中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 中科院软件所  > 中科院软件所
题名:
面向网络环境的信息安全对抗理论及关键技术研究
作者: 蒋建春
答辩日期: 2004
专业: 计算机应用技术
授予单位: 中国科学院软件研究所
授予地点: 中国科学院软件研究所
学位: 博士
关键词: 信息安全对抗 ; 网络敌手模型 ; 对抗休系 ; 网络入侵检测 ; 攻击上下文 ; 网络脆弱性分析 ; 网络攻击阻断 ; 网络攻击诱骗
其他题名: Researches on Theories and Key Technologies of Information Security Operation in Network Environment
摘要: 网络环境下的信息安全对抗研究不仅具有一定广度,而且具有深度。而对日益复杂网络环境威胁,本文就网络敌手模型、对抗体系、攻击检测、攻击阻断、攻击欺骗以及脆弱性分析等信息安全对抗理论和关键技术进行研究。其目的在于探索新型的信息安全保障方法,以掌握信息安全对抗主动权。本文主要取得七个方面研究成果:1)提出了一个网络敌手模型,该模型由三个子模型组成,即网络敌手心智子模型、网络敌手攻击决策子模型、网络敌手攻击行为子模型。该模型克服已有模型的不足,模型的能力也更强,能够描述网络敌手的心智特征、攻击决策、攻击行为变迁过程。2)提出面向网络敌手心智、决策和行为的多主体协同对抗体系。该对抗体系由目标体系、策略体系、组织体系、功能体系组成,其体系基本元素为对抗智能主体。形式化描述和分析了协同对抗体系中各部分之间关系,给出了对抗体系抽象层次模型。同时,研究了对抗主体协作前提、协作模式和协作过程。与已有的防御体系相比较,该对抗体系避免了孤立、单维、被动、无智能的防御方法,而是利用多主体技术,形成一个对抗网络敌手多维空间的协同防范体系。它具有智能性、主动性、可演变特征。3)给出了一个基于攻击上下文的入侵检测模型及算法,该模型及算法根据·网络攻击在各阶段的特点及相互依赖关系,充分利用攻击环境、攻击效果等上下文(Context)信息来发现网络敌手的入侵行为。基于攻击上下文检测方法主要优点不是依赖于网络敌手攻击工具和攻击方法特征库,而是通过攻击对网络环境或目标所产生影响来识别入侵行为,从而提高入侵判定的准确性。4)研究分析高性能计算与网络入侵检测相关背景,提出了一个基于并行计算网络入侵检测系统(简称PNIDS),并给出相应的高性能算法。PNIDs的实验原型系统表明,PNIDS能利用机群计算优点,提高NIDS高性能计算能力,降低漏警率。5)设计一个基于主体网络脆弱性分析系统ANvAS,并研究分析ANVAS中的关键技术,提出了基于MPI的脆弱信息快速采集算法和基于关系模型的脆弱性关联分析方法。6)提出了一个基于机群J络入侵阻断系统(cluster-Based Intrusion Prevention System),简称CBIPS。CBIPS实验原型系统表明,CBAPS利用多台计算机并行工作,提高网络攻击阻断性能。7)提出网络攻击诱骗技术参考模型和基于程序算法攻击诱骗对抗方法,侧重研究网络扫描诱骗技术,实现对抗WEB攻击扫描的诱骗软件系统原型,并给出相关实验数据。
英文摘要: The study of information security operation under network environment is not only comprehensive but also profound. In the face of the increasingly complicated threat of network environment, this paper focuses on the study of theories and key technologies of information security operation about network adversary, operation architecture, attack detection, attack prevention, attack deception and vulnerability analysis.The purpose of the researches is to explore new methods for information security assurance so that we can have the initiative on information security. Seven main achievements in this paper are as follows: Firstly, one network adversary model is proposed, which is composed of three sub-models: network adversary mental sub-model, network adversary attack decision-making sub-model and network adversary attack behavior sub-model. Having avoided the weakness of those previous models, the model has strong capability of describing the characteristics of network adversary mental, the decisions of network adversary attack and the changes of network adversary behavior. Secondly, a multi-agent-based coordinated operation architecture is proposed, which meets the needs of mentality, decision and behavior of network adversary. The operation architecture, the basic element of which is operation intelligence agent, is composed of target architecture, policy architecture, structure architecture and function architecture. The relations between every part of coordinated operation architecture are formally described and analyzed, thus abstract level model of operation architecture presented. At the same time, cooperation conditions, cooperation model and cooperation process of operation agents are studied. Compared with current defense architecture, By making use of multi-agent technologies and avoiding isolated, single-dimension, passive and no-intelligence defense method, the operation architecture form one coordinated defense architecture, which is capable of resisting multi-dimension space of network adversary and which is intelligent, active and evolutional. Thirdly, one attack context-based intrusion detection model and algorithm is suggested. With full use of context information of attack environment and attack effect, the model and algorithm detect intrusion behavior of network adversary in reference to the features of every network attack phrase and their dependency upon each other. The accuracy of intrusion detection is improved, because it is not by attack tools and methods of network adversary, but by the attack effect upon network environment or targets that the context-based detection method finds intrusion behaviors. Fourthly, based on the researches and analysis of the background for high performance computing and network intrusion detection, then a parallel computing-based network intrusion detection system (briefly PNIDS) is proposed, and some corresponding high performance algorithms are designed. The prototype of the PNIDS shows that the PNIDS can make use of advantages of cluster computing to improve the capability of high performance computing of the NIDS and to decrease false alarm rate. Fifthly, one agent-based network vulnerability analysis system (briefly named ANVAS) is designed, and some key technologies of the ANVAS are studied and analyzed. The MPI-based algorithm for vulnerability information quick collection and relation model-based method for vulnerability analysis are proposed. Sixthly, one cluster-Based intrusion prevention system (briefly named CBIPS) is presented. The experimentation prototype of the CBIPS shows that it can improve the performance of network attack prevention by using multi-computer for parallel process. Seventhly, technology reference model for network attack deception and program algorithms-based attack deception method are suggested; the deception technologies for network scanning is studied; the deception software system prototype of anti-webscanner is implemented; the experimentation data shows that it has good effect.
语种: 中文
内容类型: 学位论文
URI标识: http://ir.iscas.ac.cn/handle/311060/7248
Appears in Collections:中科院软件所

Files in This Item:
File Name/ File Size Content Type Version Access License
LW013933.pdf(2099KB)----限制开放-- 联系获取全文

Recommended Citation:
蒋建春. 面向网络环境的信息安全对抗理论及关键技术研究[D]. 中国科学院软件研究所. 中国科学院软件研究所. 2004-01-01.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[蒋建春]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[蒋建春]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace