| It is about half a century for IP network appearing. IP network plays a huge role in promoting the global economic and social development. It has become an important foundation for the information society, military, science, technology, education and many other areas. The basic position and central role is growing day by day.With the continuous expansion of network scale and network technology, network devices, network topology and business type on IP network have all continued to increase, which has increased the insecurity of IP network. Therefore, the network security is facing enormous challenges. The purpose to improving the network security is that whenever falling across the abnormal conditions and malicious intrusion, the alerts and some appropriate measures can be operated timely.Both the traditional system IDS and the improved system IPS are passive recovery. They can only give respond after the intruder has achieved the purpose or got some kinds of invasion rights. Then the only thing we can do is reducing the hazards of intrusion and can not achieve the initiative recovery in fact.This article explores a new approach to protect the network security. In order to predict the intrusion before it happens or reaches a certain harmful level. Then alerts timely and takes measures to prevent the intrusion. It will save the response time and change passive recovery to initiative recovery. This article has some innovation as follows:First, a method to predict and describe abnormity in IP network, based on the Conditional Information Entropy (CIE), is proposed in this paper. It makes up the deficiencies of detection by adopting prediction in advance. This method consists of three parts the processing of network performance raw data, the dividing of nodes'status and the quantification based on CIE. The core node collects network performance raw data. The weighted sum of data is graded by Clustering Algorithm. Then the formulae of CIE will be used to evaluate the relationship among those grades. According to the deduction, we can draw the conclusions as follows: the higher CIE, the higher the possibility of intrusion. If CIE is higher than the threshold, warn and trigger the Intrusion Tolerance Mechanism (ITM) of the system.Second, based on the results of prediction, this article presents a new ITM that is called IP Credible Routing Implementation Tactics (IPcrit). Together with the intrusion prediction department, they make up of the whole forecast system. The credibility relationship among human society is introduced to IP network. And the nodes decide whether or not to communicate with each other by judging the Credibility Value. The credibility relationship in this article comes from two aspects: one is the Forecast Credibility Value (FCV) from the intrusion prediction result; the other is Detection Credibility Value (DCV) from credit assessment between nodes. The routing line will be selected by the Credibility Value from high to low. This will farthest ensure the safety of major business delivery in network.Third, this article presents a Two-way Credit Assessment Tactics (2wCAT). Both the sending node and the receiving node are evaluating the Credibility Value of each other. Besides the source and the destination, we must evaluate the adjacent node that the data packet comes from directly. Only all of them are trusted, the delivery is allowed. At the same time, reducing the route consume has been considered in this paper. A credible routing algorithm is given. We select the nodes, which have the highest credit value beyond those chosen nodes and their neighbor nodes, in the adjacent nodes. A certain extent, the consumption of routing consume has been reduced. |
PDF Full Text Request