Research And Implementation On The Key Technology Of Reconfiguration For Security Functions Of Space-ground Integration Network

In the process of the construction of space-ground integration network,the integration of space network and terrestrial network makes whole the network environment more complex,so we developed security management system and security gateways in order to ensure network security.For the linkage of security management system and security gateways and adjusting the security functions in the gateway,the scheme of reconfiguration for network security functions was proposed,and two key technologies are studied.The main contents were as follows:1.Based on the interconnection security control demands for multi-domain and multi-zone of the integration network,the paper proposed a network security function reconfiguration framework of multi-layer linkage.The technology research and implementation at the security gateway includes:dynamic adjustment and update of internal data of security functions and dynamic combination of security applications.For the demand of dynamically combining security applications,shared memory communication was applied,and it was tested by experiments that the shared memory communication could meet the performance requirements of security gate ways.2.For making decision about how to deal with multi-step penetration attacks inside the security domain,the privilege transition graph was proposed based on the MIT Lincoln Lab attack classification method.The algorithm combined with forward breadth search and depth backtracking for a set of attack paths was given.And risk index quantification method for attack paths was presented.Then,the risk indexes of attack paths could guide the reconfiguration of network security functions.3.In order to block network attacks real-timely,the reconfiguration of firewall rules were studied and implemented based on Netfilter/Iptables Firwall.The whole process of reconfiguring firewall rules was as follows:detecting the attack,extracting the correlation values of attack data packets,generating the firewall rule and configuring it under the guidance of a defense policy,and then optimizing the set of rules.The effectiveness of firewall rule reconfiguration in blocking attacks real-timely was verified by experiments.