Security Processing Container And Analysis Of System Security

With the increasing complexity and importance of the Internet,more and more attention has been paid to network security.Security enhancement such as firewalls and anti-virus software are becoming more and more abundant.But those are not enough to deal with the challenges faced by today's network.To fundamentally improve the network security performance,there are two main difficulties: one is the system security analysis method,and the other is to propose flexible and robust security reinforcement methods.Based on the quantitative analysis of security system,this thesis proposes three security reinforcement methods and corresponding key node selection algorithms,which actually forms a complete network security promotion model.It also evaluates the performance of the proposed network security enhancement model through theoretical research and simulation of different network topologies,as well as later verification.The main innovations and contributions of this thesis are as follows:(1)In the aspect of system security analysis,based on the similarities between bayesian network and attribute attack graph,an Improved Heuristic Probability Metric(IHPM)algorithm is proposed for Bayes-Based Attack Graph(BAG).At the same time,considering the shortcomings of static Bayesian Network in timeliness and accuracy,Dynamic Bayesian Network is proposed.With the above work,in fact,a complete quantitative analysis method and model of system security is tentatively built.(2)On the basis of system security analysis,three kinds of security reinforcement methods are proposed based on the idea of Container and Mimic Defense.Firstly,it's about security reinforcement based on Security Processing Container(SPC).Then,based on Mimic Defense,another two are Rotation-Based Mimic Defense(RMD)and Dynamic Heterogenous Redundancy-Based Mimic Defense(DHRMD)security reinforcement.(3)For analysis,this thesis embeds security reinforcement module into the BAG.How to integrate DHRMD module with Markovian Property into the BAG is one of the most important issue.Then,based on analysis,it puts forward corresponding key node selection algorithms according to characteristics of security reinforcement methods.(4)Essentially,the goal of this thesis is to try to build a complete network security enhancement method.Firstly,for a given network topology,attack graph is generated according to vulnerability scanning and other characteristics and IHPM algorithm is proposed for security quantitative analysis.Then,different security reinforcement technologies and their key node selection algorithms are designed to match different network topologies.Finally,the best security reinforcement method is selected,and after verification,the network with improved security performance is obtained.After theoretical research,experimental simulation and subsequent verification,it is reasonable to conclude that in the network security enhancement model,not only are system security analysis model,security reinforcement method and key node selection algorithms useful and performance-excellent,but also this model has value for practical applying.