【作者】 常德显；

【导师】 杨英杰；

【作者基本信息】 解放军信息工程大学 ， 计算机应用技术， 2007， 硕士

【摘要】 网络审计系统作为一种安全事件监控产品目前已被广泛使用,由于其数据的敏感性,因此容易受到攻击和破坏。目前,虽然人们做了大量工作从安全防护角度对网络审计系统的安全强度进行提高,并取得了一定成效,但是却很少考虑审计系统一旦被攻破的情况下,如何保证其基本功能尽可能正常运转这个问题。网络入侵防不胜防,现实中我们很难保证审计系统不被攻破,因此必然需要建立起一套容忍入侵机制,来提高审计系统自身的可生存能力。网络系统生存性理论是目前信息安全领域一个新的研究内容,是对传统信息安全观念的突破和创新,强调系统在遭受攻击、发生故障或意外事故的情况下,能够及时完成其关键任务的能力。可生存性的中心思想是即使入侵成功,甚至系统的重要部分受到损害或摧毁时,系统依然能够保持其基本功能的运转,并及时修复被损坏的服务。本文研究网络审计系统在受到“性能攻击”时如何持续提供服务的问题,设计了系统的可生存性机制,完成的主要工作如下;1.分析了可生存性技术与传统安全技术相比在提高系统安全强度方面的优势,对目前生存性研究成果进行较为全面的归纳与总结。2.设计了基于3R的网络审计系统抗“性能攻击”可生存性机制。通过建立系统性能稳态模型,增强系统识别评估攻击的能力;提出基于服务分级的抗攻击机制,提高系统抗攻击能力;通过系统各机制的联动,增强系统服务恢复能力。3.实现了一个具有可生存性的网络审计原型系统。在系统可生存性机制研究基础上,建立基于SYSLOG协议的审计系统原型,并实现该系统的可生存性,以提高系统在攻击状态下服务的可持续能力。通过以上工作,本文提出并实现了一套网络审计系统抗“性能攻击”的可生存性机制,一方面为系统提供了一套有效的保障机制,使系统在受攻击状态下仍能够完成其关键任务;另一方面也对生存性理论应用进行了有益的补充和扩展。更多还原

【Abstract】 As a security monitor product, network audit system has been used widely. But because of the sensibility of its data, it suffers attack and destruction easily. So far, people have done a lot of work to improve the security level of network audit system in terms of security protection and achieve some effect. However, they didn’t consider the problem that how to ensure the essential function to run normally when the attack is successful. There are more and more attacks impossible to defend effectively. We can’t ensure full security of the network audit system. So the intrusion tolerance mechanism should be designed to improve the survivability of the system.Network survivability is the innovation for the traditional network security concepts. The concept of survivability focuses on the capability of implementing the key mission timely during the time when the network application system is suffering from the attack, fault or incident. The clou of survivability is that the system can fulfill the key mission and repair its services which are damaged even if the intrusion is successful.This paper designs the survivability mechanism which ensures the network audit system to provide the services when the intrusion is successful. The main work includes the following aspects:1 .Analyzing the advantage of survivability technology comparing to the traditional security technology, summarizing the correlative concepts and applications of the survivability technology.2.Designing the anti Performance-attack survivability mechanism based on 3R.The stable performance model is established to enforce the capability of recognizing the attack. For different attack intensity, the system should provide different level of system services. This paper proposes the anti-attack mechanism based the service classification. The associate actions of system security mechanism can improve the capability of recovery.3.Implementing a network audit system which has the Survivable capability. Based on the research of the survivability mechanism, we build up the network audit system prototype based on the SYSLOG protocol; improve the sustainable capability of system services via implementation of the survivability mechanism.From what has been done above, this paper designs and implements a set of survivability mechanisms for network audit system to anti Performance-attack. They provide effective safeguard mechanisms to accomplish the key missions in the case of the attack state. At the same time, they complement and extend the survivability application theories.更多还原