【摘 要】
:
The existing methods of policy refinement in computer network defense (CND) can only support the refinement of access control policy,but not the policies of protection,detection,response,and recovery.
【机 构】
:
State Key Laboratory of Virtual Reality Technology and System, Key Laboratory of Beijing Network Tec
论文部分内容阅读
The existing methods of policy refinement in computer network defense (CND) can only support the refinement of access control policy,but not the policies of protection,detection,response,and recovery.To solve this problem,we constructed a computer network defense policy refinement model and defined the refinement relations between high-level policy goal element and low-level operational policy element.We also provided formalism specifications of CND policies including protection (i.e.,access control,user authentication,encryption communication,backup),detection (i.e.,intrusion detection,vulnerabilities detection),response (i.e.,system rebooting,shutdown) and recovery (i.e.,rebuild,patch making).The semantic consistency of policy refinement was analyzed and verified.This guarantees the correctness of low-level policies refined from high-level policy goal.An algorithm of CND policy refinement was designed.At last,the effectiveness of our methods was verified through three experiment cases including the refinement of access control policy,composition policies with intrusion detection,vulnerabilities detection,and access control,as well as other composition policies with making patch and system rebooting.
其他文献
Long-term prediction is a key problem in real-time video traffic applications.Most of real-time video traffic belong to VBR traffic and has specific properties such as time variation,non-linearity and
传统的网络入侵检测方法利用已知类型的攻击样本以离线的方式训练入侵检测模型,虽然对已知攻击类型具有较高的检测率,但是不能识别出网络上新出现的攻击类型.本文提出了一种基于增量式GHSOM神经网络模型的入侵检测方法,在不破坏已学习过的知识的同时,对在线检测过程中新出现的攻击类型进行增量式学习,实现对入侵检测模型的动态扩展.在线入侵检测实验结果表明增量式GHSOM入侵检测方法具有动态自适应性,而且对于网络
Objective and accurate assessment of each node influence is a vital issue to research social networks.Many algorithms have been developed,but most of them use of single metric,which is incomplete and
This paper considers sub-channel and power allocation based on genetic algorithms to maximize the overall system capacity using proportional rate constraints in multiuser orthogonal frequency division
In DTNs,routing protocols use “store-carry-forward” approaches to complete the communication process.As traditional “Connectivity” concept from the Internet ignores the possibility of opportunistic co
Resource reservation is a widely used mechanism in distributed systems and high-performance networks,and the optimization of its performance has been greatly concerned.Data structure is used to store
In virtualized and dynamical cloud computing environment,all resources can be virtualized and provided as IT services which can be accessed through internet in a pervasive way.One can create new value
The P2P (peer-to-peer) has been widely used in file sharing,online chatting,peer computing,etc.Network traffic generated by P2P applications makes up of a large portion of the overall Internet traffic
Communication systems utilize the Distributed Hash Table (DHT) approach to build the network infrastructure for advantages of even distribution of workload,high scalability and cost-effectiveness.Alth
The Internet is designed to bypass failures by rerouting around connectivity outages.Consequently,dynamical redistribution of loads may result in congestion in other networks.Due to the co-location of