网络安全论文

更新时间:2023-06-16 22:44:00 阅读: 评论:0

Rearch on Defen in-depth Model of Information Network Confrontation
Shengjian Liu1, Ping Zhang2, Huyuan Sun3
Department of Teaching and Rearch
PLA Border Defen Academy
Xi'an, 710108, P.R. China
1, 2, 3
Abstract—According to the specific demand of the construction of the information network confrontation defen system, this paper propos a new network defen in-depth model of APR-WPDRRC bad on clod-loop control mechanism. Since the model integrates variety of network defen in-depth new technology, it can achieve cooperation linkage and clod-loop control of q uick pre-warning, active protection, dynamic detection, real-time respon, disaster recovery and precision counterattack. The model has a good network defen agility of adaptability, intrusion tolerance attack and strong survivability especially when it suffers in large-scale, distributed, instantaneous changing network attacks.
Keywords-network confrontation; defen in-depth; defen model˗clod-loop control
I.I NTRODUCTION
Network confrontation is the main style of information confrontation. In the face of large-scale, distributed, instantaneous changing network attacks, the mainstream model of network defen has been a great challenge in recent years. Especially for network system, constructing a network defen model of initiative, strain, resistant to attack, strong survivability of information network confrontation system is facing a new task.
The means of  network curity defen has evolved from the initial passive defen, such as hardware firewall (HFW) to the later the active defen, such as intrusion detection system (IDS), and to the current more intelligent defen, such as intrusion prevention system (IPS), cloud firewall (CF W) etc.. The defen means adopt the combination mode of curity products and technology, namely deploying all kinds of curity products in the isolated network key points. The means can easily discover and effectively block known network attacks in a small scale, but in the event of a mass network attacks, becau of the lack of a unified curity defen, they will not respond to unknown new network attacks, which not only increas the safety product installation co
st, but also increas the difficulty of later period management. F acing a variety of unknown network attack and massive threat, the traditional curity defen model bad on fill-in-the-blanks and patch type has been challenged. Then, a multilayer defen in-depth technology thought emerges as the times require. It is also becoming the curity defen core strategy of network confrontation.
II.D EFENSE IN-DEPTH S TRATEGY OF I NFORMATION
N ETWORK C ONFRONTATION
Military confrontation history tells us that we can never rely on a single defen line. In fact, the scheme of a network curity strategy is to assume that each network system component includes unknown vulnerability which is ud by the attacker. Any network defen techniques can not be absolutely safe. People always cannot rely only on a single technical means to fight against network attackers. In order to u a balance strategy between reducing the risk and supporting for curity, a multi-layer defen in-depth strategy is propod, namely it can t more barrier layers to the network attacker in the network confrontation system. Indeed, when an attacker tries to break into the network system, he can be blocked by more cure defen layers, and each defen layer can realize the complementary function. When a defen layer is broken, other defen layers can protect network curity. So each defen layer can reduce the probability of being attacked.
Becau of the network with the nsitive information, the establishment of multi-layer defen in-depth strategy of information network is particularly important. The implementation mechanism of multi-layer defen strategy is not only to consider the full protection from the breadth of network architecture, operating systems, application systems, databa systems, but also pay greater attention to the integration of network intrusion tolerance technology, and
2012 Fourth International Conference on Computational and Information Sciences
strengthen active defen from the depth level of a desktop PC, the network boundary, the internal n
etwork and even the core rver. It can not only increa the attack difficulty of network invaders, but also improve constantly defen strategy in the network confrontation process of attack and defen; even if a certain layer of protective mechanism is damaged, it can also quickly take advantage of deep configuration of curity products so as to achieve the all-round defen with the greatest extent possible. Constructing a multilayer information network defen in-depth system strategy must be carefully designed from three aspects of active protection, real-time detection and intrusion tolerance attack, as shown in Fig. 1.
A.Active Protection
Since the information network system becomes more and more complex, the network attack means also keep pace with the times and update styles. Therefore, network curity products are usually impossible to find all the network vulnerability and external attacks. Even if a safe product is designed with a comprehensive curity defen function and rvice in the launch, but with the passage of time and the development of attack technology, there are always unknown, new attacks which are not repuld and penetrate the protective layer.
B.Real time detection
Even if multilayer defen also does not exclude the possibility of being successfully overcome, a variety of technical means of real-time detection must be ud to deal with tho attacks which have not been successfully repuld. However, the current network intrusion detection product can usually detect tho attacks previously known and has a very high lack of detection, fal alarm and other technical defects accompanied by regular detection. Undoubtedly, a network defen system may face a new network attack which is always unpredictable to a detection system.
C.Intrusion tolerance attacks
Intrusion tolerance technology can integrate the immune theory, threshold cryptography, data recovery and other related technical theory as a whole; It can adopt the trusted computing, trusted network, fault-tolerant protocol and other components ,and u the data redundancy, recovery strategy and intrusion tolerance shielding technology, and integrate design of all defen subsystems. The subjective judgments are completely abandoned when it depends on IDS to detect all attacks successfully. It makes network system maximize the tolerance of various intrusion attacks, lf-healing and strong survival ability. Even if network subject to strong attacks, it can still maintain the normal operation of the network, and provide continuously network rvice and achieve final safety operation of network system.
III.M ULTILAYER L INEAR D EFENSE-IN-DEPTH M ODEL OF
I NFORMATION N ETWORK C ONFRONTATION
凑热闹的意思Currently, the traditional construction mode of network curity environment basically belongs to the combination of typical curity equipment and technology. Bad on the defen-in-depth technical strategy, information network curity system in turn can be divided into a number of different curity domains, such as cret layer, core layer, curity layer, basic curity layer, trusted curity layer, Non-curity layer and dangerous layer etc..
innocence of muslims
According to the different targets of defen levels, we can analyze the information categories of each curity domain, evaluate their possible attack level, configure corresponding curity defen mechanism, adopt the corresponding technology means of curity defen, and build a defen-in-depth linear structure of information network, as shown in F ig. 2. It can achieve line speed analysis, full domain analysis monitoring, access verification, abnormal behavior monitoring, and blocking illegal intrusion on network node 1~7 layer protocol in implementation and rvice condition.
rom the defenders’ point of view, the defensive capability of network system gradually promotes along with the layer increa from inside to outside. From the attackers’ point of view, the Attack cap
ability of network system gradually reduces along with the layer increa from outside to inside. Thus, a multilayer linear defen model is formed.
F acing a growing number of network attack sources, it not only recognizes the existence of curity risk, but also expects the ideal result that it decreas as much as possible the attacked opportunities through defen layer, so that the
probability of crossing the last layer is almost zero.
在线查词In fact, in order to form the different levels of curity defen solutions, we can choo different curity products in the practical application of multilayer defen technology. In the information network defen in-depth architecture, we usually adopt the combination of hardware curity products to build a  first layer of curity defen, such as HF W, CF W, antivirus gateway, VPN, multicore-bad F PGA and UTM (Unified Threat Management: integrate HF W, IDS, IPS and anti-virus gateway function) platform; Using of curity authentication rvice mechanism bad on BPDU Guard, PVLAN and MPLS can t up  a cond layer of curity defen; Using of safe access control method bad on ACL, Honeynet and IPSec can deploy a third layer of curity defen; thereafter, Using of isolation technology bad on state detection, correlation identification bad on flow analysis, behavior identification bad on the content analysis, threat recognition bad on expert system and application identification bad on behavior model and so on, we can in turn build a four-layer of curity defen, a five-layer of curity defen and multi-layer of curity defen with  the technology development.
Indeed, the architecture can integrate the key defen technology of active protection, real-time detection and intrusion tolerance attack so as to achieve a multilayer linear curity defen-in-depth
hidemodel of information network confrontation: F irstly, it can not only provide a strong protection means, but also prevent illegal intrusion and malware attacks for information network; Secondly, in failing to effectively guard against attacks, it can provide dynamic detection means so as to realize the real-time respon to the intrusion attacks; inally, when the information network suffers from various new attack threat, it can achieve recognition, monitor, real-time tracking and covert deception of the intrusion behavior, so as to ensure normal safe running of the information network system.
IV.N ETWORK D EFENSE IN-DEPTH M ODEL B ASED ON
black tea
C LOSED-LOOP C ONTROL
In recent years, along with the development of network curity technology, the network curity fields has propod a variety of network defen models successively, particularly in the P-PDR model for mainstreaming reprentatives. The realization of P-PDR implementation process is actually in the curity Policy (P) guidance to achieve Protection (P), Detection (D) and Respon (R) three means of a linear hierarchy defen.
normallyAlthough the model can accomplish dynamic defen through DR means, it can neither give any earl
y warning before attacks, nor achieve real-time alarm in attack, and nor quickly recovery system after attack so as to form rapid counterattack ability using a valid network counterattack plan. Therefore, although P-PDR model has a defen level, it lacks strong counterattack ability in the face of the large-scale, distributed and instantaneous changes network attack. Neither can it defen the new network curity threats, nor particularly can effectively enhance network system immunity.
In view of existing defects of network defen model, according to the construction needs of information network confrontation, using the defen in-depth technology strategy bad on multilayer linear, we propo an APR-WPDRRC model of information network defen bad on clod-loop control, as shown in Fig. 3.
It mainly includes three important aspects (APR): risk Analysis (A)ˈcurity Policy (P) and technical equipment Resources (R). Network curity risk analysis (A) is the primary link. In order to provide the determine basis for the safety strategy, it advocates to expect network system curity risk through risk analysis, risk asssment and risk control mechanism. The safety defen Policy (P) can guide defen means to carry out effectively; it plays a guiding role in the network curity defen system, but also it is the core of entire curity defen model. Technology equipment resources (R) include strength, equipment and technology of network defen resources. The main f
orce of network defen is from the new network confrontation equipment and network confrontation soldiers who can grasp the network technology.
beer是什么意思The WPDRRC mainly includes six new techniques: W (intrusion pre-Warning), P (safety Protection), D (dynamic Detection), R (real-time Respon), R (disaster Recovery) and C (quick Counterattack). It integrates linear defen-in-depth technology of PDR, adds warning in the PDR before, and increas the RC after, so that defen system has strong quence, controllability and collaboration.
The WPDRRC highlights three aspects: WP can be applied before the attack occurs; DR can be applied while the attack occurs and RC can be applied after the attack occurs.  It emphasizes strengthening curity at the same time, pays more attention to forming fast reaction capability of network system which is attacked; it emphasizes improving the disaster recovery capability of network system at the same time, pays more attention to outstand counterattack ability of network system which is captured; it emphasizes the feedback mechanism bad on clod-loop control at the same time, pays more attention to lift of the dynamic defen ability. Therefore, using WPDRRC quentially six
Figure 3. APR-WPDRRC model bad on clod-loop control
techniques method bad on clod loop control mechanism, a defen-in-depth model of information network confrontation is established. It realizes the active defen using WPD and consolidation defen using RRC. Comprehensive application of six technical means can be described as follows:
Intrusion pre-warning (W) can quick react according to the system curity strategy, such as alarm, t
racking, blocked and isolation through the establishment of an effective early warning mechanisms when the network violation mode and unauthorized access attempt takes place. At prent, a variety of intrusion warning system bad on process reasoning, proxy firewall, joint of IDS and FW have been ud. When network attacks occur, the IDS can give us more effective intrusion pre-warning.
Security protection (P), dynamic detection (D) and real-time respon (R) integrate linear hierarchy defen technology into defen-in-depth model. It can do all the preparations for the emergency respon plan so as to adjust to a safe state when the network system has detects an intrusion attacks.
Disaster recovery (R) is to enhance quickly the survivability of network system when it is attacked, which can u various techniques, such as disaster asssment, curity recovery, patching loopholes and reconstruction system and so on.
Quick counterattack (C) is using a variety of techniques of network wing plane, alarms, evidence collection, attack source tracing and attack deception and so on, so as to quickly organize force, fast track and pinpoint the source of attacks.
In APR-WPDRRC model, the external layer is linked to concentric hexagons connected in turn to six
technical means of WPDRRC, and the inner layer is linked to hexagonal core which is made up of APR. Among them, risk analysis (A) is the basis; curity policy (P) is the core; technology resource(R) is the guarantee. APR is clo cooperation and WPDRRC is the organic linkage so as to enable the desired curity policy into safety reality.
车挂V.C ONCLUSION
The simulation test of information network confrontation proves that APR-WPDRRC defen-in-depth model bad on clod-loop control has good adaptability, flexibility and strong survivability in the confrontation of large-scale, distributed, instantaneous changing network attack, which can not only effectively defen a variety of known network attack, but also can take the initiative to defen new unknown intrusion attack, which has theoretical and practical significance for the establishment of a comprehensive information network system. F rom the whole perspective, further rearch needs to constantly improve integral function and integrate many new technologies into the model, such as network deception technology bad on Honey-net, dynamic detection technology bad on immune and collaborative linkage technology bad on grid and so on. In order to establish a multi-level defen-in-depth information network system, we must work to track network warfare technology and establish a multi-level, multi-means curity system which can achieve the strong ab
ility, such as combination of peacetime and wartime, integration technology and management into a whole and full function and so on. With the high spread of the cloud curity, new defen-in-depth model of information network system bad on cloud computing is definitely the future development trend and become gradually mainstream technology.
R EFERENCES
[1]Yu Lo. “Nooperative network confrontation”. Beijing National
Defen University Press,China, Aug. 2003 (In Chine).
[2]Junmou Xiao. “Network information curity and confrontation”.
Peking: PLA press㧘china, jun. 2001 (In Chine).
[3]Yadong Chen. “Network attack and defen". Peking:National
Defen University Press,china, March 2007.
[4]Shengjian Liu. “Network confrontation technology”. Changsha :
National Defen University of science and technology publishing
hou, December 2008 (In Chine).
[5]Shengjian Liu. “A Study on Mechanisms of Policy –bad Grid
Authorization”. IEEE press, Vol(2):442~445. DOI:10.1109/MINES
laptop是什么意思
2009.59, May 2009.
[6]Li Fan. “Discussion on construction of safety defenand architecture
of military information system”. computer curity,china,2009(2).
[7]Shengjian Liu. “A Study on Military networks Defen in-depth
Model Bad on Clod-loop Control”. Computer science,china,October 2011 (In Chine).
[8]Wang Qinquan. “Rearch on network attack and detection methods”.
IEEE Press, pp.630~633. DOI 10.1109/ETCS.2010.196, June 2010. [9]Weili Huang,Jian Yang. “New Network Security Bad On Cloud
Computing”.  IEEE Press, pp.604~609. DOI 10.1109/ETCS.2010.196,
中秋节快乐英文怎么说
June 2010.

本文发布于:2023-06-16 22:44:00,感谢您对本站的认可!

本文链接:https://www.wtabcd.cn/fanwen/fan/90/147477.html

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系,我们将在24小时内删除。

标签:
相关文章
留言与评论(共有 0 条评论)
   
验证码:
Copyright ©2019-2022 Comsenz Inc.Powered by © 专利检索| 网站地图