Research On Knowledge-Based Network Vulnerability Detection And System Design

With the rapid improvement and application of Internet, security problems of network stand out increasingly. Many researches indicate that attack behaviors, such as computer virus, vicious code, network invasion, can engender huge threat to computer system. The main reason of situation is that computer system and software have vulnerability objectively. Consequently, how to find out the security hole, that is implement vulnerability detection effectively, is hot topic in the field of vulnerability detection and research direction of this dissertation.Recently, vulnerability detection focus on non-intelligent approaches, we apply knowledge-based approach to detect vulnerability, design and realize vulnerability detection system based-on OpenCyc which is knowledge-based system. The main works and creations are as the following:1. Study the traditional vulnerability detection approaches, technology, find out the disadvantages of traditional and non-intelligent approaches, and apply knowledge-based vulnerability detection approach to network vulnerability detection. Knowledge-based approach include building up the domain knowledge base, reason about the vulnerability in the network using inference engine, commonsense knowledge and domain knowledge.2. Mainly study method of realization that apply Artificial Intelligence to vulnerability detection. Therefore, We analyze the composition of system framework, running mechanism, syntax and semantics of CycL, which is knowledge description language, commonsense knowledge and management method of commonsense knowledge, API and reason method of OpenCyc.3. Design the network vulnerability detection system based-on OpenCyc and specify main function of every module. Implement the key module of system, including the vulnerability knowledge base, network entity knowledge base. Complete the design of the interface of every module.4. Implement inference application using the vulnerability knowledge and network entity knowledge, execute vulnerability detection to the host exist vulnerability, efficiently reduce the false negative of vulnerability detection, avoid possible damage to computer system in traditional simulate attack behavior.