Analysis And Detection Of Security Linkage Behavior Based On Protocol

Network security linkage technology reflects the trend of collaborative defense, active dynamic defense and intelligent security management. Wit h the development of security linkage technology, more and more security linkage mechanisms are applied and deployed in real networks. The security problems of security linkage mechanism have become increasingly important. As a key of security coordination defense, security linkage mechanism has become the main target of some criminals. Therefore, this paper studies the security linkage behavior analysis and detection technology based on the characteristics of security linkage technology in order to master the operational state of security linkage behavior, detect abnormal behavior and ensure the normal operation of the security linkage mechanism.At present, the common application layer behavior analysis and detection technologies are difficult to finely analyze and detect security linkage behavior, because they do not combine the characteristics of security linkage behavior and lack accurate understanding and description of security linkage behavior. To achieve the analysis and detection of security linkage behavior, this paper has done deep research on the technology of security linkage protocol identification, security linkage behavior identification and security linkage behavior anomaly detection. The main work is as follows:1. In order to achieve the identification of security linkage protocol, according to the characteristics of security linkage protocol, this paper proposes a security linkage protocol identification method based on signature description and improved decision tree. In order to secure the extraction and storage of security linkage protocol feature more standardized, protocol signature are unified and described based on header fields and payload features, and the signature database of security linkage protocol is built. To improve the efficiency of identification, this paper studies the security linkage protocol identification based on improved decision tree algorithm and hierarchical tree search algorithm. Experiments show that this method has high accuracy and efficiency.2. Aim at fine identification of security linkage behaviors, this paper presents a method of pattern build and identification security linkage behavior based on message sequence chart. To intuitively and simply describe the interactive process of security linkage behavior, based on message sequence chart, design protocol message sequence mining algorithms and construct a protocol message sequence chart to show the patterns of security linkage behavior. To achieve the identification of security linkage behavior, use message similarity measure function to contrast protocol messages and design the protocol message sequence matching algorithms. Experiments show that the built patterns of secure linkage behavior are intuitive and accurate and the method has higher accuracy.3. In order to detect abnormal security linkage behavior, this paper proposes a rule-based method of security linkage behavior anomaly detection. With analysis and consideration from unusual angles, to detect the security linkage behavior abnormal situations t hat exist in protocol interactive process, the anomaly detection methods based on protocol interaction models and interactive behavior statistical characteristics are used. According to deviation of abnormal situations and normal behavior, the abnormal detection rules are defined, and the normal behavior features are extracted as a judgment basis for anomaly detection rule. With the use of rule matching algorithm to measure the deviation from normal behavior, the abnormal security linkage behavior can be detected. Experiments show that the method has a lower rate of false negatives and false positives.