An Approach for Description of Computer Network Defense Scheme and Its Simulation Verification
作者: Zhao Wei , Chunhe Xia , Yang Luo , Xiaochen Liu , Weikang Wu
关键词:
摘要: In order to solve the problem of which existing defense policy description languages can only describe some aspects defense, such as protection or detection, but cannot express relationship among actions and cope with large-scale network attack, we proposed an approach for computer scheme its simulation verification. A defense-oriented language (CNDSDL) was designed (i.e., access control, encryption communication, backup), detection intrusion vulnerability detection), analysis log auditing), response system rebooting, shutdown), recovery rebuild, patch making), sequence-and, sequence-or, concurrent-and, concurrent-or, xor). The Extend Backus-Naur Form (EBNF) CNDSDL provided. At last, provided implementation mechanism CNDSDL. task deadlock algorithm given scheme. completed in platform GTNetS. Three experiments verified capability effectiveness results show that described by be transformed detailed technique rules realize effect expression.
jcomputers.us
sci-hub.st 参考文章(14)
Qun Ni, Elisa Bertino, xfACL Proceedings of the 16th ACM symposium on Access control models and technologies - SACMAT '11. pp. 61- 72 ,(2011) , 10.1145/1998441.1998451
Babak Khosravifar, Maziar Gomrokchi, Jamal Bentahar, A Multi-agent-based Approach to Improve Intrusion Detection Systems False Alarm Ratio by Using Honeypot advanced information networking and applications. pp. 97- 102 ,(2009) , 10.1109/WAINA.2009.103
Namkyun Baik, Sungsoo Ahn, Namhi Kang, Effective DDoS attack defense scheme using web service performance measurement international conference on ubiquitous and future networks. pp. 428- 433 ,(2012) , 10.1109/ICUFN.2012.6261743
Matteo Dell'Amico, Gabriel Serme, Muhammad Sabir Idrees, Anderson Santana de Oliveira, Yves Roudier, HiPoLDS: A Hierarchical Security Policy Language for Distributed Systems Information Security Technical Report. ,vol. 17, pp. 81- 92 ,(2013) , 10.1016/J.ISTR.2012.10.002
Babak Khosravifar, Jamal Bentahar, An Experience Improving Intrusion Detection Systems False Alarm Ratio by Using Honeypot advanced information networking and applications. pp. 997- 1004 ,(2008) , 10.1109/AINA.2008.44
Senda Hammouda, Lilia Maalej, Zouheir Trabelsi, None, Towards Optimized TCP/IP Covert Channels Detection, IDS and Firewall Integration new technologies, mobility and security. pp. 1- 5 ,(2008) , 10.1109/NTMS.2008.ECP.101
Bin Zhang, Ehab Al-Shaer, Radha Jagadeesan, James Riely, Corin Pitcher, Specifications of a high-level conflict-free firewall policy language for multi-domain networks symposium on access control models and technologies. pp. 185- 194 ,(2007) , 10.1145/1266840.1266871
Kevin Twidle, Naranker Dulay, Emil Lupu, Morris Sloman, Ponder2: A Policy System for Autonomous Pervasive Environments international conference on autonomic and autonomous systems. pp. 330- 335 ,(2009) , 10.1109/ICAS.2009.42
Nicodemos Damianou, Naranker Dulay, Emil Lupu, Morris Sloman, The Ponder Policy Specification Language policies for distributed systems and networks. pp. 18- 38 ,(2001) , 10.1007/3-540-44569-2_2
Xiao-xiang LUO, Mei-na SONG, Jun-de SONG, Research on service-oriented policy-driven IAAS management The Journal of China Universities of Posts and Telecommunications. ,vol. 18, pp. 64- 70 ,(2011) , 10.1016/S1005-8885(10)60208-7