| This dissertation is based on the projects of National Natural Science Foundation, Research on the model of networking camouflaging collaborative security (Grant No.60503008).Owing to the transparency of packet head transferred on the network, attackers can invade and attack objectives successfully by analyzing networking character values. Traditional network security technologies, such as firewall, invasion examination, encryption confirmation and system crack repair, require a lot of time to analyze unknown attack and characters of attackers. Thus, how to quickly discover automatically unknown attack and characters of attackers is an important research direction in network security field.This dissertation purposed automatic response and quantification control model of networking service camouflaging that can enable camouflaging networking service to automatically responses indefinite attack survey behavior, can find and study unknown attacks and its characters fast and effectively. It has the vital significance to resist network attacks and research to strengthen network security. In order to monitor and track the network services based on camouflage, the model introduces automatic response and quantification control model of networking service camouflaging. By monitoring the sessions, this model can extract characteristics of network service automatically, generate the state machine and construct the reply of network sessions. In addition to depict the process of response based on CEST(Colored Event-driven State Transition), we also introduce the idea of quantification control model of networking service camouflaging to control the process of response. Then, we realizes the purpose of quantification controlling the automatic response to network service unknown attack detection behavior.The main work and contributions of the dissertation are as follows:(1) Proposing automatic response and quantification control model of networking service camouflaging. Although automatic response model of networking service camouflaging is effective for responding automatically indefinite attack survey behavior in camouflaging network service, this model doesn't control the response process of attack survey behavior, it easily attacked by the survey recognition. The dissertation introduces the idea of CEST(Colored Event-driven State Transition) into automatic response and quantification control model of networking service camouflaging that can be quantified control network services to disguise automatic response process, uncertain attack detection behavior can better camouflage goals. (2) Studying the model of networking service camouflage based on CEST (Colored Event-driven State Transition) and quantification controlling model of networking service camouflage. The dissertation uses the network service status change path and service states change step to describe the corresponding visit response process, and contracture the rule manager by using adjacent matrix, reachability matrix, logic relation matrix and service status change rules of risk matrix. In this dissertation, we also complete quantitative controlling and automatic response network service uncertain attack detection behavior process.(3) Studying sequence alignment algorithm, such as Smith - Waterman algorithm and Hirschberg algorithm. we introduce these algorithm into automatic response and quantification control model of networking service camouflaging, and complete automatic extracting network conversation features in the part of response dealing.(4) We realize the prototype system. According to the experimental results, we also validate automatic response and quantification control model of networking service camouflaging feasibility and effectiveness. |
PDF Full Text Request