Research Of The Key Techniques In Multy-Layer Deep-Defence Architecture Of Networks

At present, the importance of the network security is increasing day by day, yet various secure problems are still emerging endlessly. Both inside and outside the nation, the defence of the network security has grand political, economic and military values. The research work of this thesis is a part of the project "Research and Application of the Multy-layer Deep-defence Architecture for Information Security" started in 1999. As a period summary of the harvest in this long-term project, this thesis bases on the practice of technical engineering applications in the fore stage, studies the deeper academic and practical secure techniques in Multy-layer Deep-defence Architecture (MLDA) of networks. The main research work and contributions are:1. Macro architecture:the research of MLDAThis thesis presents the Multy-layer Deep-defence Architecture based on the 6 layer model of information security, and combines it with the double layer architecture of the network in the virtualized environment. To enable this kind of double layer networks with the abilities of self-adaption and self-management, this thesis presents the n-dimensionality matrix network (Matrix-net) in the virtualized computing environment, and presents the Game Tree Decision-making Model (GTDM). The GTDM can monitor the Matrix-net and protect its security automatically. The results of simulating experiments indicate that:Compared with current familiar solutions, the Matrix-net with the GTDM has higher parallel computing performance and better auto-defence effects.2. Physical level security:the research of ad-hoc networks with mobile disaster-backup serversTo solve the problems of communication performance and robustness caused by the dynamic and unsteady topological structure of the MANET, this thesis presents a Messenger Oriented P2P (MOP2P) model, which regards the network nodes as messengers who transmit messages. This thesis also presents a design of modularized Mobile Disaster-backup Servers (MDBS), which can adopt MOP2P and be applied to the situation such as boondocks, disaster areas, battlefields and so on, where the power and communication infrastructure is scarce or damaged. The theoretic analysis reveals that MOP2P in the MANET is more efficient than that of traditional end-to-end communication.3. Application level security:the research of the secure inspection pattern for web information systemsAs the security problems of web information systems are more and more obvious, this thesis presents the formalized pattern of International Airport Secure Inspection (IASI), which can improve the secure defence capacity of the system, and implements IASI in real coding phase, building a kind of coding operation pipeline in the web system development, and adding fixed coding patterns to each step of the pipeline. The results of software tests, leak scans and over 5-year-long run of real systems show the pattern of IASI can ensure the secure quality of the software efficiently.4. Business level security:the research of mass data compression and encryptionGBs or TBs of data can be called "mass data". To improve the technical level of the mass data compression and encryption, this thesis presents a new compression format named "CZ format", and presents a model of the encryption system named "CZ-Butterfly Effect Encryption Model" (CZ-BEEM). The experiment results support that in most cases, the software ComZip based on CZ-BEEM has better compression ratio than WinZip, Bzip2 and WinRAR, and the encryption speed of ComZip is not affected by the key length, so it can support the session key length over 10 000 b.5. Content level security:the research of the webpage and dynamic script encryptionIt is a problem to protect the source codes of webpage HTML and Javascript programs. This thesis uses the technical idea of polymorphic viruses for reference, presents the dynamic Javascript source encryption algorithm "Parhelion", and based on "Parhelion" algorithm, presents the webpage encryption algorithm "Athena", which can prevent the HTML and Javascript source codes from exposure while the webpage can be browsed normally.This thesis is supported by the project of National Development and Reform Commission, and the project of Ministry of Industry and Information Technology.