Network Services Camouflage Auto-response Model

The thesis is based on the projects of National Natural Science Foundation "Research on the model of networking camouflaging collaborative security"(Grant No.60503008).The popularity of the internet makes people pay more attention to network security. The quality of safeguard system such as intrusion detection system depends largely on the quantity and quality of attacking characteristics. At present, attacking characteristics are mainly extracted by experts with the way of analysis. The disadvantages are:the process is long, the speed is very slow, and the accuracy of the feature extraction is low. As the new attacks are more and more, in particular, the worm can be spread quickly and it is devastating, how to detect the attacking characteristics quickly and automatically becomes a serious problem that should be resolved.Camouflaging network service can monitor and track attacks and its processes; also it can find unknown attack and its characters. In order to response uncertain attacks, we introduce automatic response model of networking service camouflaging. This model builds state machine through self-learning from network services and then matches pattern using state machine which has extracted features. Then this model can build response. The results test and verify the validity of this model.The main work and contributions of the thesis are as follows:(1)Proposing automatic response model of networking service camouflaging. It realizes automatic response through self-learning from network session request. It can monitor and track attacks and its processes; also it can find unknown attack and its characters.(2)There are many network requests. In order to match requests which have not learned, We need extract request samples. The thesis extracts the characteristics of network session request using Needleman-Wunsch algorithm. It extracts the longest common subsequence through contrasting with network session requests. At the same time, the improved Needleman-Wunsch algorithm is used to extract the characteristics subsequence of network session request. It overcomes the problem of debris that easily occurs when using Needleman-Wunsch algorithm. The results prove that the character extracted using the algorithm is more reliable.(3)Using Levenshtein Distance algorithm to calculate the similarity of requests, and then to determine the contents of automatic responses.(4)Realized the prototype system. The accuracy of automatic responses verifies the validity of the model.