Methods On Intrusion-tolerance Oriented Proactive Intrusion Response

Military information network systems are faced with severe security threat while information warfare and network warfare are becoming more and more furious. Traditional security goals aim at constructing defending mechanism to protect systems from intrusion. However, it is scarcely possible to protect systems from intrusion because of security vulnerabilities and attacks. Therefore, it is important to guarantee the services of military information network systems dependable and uninterrupted; furthermore, to guarantee the survivability of systems even though they have been intruded.This thesis presents an intrusion-tolerance oriented proactive intrusion response model to cut down response cost and optimize response policy. Furthermore, it can maintain basic service functions and promote survivability of military information network systems even though intrusion response has been disabled and data has been destroyed already.The model supplies for two lines of security defense to protect systems from attacks. The first guard line is a proactive intrusion response method based on intrusion graph, which can make proactive reactions in the forepart in order to prevent the final attacking goals from realizing, furthermore, to protect systems' security. The second guard line is an intrusion response method based on damage containment techniques. This guard line will contain damaged data quickly and precisely, then release correct data contained mistakenly just now, which can maintain basic service functions for legal users even though intrusion response has been disabled.At last, some simulations for optimizing proactive intrusion response policy and the process of damage locating are separately conducted. The results show that: firstly, the intrusion response policy we presented can cut down response cost and prevent intrusion goals from realizing; secondly, the damage containment scheme can locate damaged data precisely with high feasibility. With these two guard lines, the model can prevent the intruder from realizing his final attacking goals effectively and promote survivability of system, eventually, supply effective intrusion tolerant security protection for military information network systems.