网络安全设备联动策略的研究与应用
发布时间:2018-09-06 17:52
【摘要】:基于策略的网络安全设备联动管理能够保证系统内的安全设备协同工作,有效地整合系统资源,提高安全事件的检测精度和处理效率,从而应对日趋复杂多变的网络安全威胁,成为动态安全设备管理模型的核心。本文立足于IETF制定的策略管理框架和安全设备联动体系模型,深入研究了联动策略的描述、验证、搜索与执行这几个方面的问题。 首先,在联动策略的定义与描述方面,根据子网内安全设备的协同性,按照子网划分安全域,将联动策略定义为安全域、触发条件和执行规则集三元组。触发条件代表系统捕获的安全事件威胁,,而规则集代表系统执行策略需要采取的一系列配置动作集。 其次,在联动策略的验证方面。安全事件的处理过程即为安全域内各类联动设备相关进程的启动过程。以联动设备进程的开启或关闭状态作为状态结点,令导致状态结点变迁的安全事件作为边,构造出针对特定子网的有向图状态变迁模型,使得规则集中的一个执行动作对应有向图中的一次状态变迁。通过有向图的深度优先遍历,考察各个状态结点的变迁路径,完成联动策略的正确性、完整性、一致性、冗余性和可执行性验证。 第三,在联动策略的查询方面。同样将联动策略的查询问题转化为有向图的遍历问题,为保证高频率安全事件能够被优先检索,在构造有向图邻接表时考虑事件的发生频率。将有向图按照终止结点的数量划分为若干个子图,将安全事件频率转化为路径的耗散值,运用AOE网中的事件最迟发生时间定义启发函数,通过A*搜索算法在Closed表中完成状态结点的排序,综合各个子图的重排序结点重新构建邻接表。 最后,在联动策略执行方面。通过SSH协议实现对安全设备的远程配置,保证了策略执行的安全性,实现了不同设备SSH版本的兼容性。 通过实验分析,本文提出的策略验证算法在复杂度上优于现有的一些方法,具有良好的执行效率,同时本文的策略查询方法能够有效地对高频率事件作出响应。结合通过SSH协议远程配置安全设备的方法,应用本文描述的方法能够完成基于策略的网络安全设备联动系统的构建,有效地应对各类安全威胁。
[Abstract]:Policy-based network security equipment linkage management can ensure the cooperative work of the security equipment in the system, effectively integrate the system resources, improve the detection accuracy and processing efficiency of security incidents, so as to deal with the increasingly complex network security threats. It becomes the core of dynamic security equipment management model. Based on the policy management framework established by IETF and the security equipment linkage system model, this paper deeply studies the description, verification, search and execution of the linkage policy. Firstly, in terms of the definition and description of the linkage policy, according to the cooperation of the security equipment in the subnet, the security domain is divided according to the subnet, and the linkage policy is defined as the security domain, the trigger condition and the execution rule set triple. The trigger condition represents the security event threat captured by the system, while the rule set represents a set of configuration actions that the system needs to take to execute the policy. Secondly, in the linkage strategy verification. The process of handling security events is the starting process of all kinds of related processes in the security domain. The state transition model of directed graph for a specific subnet is constructed by using the opening or closing state of the linkage device process as the state node and the security event that leads to the transition of the state node as the edge. Causes an execution action in a rule set to correspond to a state transition in a directed graph. Based on the depth-first traversal of directed graphs, the transition paths of each state node are investigated to verify the correctness, integrity, consistency, redundancy and executability of the linkage strategy. Third, in the linkage strategy query aspect. The query problem of linkage strategy is also transformed into the traversal problem of directed graph. In order to ensure that high frequency security events can be retrieved first, the frequency of events is considered when constructing the adjacent table of directed graph. The directed graph is divided into several subgraphs according to the number of terminating nodes, and the frequency of security events is transformed into the dissipative value of the path, and the heuristic function is defined by the latest time of occurrence of events in AOE nets. The algorithm of A * search is used to complete the sorting of the state nodes in the Closed table, and the adjacent table is constructed by synthesizing the reordered nodes of each subgraph. Finally, in the linkage strategy execution aspect. The remote configuration of security devices is realized by SSH protocol, which ensures the security of policy execution and realizes the compatibility of SSH versions of different devices. The experimental results show that the proposed policy verification algorithm is superior to some existing methods in complexity and has good execution efficiency, and the policy query method in this paper can effectively respond to high frequency events. Combined with the method of remote configuration of security equipment through SSH protocol, the method described in this paper can be used to construct a policy-based network security device linkage system, which can effectively deal with all kinds of security threats.
【学位授予单位】:华北电力大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
本文编号:2227083
[Abstract]:Policy-based network security equipment linkage management can ensure the cooperative work of the security equipment in the system, effectively integrate the system resources, improve the detection accuracy and processing efficiency of security incidents, so as to deal with the increasingly complex network security threats. It becomes the core of dynamic security equipment management model. Based on the policy management framework established by IETF and the security equipment linkage system model, this paper deeply studies the description, verification, search and execution of the linkage policy. Firstly, in terms of the definition and description of the linkage policy, according to the cooperation of the security equipment in the subnet, the security domain is divided according to the subnet, and the linkage policy is defined as the security domain, the trigger condition and the execution rule set triple. The trigger condition represents the security event threat captured by the system, while the rule set represents a set of configuration actions that the system needs to take to execute the policy. Secondly, in the linkage strategy verification. The process of handling security events is the starting process of all kinds of related processes in the security domain. The state transition model of directed graph for a specific subnet is constructed by using the opening or closing state of the linkage device process as the state node and the security event that leads to the transition of the state node as the edge. Causes an execution action in a rule set to correspond to a state transition in a directed graph. Based on the depth-first traversal of directed graphs, the transition paths of each state node are investigated to verify the correctness, integrity, consistency, redundancy and executability of the linkage strategy. Third, in the linkage strategy query aspect. The query problem of linkage strategy is also transformed into the traversal problem of directed graph. In order to ensure that high frequency security events can be retrieved first, the frequency of events is considered when constructing the adjacent table of directed graph. The directed graph is divided into several subgraphs according to the number of terminating nodes, and the frequency of security events is transformed into the dissipative value of the path, and the heuristic function is defined by the latest time of occurrence of events in AOE nets. The algorithm of A * search is used to complete the sorting of the state nodes in the Closed table, and the adjacent table is constructed by synthesizing the reordered nodes of each subgraph. Finally, in the linkage strategy execution aspect. The remote configuration of security devices is realized by SSH protocol, which ensures the security of policy execution and realizes the compatibility of SSH versions of different devices. The experimental results show that the proposed policy verification algorithm is superior to some existing methods in complexity and has good execution efficiency, and the policy query method in this paper can effectively respond to high frequency events. Combined with the method of remote configuration of security equipment through SSH protocol, the method described in this paper can be used to construct a policy-based network security device linkage system, which can effectively deal with all kinds of security threats.
【学位授予单位】:华北电力大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
【参考文献】
相关期刊论文 前9条
1 李力;李志平;王亮;吕航;文继锋;陈松林;;稳定控制装置中策略搜索匹配状态机模型[J];电力系统自动化;2012年17期
2 张焕;曹万华;冯力;朱丽娜;;基于状态迁移的网络安全联动策略模型[J];舰船电子工程;2009年03期
3 姚键 ,茅兵 ,谢立;一种基于有向图模型的安全策略冲突检测方法[J];计算机研究与发展;2005年07期
4 刘道斌;郭莉;白硕;;一种工作流安全策略分析方法[J];计算机研究与发展;2008年06期
5 李卫,刘小刚,李国栋,缪红保,陶静;网络安全管理及安全联动响应的研究[J];计算机工程与应用;2003年26期
6 包义保;殷丽华;方滨兴;郭莉;;基于良基语义的安全策略表达与验证方法[J];软件学报;2012年04期
7 姚兰,王新梅;防火墙与入侵检测系统的联动分析[J];信息安全与通信保密;2002年06期
8 梁琳,拾以娟,铁玲;基于策略的安全智能联动模型[J];信息安全与通信保密;2004年02期
9 何恩,李毅;一种基于策略的网络安全联动框架[J];信息安全与通信保密;2005年07期
本文编号:2227083
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2227083.html
