, holding low level automation prevents these achievements from application. Regarding these defaults existed, this paper apply the technology of automotic computing to system survivability, and try to make some improvements in the following aspects according to the kernel concepts of survivability.Firstly, a stochastic game theory based survivability qualification method is proposed, and survivability oriented state transition model of information system is constructed, intruder and information system are described as players of the stochastic game, related game model for intrusion process description is established, Nash Equilibrium is introduced for solving the game model. Continuous Markov Chain is used to qualify the survivability of Intrusion tolerant system, some sensitive parameters for improving the survivability of intrusion tolerant system is pointed out. This method not only improves the describing ability for the intrusion tolerant process of information system, but also provides some reasonable evidence for the dynamic analysis of the survivability of information system.Secondly, methodology for survivability analysis of intrusion response system based on queuing nets is proposed. Then it is transformed into a two-dimension Markov model and simplified into a Quasi Birth and Death (QBD) process. The steady-state distribution of this model is Obtained Based on Spectral Expansion method. Finally, the blocking probability and the mean queue length of intrusion response model are calculated to quantify the survivability of Intrusion Response System. The results can be useful not only to determine whether the survivability requirements are satisfied but also for the optimization of the system structure and parameters.Thirdly, a system survivability analysis method based on Hierarchical TCPN is proposed. Compared with traditional survivability analysis methods, our method is more suitable for modeling dynamic behavior of complex system. CPN Tools, a Hierarchical timed Colored Petri net simulation tool was deployed for modeling the survivability environment and service workflow of network system. Based on the model established, two metrics, the average response delay and average service delay are extracted from the simulation results to evaluate system survivability. In the end, some measures for system survivability enhancements are proposed according to the result.Fourthly, automotic Computing is introduced into information system survivability enhanding method to overcome the default of leaking automation. A q-learning based information system dynamic survivability enhancing method is proposed. Parameter vector for surviving state is cyclely abstracted from information system and forward to q-learning module as input. Q-learning module can recognize the surviving status from input and choose the best survivability enhancing action in the current state. The decision result will be transmitted to information system for execution and feedback the reward to improve the learning module. The whole process is validated by the Model established using Coloured Petri nets together with BP Neutral Network. The result of experiment shows that the methodology holds not only good time reality and well sensitivity, but also can make survivability enhancing automatically.Finally, a method based on continuous data protection for information system surviving disaster is proposed. File-system filtering driver is introduced for continuous data capturing, remote data virtual accessing technology, recovering process querying technology and quick restoring technology are incorporated to surviving disaster of critical service providing.The contents described in the thesis resolve some core problems and develops some critical technologies for survivability research. These achievements will provide help in not only theory aspects, but also in real problem solving.