Research And Implementation Of Task-oriented Network System Endogenous Security Model

Focusing on the upcoming 5G huge traffic era and increasingly complex network system architecture,the existing active security defense technology has many problems in practical applications,such as being limited by the traditional network architecture,lack of information linkage between network devices,and lack of support for the actual application environment,etc.The SDN network architecture is a breakthrough to the traditional network architecture,but there are still problems in practical applications such as the lack of data packet authentication mechanisms,the lack of data integrity protection mechanisms,and the mismatch of control granularity and control requirements.Therefore,the core of the future network system security is to break through the "shell" defense bottleneck from the root,fundamentally solve the contradiction between network system availability and security,and build a new endogenous security network architecture that combines system function and security.This thesis actively explores the theory of network endogenous security,and has obtained preliminary results.Based on the network architecture idea of the separation of human neural control mechanism and SDN numerical control,this thesis proposes a task-oriented endogenous security network system model architecture.Next,analogous to reflection activities,this thesis defines network tasks and single-step effective execution actions.Then,according to the process of network information exchange,the thesis designs the fine-grained division standard of actions,and proposes the algorithm rules for the abnormal detection and judgment of network task execution.Finally,a task-oriented endogenous security network system is built in a small local area network,and an antiattack simulation experiment test is carried out on the FTP file transfer system experimental platform,to verify the effectiveness of the network model and the task anomaly detection algorithm.The main work done in this thesis is as follows:(1)This thesis proposes a task-oriented network endogenous security system model architecture based on the human neural control mechanism and the network architecture idea of the separation of SDN numerical control.The network model is divided into three parts: the data forwarding layer,the application and control layer,and the terminal.Among them,the data forwarding layer includes data forwarding equipment and a security label transponder to implement fine sampling of network data packets and improve the programming scalability of the data forwarding layer.The application and control layer is responsible for summarizing terminal information,formulating data forwarding strategies,and issuing forwarding rules for data packets.(2)Aiming at the bottleneck problem of network "shell" security defense caused by the separation of system function and system security design,this thesis deploys a large number of security neurons in each terminal device of the network system.When the network task is executed,the action identification sequence and equipment safety information parameters are collected,to integrate system safety parameters and system function parameters.In view of the existing network task action division standards are different,this thesis analogous to reflection activities,defines network tasks and defines single-step effective execution actions.Then,according to the process of network information exchange,the thesis designs the fine-grained division standard of actions.(3)Aiming at the problem of lack of data packet authentication and data integrity protection mechanism in practical applications,this thesis proposes an abnormal behavior detection algorithm based on valid action identification.The algorithm includes two security authentication mechanisms,one is the data packet authentication based on matching the communication random byte string and the Hash digest value of the action identification sequence,and the other is the action identification sequence matching based on the finite state machine.It realizes effective identity authentication and abnormal task action identification detection for network data packets.(4)This thesis designs and implements a task-oriented network endogenous security system model.The experiment includes hardware connection,device configuration,the use of Python programming to realize the basic functions and safety neurons of each terminal device,and the deployment of an FTP file transfer system experimental platform in a small local area network.Through several anti-attack simulation experiments such as backdoor attacks and DDOS/DOS attacks,the results prove that the endogenous security model and abnormal behavior detection algorithm technology proposed in this thesis can effectively realize the active security defense of the network system and intercept malicious network packets.