Construction And Dynamic Update Of SCAP-based Host Security Baseline Repository

In today's era of rapid development of the Internet,various information security problems have become more and more serious.All walks of life are gradually beginning to strengthen the security protection of information.At the same time,constructing a reasonable security baseline has become an indispensable and effective means.Basically,it can be said that any security inspection is carried out around different security baselines.Passing the self-screening first,and then submitting it to the relevant departments for a unified sampling inspection,can effectively reduce the industry's own risks or existing security vulnerabilities to a certain extent.In the network confrontation environment,the problem of host security threats becomes more severe.For example,the threat of the host is dynamic and changeable,and the current data type classification is too rough.Therefore,it is necessary to improve the survival guarantee ability of the host.And host security is the cornerstone of system security protection,so more attention must be paid to its security protection.The existing methods cannot effectively solve the above problems,so it is necessary to study how to dynamically update the security baseline to protect the host in real-time.This thesis takes the open SCAP and security baselines,the open-source framework of the SCAP protocol,as the research objects,and focuses on the construction and dynamic update of the security baseline knowledge base.The main research contents of this thesis are:(1)A security baseline knowledge base model is designed.With business security as the goal,information security level protection,risk assessment and other relevant standards as the basis,with NVD,NCP,FDCC,USGCB,CNNVD,etc.as references,to build a reasonable security baseline knowledge base.Provide data support and strategic support for the automatic review of subsequent security baselines.The security baseline knowledge base is the foundation of the dynamic security baseline knowledge base.It includes three parts: safety baseline-related data sheets,procedures and documents for managing safety baselines.(2)Designed an updated engine model.It includes three parts: information processing module,intrusion frequency module and update module.First,the host security perception subsystem monitors the host's security events and other information.When abnormal information occurs,it is processed as an alarm event and sent to the update engine.After the information processing module in the update engine receives and parses,valid fields are extracted.The intrusion frequency module classifies the information according to the type and performs statistics according to the time period.The result that exceeds the threshold is sent to the update module for update determination,determines whether the security baseline needs to be adjusted,and then saves the adjusted security baseline in the security baseline knowledge base.So as to realize the dynamic update of the safety baseline knowledge base.In short,this thesis implements the construction and dynamic update of the host security baseline knowledge base based on SCAP.The dynamic security baseline knowledge base comprehensively considers the current security protection level,system status,security configuration,system vulnerabilities and other factors of the protected object,carries out a reasonable construction design,and dynamically adjusts the security baseline by increasing the intrusion frequency module,this enables the system to rebalance between the risk it bears and the cost of security protection,and ensures the safe,stable and efficient operation of the host system.