ISSN 1000-1239 CN 11-1777/TP

• 论文 •

### 基于动态对等网层次结构的网络预警模型研究

1. 1(信息安全国家重点实验室(中国科学院软件研究所) 北京 100190) 2(信息安全国家重点实验室(中国科学院研究生院) 北京 100049) (xujia04@is.iscas.ac.cn)
• 出版日期: 2010-09-15

### Research on Network-Warning Model Based on Dynamic Peer-to-Peer Overlay Hierarchy

Xu Jia1, Feng Dengguo1,2, and Su Purui1

1. 1(State Key Laboratory of Information Security(Institute of Software, Chinese Academy of Sciences), Beijing 100190) 2(State Key Laboratory of Information Security(Graduate University of Chinese Academy of Sciences), Beijing 100049)
• Online: 2010-09-15

Abstract: The increasing array of invasions against Internet, which are implemented through the distributed platform fabricated by rapid diffusion of malwares, such as worm and botnet, has become a hotspot of network security research. Traditional network warning models have inefficient infrastructure to integrate widely scattering data and computational resources, leading to incompetence in detecting and preventing Internet-scale threats. In this paper, the notion of “collaborative security” is addressed to be an inevitable approach to resist Internet-scale attacks originated from widely spreading malwares. Therefore, a novel network-warning model based on dynamic peer-to-peer overlay hierarchy has been proposed. The infrastructure of this model has a two-level dynamic P2P overlay hierarchy, which consists of four roles of peers from the top downward and endues the global network defense framework with the ability of self-adaptive adjustment and collaboration across various security domains. As a fundamental characteristic of this model, a compatible XML-based distributed message sharing method is also presented, which effectively integrates the data resources of heterogeneous network security facilities. The result of preliminary experiments based on a proof-of-concept prototype system demonstrates that this model not only carries out alert message aggregation, correlated analysis, attack scenario generation and implementation of active defense mechanism with improved performance and accuracy, but also has prominant robustness, scalability and manageability.