ISSN 1000-1239 CN 11-1777/TP

• 论文 • 上一篇    下一篇

基于动态对等网层次结构的网络预警模型研究

许 佳1 冯登国1,2 苏璞睿1   

  1. 1(信息安全国家重点实验室(中国科学院软件研究所) 北京 100190) 2(信息安全国家重点实验室(中国科学院研究生院) 北京 100049) (xujia04@is.iscas.ac.cn)
  • 出版日期: 2010-09-15

Research on Network-Warning Model Based on Dynamic Peer-to-Peer Overlay Hierarchy

Xu Jia1, Feng Dengguo1,2, and Su Purui1   

  1. 1(State Key Laboratory of Information Security(Institute of Software, Chinese Academy of Sciences), Beijing 100190) 2(State Key Laboratory of Information Security(Graduate University of Chinese Academy of Sciences), Beijing 100049)
  • Online: 2010-09-15

摘要: 借助恶意代码快速传播搭建的分布式平台对互联网实施大规模入侵,已经成为网络安全领域的热点问题.“协同安全”是应对恶意代码分布式攻击的必然趋势,因此提出了一个基于动态对等网层次结构的网络预警模型.该模型的体系结构包含自上而下的两层对等覆盖网和4类节点角色,可以有效地整合网络中各种异构安全防护设施的数据和资源,并且使网络安全防护体系具备了动态自适应调整和跨安全域协作的能力.初步实验表明,该模型不仅可以进行报警消息聚合和关联分析、攻击场景图的生成和实施一定的主动防护,并且具备良好的鲁棒性、扩展性和可管理性.

关键词: 恶意代码, 网络预警, 协同安全, 对等覆盖网, 分布式共享

Abstract: The increasing array of invasions against Internet, which are implemented through the distributed platform fabricated by rapid diffusion of malwares, such as worm and botnet, has become a hotspot of network security research. Traditional network warning models have inefficient infrastructure to integrate widely scattering data and computational resources, leading to incompetence in detecting and preventing Internet-scale threats. In this paper, the notion of “collaborative security” is addressed to be an inevitable approach to resist Internet-scale attacks originated from widely spreading malwares. Therefore, a novel network-warning model based on dynamic peer-to-peer overlay hierarchy has been proposed. The infrastructure of this model has a two-level dynamic P2P overlay hierarchy, which consists of four roles of peers from the top downward and endues the global network defense framework with the ability of self-adaptive adjustment and collaboration across various security domains. As a fundamental characteristic of this model, a compatible XML-based distributed message sharing method is also presented, which effectively integrates the data resources of heterogeneous network security facilities. The result of preliminary experiments based on a proof-of-concept prototype system demonstrates that this model not only carries out alert message aggregation, correlated analysis, attack scenario generation and implementation of active defense mechanism with improved performance and accuracy, but also has prominant robustness, scalability and manageability.

Key words: malware, network warning, collaborative security, peer-to-peer overlay, distributed sharing