| The internet is playing more and more important roles in areas such as politica,economy,military and so on. But on the other hand,security problems accompanied with internet became more and more serious in recent years.Network and information security is a problem for researchers to resolve urgently.At year 2008,a vulnerability of IE7.0 web browser caused a wide-ranging concern of internet users.Before the opening of Beijing Olympic game,the network security status of China experienced a sharp deterioration.According to statistics, 438386 trojan horse was founded in China in 2008,compared to 2007,the number of trojan horse increased by 64.7%.More over,spam,worm and DDos attack also caused serious harm to users.So many intrusion events brings higher requirements for security products.Network security situation assessment is a new tecnology to protect large scale network.There is no standard definition of network security situation assessment by now,it is generally believed that network security situation assessment is a tecnology that fuse data from security products such as intrusion detection system(IDS),fire wall and so on,through data fusion,the original data is refined.The refined data can reflect current security situation and the security trendency of protected network.Network security situation assessment can help administrators find intrusion behavior in time and take measures to manage it.Nowadays,there are more and more researchers undertake study of network security situation assessment tecnology,to some degree,we can say that network security situation assessment respresents a new develop direction of network security tecnology.These years,the trojan horse and backdoor program caused more and more security problems to network,but no security situation assessment system specialized on assessment of damage caused by trojan horse and backdoor programs by now.To assessment the damage caused by trojan horse and backdoor programs more acurately,we designed a malicious code situtaion assessment system,and designed a trojan horse sensor at the data acquisition level of malicious code situation assessment system.The trojan horse sensor is deploied on all hosts of protected network,it provides original alarm information to assessment system,these information will be used by malicious code situation assessment system to assessment the damage caused by trojan horse and backdoor programs.The main contents are as follows:(1)Introduced some concepts which are closely related to network security situation assessment and analyzed current research status of this area.(2)Introduced the modeling method to assessment threat and security situation.(3)Introduced the generally used sensor tecnologies such as intrusion detection system and fire wall,and the deficiency of these tecnologies.(4)Designed a malicious code situation assessment system.To assessment the damage caused by trojan horse and backdoor program more acurately,we designed a trojan horse sensor,the sensor can detect trojan horse program based on its behavior.The alarm information provided by trojan horse sensor can be used by malicious code situation assessment system to assessment the damage caused by trojan horse and backdoor program.The trojan horse sensor we designed is located at the lowest level of malicious code situation assessment system,provide original alarm information for the situtaion assessment system. |
PDF Full Text Request