| This thesis is based on the "Research on the Ecological Defense Architecture in the Network Security" (Hebei Natural Science Foundation, No.F2009000927), and it focuses on the problem of network security models, such as defense domain partition, security policy and so on. According to the ecological characteristics of border routing architecture, the ecological point of view is introduced to construct the border routing security defense architecture with ecological function. The ecological operating mechanism is built and the related defense technology is studied. It is expected to improve self-heal and immunity in the case of suffering losses on network infrastructure. The main results and contributions of this dissertation are as follows.(1) The framework of border routing eco-defense architecture and the working mechanism of important components are investigated.The defense framework is designed based on the ecological characteristics of border routing architecture. The Autonomous System (AS) is defined as Local Immune Network; Sensing Agents, Deciding Agents and Killing Agents are defined to imitate immune cells in local immune network; Immune Agents are defined to imitate immune correspondence among local immune networks. Defense domains are divided in self-organizing. Then the ecological operating mechanism is to implement network defense mode of self-organization and self-evolution. This mode is built by the division, collaboration and evolution of Agent populations to solve complex security problems.(2) The danger alert mechanism is established in local immune network.The network is contrasted with Danger Mode of immunology. Danger signal, antigen-presenting signal and co-stimulatory signal are abstracted to establish danger alert decision computing model in local immune network. Then, The Anergy mechanism in immunology is added to the computing model to improve its accuracy, which reduces the false positive rate of alerts and tolerate the false alerts induced by self-antigen. The local alert mechanism is used for the internal computing processes of Decision Agent.(3) Danger propagation model (D-SIR) and danger control model (DC-SIR) are proposed.The danger propagation and diffusion of border routing in local immune networks are investigated. The classical epidemic model (SIR) is improved to establish D-SIR mathematical model according with network propagation disciplinary for Immune Agents' path planning. Analyzing D-SIR model, we propose Intra-area random immunization strategy and Inter-area objective immunization strategy of border routing. Based on D-SIR model, two states (latency, insulation) are added to establish DC-SIR model that is used to discuss the control condition under the above strategies.(4) The framework and structure of emulator are established with RepastS.We use RepastS builds the framework and structure of special emulator. We abstract the environment, agent individual and its behavior rules and use special emulator design the security defense framework, including individual and its behavior rules. The operating model is created.At last, the dissertation is summed up, and the direction for further research is pointed out. |
PDF Full Text Request