| With the development of computer network, network applications are applied to more and more fields. On the other hand, network security has become increasingly prominent and network intrusion has become more and more serious, new made computer viruses have extended its influence from originally only single host to the whole network, and their harms have become more serious. Network Security Warning System(NSWS) aims at early warning for large-scale network and it evaluates the security situation of the whole protected network through synthesizing security events of local area. NSWS is a key stage in the whole network security defence architecture, but the traditional NSWS is lack of effective means of detecting the unknown attacks, passive to detect security issues and difficult to be deployed because of the constraint of Firewall/NAT.The thesis focuses on researches and implementation on the active detection of protected network, the timely publishment of forewarning messages, the cross-internet transmission of the forewarning messages. The following contents are studied in this thesis.1. Dynamic Network Security Active Forewarning System(DNSAFS) frameworkIt addresses the situation of the NSWS and discusses the incompleteness of forewarning and the problem of lacking of effective way to solve unknown attacks. Based on these, the concept of forewarning and the meanings of forewarning information are extended. The framework of DNSAFS is presented and designed, which considers the honeypot and Local Vulnerability Scanner System(LVSS). The DNSAFS can supply a complete forewarning for protected network.2. Forewarning information publishmentFirst, the requirement of DNSAFS's forewarning information is analysed, and the requirement is classified. Then, a new algorithm referencing P2P idea to solve the publishment of large-size and high-frequency Forewarning information is put forward. This algorithm can degrade the overload of Warning Agent(WA) and reduces the forewarning information publishment time.3. The design and implementation of transferring through firewall/NATBased on the analysis of the schemes transferring through firewall/NAT, the communication requirements of DNSAFS is classified. Considering the need of security,performance and real-time ability, the scheme to transfer through firewall/NAT is presented and implemented. Our scheme can implement the fast and accuracy of security communication.Parts of productions in this paper has been applied into "the Distributed Network Security Monitor and Forewarning System"(863 Project), which lays the foundations for the successfulmiddle examination of this project.
|
PDF Full Text Request