Control Technology Of Security Situation Based On Network Topology

With the application of Internet in various fields, network security is attracting more and more attention all over the world. The computer virus's spread and hackers'nonlicet inbreak to network caused the leakage of important information, even breakdown of the network, which leads to great economic losses to the countries and companies and even threats to national and regional security. Only the first half of 2004, in China, Mydoom worm and several of the major worms using RPC and LSASS gaps attacked nearly 2 million hosts.Several countries have already launched early emergency response control system and intrusion detection technology and deployed in a number of key economic, political, Military networks. These systems play an important role in protecting the informatinon's security of networks, the early detection of the invasion and control of the spread of virus. At present China has not yet implemented any large-scale network intrusion detection and security control system. In order to protect our information systems and adapt to the demands of information warfare, we must vigorously develop network security situation analysis and control technology, study how to effectively deny the spread of network security incidents, and make appropriate alarm, responsing and control strategies, which is very necessary for network systems to enhance their emergency response capability to mitigate harms from network attacks and to improve the counterattack capability.This dissertation implemented an abnormity events comprehensive analysis subsystem in the large-scale network security incidents comprehensive early warning system based on the network security events alarm information, network topology measurement information, IP addresses information, propagation path and so on. We focus on the quantification of the level of threat to the security situation,generation of control strategies and deployment of control components based on betweenness ,at the last visualization the results made a better applications' effect.Through creating network comprehensive alarm system, we can ahead the step of defending of security events such as worm, notify computer users to make advance virus prevention, and reduce virus' harm.The proposed control strategy can ensure network administrators' control more pertinently and scientificily, reduce blindness and improve accuracy.