Design Of Monitoring Terminal For Mimic Defense System

With the increasingly severe security problems of the Internet,network defense theory and related technologies have developed.Mimic defense is one of them.Different from traditional network defense technology,mimic defense technology,as an active defense technology,can defend against unknown vulnerabilities and backdoors in the network.The basic principle of the mimic defense theory is the dynamic heterogeneous redundant architecture,the core of which is multiple internal heterogeneous executives and heterogeneous construction sets.With the maturity of the theory of mimic defense,various mimic defense systems have been developed and used.Mimic defense system usually has multiple executives,which may suffer from attacks during execution.Traditional terminal tools can only target one executive and have only one interactive interface,which is difficult to meet the needs of unified input and separate monitoring of mimic defense system.Therefore,a monitoring terminal for the mimic defense system is designed and implemented in this thesis.The main work done in this thesis is as follows:1.Aiming at the monitoring connection problem of multiple executives in the mimic defense system,a monitoring terminal application for the mimic defense system is designed and implemented.The terminal application uses the Electron framework and web front-end technologies to build a cross-platform application client.It is oriented to the mimic defense system,and uses the SSH protocol to establish connections and data interactions with each executive in the system.The application back-end service adopts the Express framework to realize functions such as connection maintenance and management,and data interaction.The terminal user interface is constructed using web technology and implemented based on web mode,and therefore the terminal has a novel interface.The terminal application adapts to the requirements of the multi-executive body of the mimic defense system,supports the simultaneous display of multiple connection windows,and also supports the user inputting a command to send it to multiple connected executive bodies.The connection windows can be adaptively laid out according to the number of connection execution bodies,and adaptively scaled according to the screen size and page size.In addition,the terminal application is equipped with adaptive attack detection and analysis to monitor the status of each executive body of the mimic defense system.Through analysis and design,the basic functions of the monitoring terminal adapted to the multiple executives of the mimic defense system are finally realized.2.Aiming at the attack detection model of adaptive attack analysis of the execution of the mimic defense system in the monitoring terminal,an intrusion detection method of mimic execution based on improved TF-IDF and Light GBM is proposed.In this thesis,the improved TF-IDF method is used to extract the features of the logs in the mimic web server,and the Light GBM classifier is used to classify and discriminate after the feature dimension reduction,so as to realize the intrusion detection model of the monitoring terminal to the executive bodies.Several sets of comparative experiments are deigned and conducted in this thesis.The experiments show that the attack detection model based on the improved TF-IDF method for Web log analysis has better detection performance than other models.3.Aiming at the adaptive attack analysis function of the execution of the mimic defense system for the monitoring terminal,the attack detection function module of the monitoring terminal was designed to design the monitoring terminal on the basis of the attack detection model.In this thesis,the log collection and storage of the attack detection function module is realized,and the model is deployed to eventually realize the attack detection analysis of the monitoring terminal application.The monitoring terminal application supports the real-time display of the running status of the monitored executive and the analysis results of all requests in the form of graphs.