| The importance of network security has already been widely recognized. Security technologies such as firewall, intrusion detection, anti-virus and security audit have been widely applied. Traditional network security components are short of interaction and automation, even requested human intervention. The intruder has enough time to do his job before defensive response, so an infrastructure that supports interaction between network security components is critically needed.This dissertation puts forward an Open Common Interaction Framework (OCIF) which allows easy integration of detection and response components. Meanwhile, OCIF is a framework supporting automated detection and response to intrusion, and it is divided into two layers: the OCIF application layer and the OCIF communication layer. After introduction of OCIF as a whole, this thesis respectively discusses OCIF application layer message model and OCIF communication layer data exchange model.In the design of OCIF application layer, Security Interaction Message eXchange Format (SIMEF) is used to implement the OCIF application layer message model. SIMEF defines data format for sharing information of interest to intrusion detections, response components, and management components.In the solution of OCIF communication layer, Blocks Extensible Exchange Protocol (BEEP) is used to implement the OCIF communication layer data exchange data exchange model. BEEP is a modular P2P framework designed to simplify and improve the project of network application protocol. With the help of corresponding profiles, it supports mutual-authentication, integrity, and confidentlity when exchanging data between security components. |
PDF Full Text Request