【作者】 孙冠男；

【导师】 冯涛；

【作者基本信息】 兰州理工大学 ， 通信与信息系统， 2011， 硕士

【摘要】 互联网的广泛应用带来了诸多网络安全问题,进而促进了网络攻击的检测与防御技术的发展。拜占庭攻击(Byzantine Attacks)指通信网络中攻击者控制若干授权节点并且任意干扰或破坏网络的攻击方式。拜占庭攻击作为一种主动型内部攻击极易危害网络中各节点的正常通信。防御和检测拜占庭攻击一直是网络安全领域最难解决的问题之一。由于拜占庭攻击的特殊性与多样性等特征,使得网络节点如何能够防御多类拜占庭攻击及联合拜占庭攻击成为研究人员关注的一个焦点。另外,如何建立一个完备的拜占庭攻击模型也逐渐成为研究人员关注的另一个焦点。我们着眼于拜占庭攻击研究中的这些焦点问题,提出了一种可用于安全主动防御体系的拜占庭攻击本体模型。本体作为一项知识表示技术能够严格的定义概念与概念之间的关系。本体的目标是描述相关领域的知识,确定该领域内共同认可的概念,提供对该领域知识的共同理解,并从不同层次的形式化模式上给出这些概念间相互关系的明确定义。我们基于本体技术的要求,首先从三个方面(概念类、关系、推理)对拜占庭攻击进行了分层的概念和属性的描述;然后利用本体描述语言OWL对攻击本体实例进行了描述,OWL具有良好的描述逻辑、描述框架能力,能够清晰的表达出对象的概念间的关系;最后利用规则语言SWRL来描述构建本体知识库的相关攻击推理规则。利用SWRL在OWL中加入规则,可以提供更强的逻辑表达能力。模型演绎与规则推理均在ProtégéTab上编译通过,并完成规则测试。通过对拜占庭攻击实例的分析,该本体模型不仅可以实现拜占庭攻击概念的通用表达及关系描述,而且可以实现各节点之间的信息共享与协同检测。更多还原

【Abstract】 The extensive use of the Internet has brought a lot of network security problems which contributes to a detection of network attack and the prevention of technology. Byzantine Attacks refers to the network attack which means that the communication network and the number of authorized nodes are controlled, disrupted or interfered with by the attackers. Each node normal communications in the network extremely be attacked by Byzantine Attacks as a kind of active internal attacks. The prevention and detection of Byzantine attack has been the most difficult problems in the network security field.Since Byzantine attack has special features and diversity. How to defend against many types of Byzantine Attack and the United Byzantine Attack with network node has been a focus which researchers paid attention to.We present a Byzantine attack ontology model which is used in the active defense system to solve these hot points in the studies of Byzantine attack. Ontology can define the relationship between two concepts strictly as a knowledge representation technology. The target of ontology is description of knowledge of related fields, the establishment of the concept which the common people recognized in the areas, the provision of common understanding of the knowledge in this area and the clear definition of the interrelationship between these concepts. At first we described layered concepts and properties of Byzantine attack from three aspects, classes, relation and reasoning based on the requirements of ontology. Then we described attack ontology instance using ontology language. OWL has a good capacity of description logic to describe the framework, it is also able to express the relationship between the concept of object clearly. At last we described the inference rules related to attack which is used to construct ontological knowledge using rule language SWRL. That Added rules to OWL using SWRL can provide more ability of logic expression .Model of deductive reasoning and rules has been compiled through ProtégéTab and it also has been completed test rules. Ontology model not only can express Byzantine attack concept and describe the relationship between concepts, but also can share information between each node and detect it synergistically.更多还原