网络管理系统安全策略及框架结构的设计与实现
摘要
当前网络入侵事件不断发生,使得网络安全管理技术成为当今人们关注的热点。由此,网络安全技术成了网络技术发展的一个重点研究方向,而良好的网络安全管理系统模型的构造为开发可靠性和入侵检测两个方面进行了研究和探讨,设计并实现了一个分布式网络安全管理框架DNSMF(Distributed Network Security Management Framework)。本文首先研究了计算机网络的安全策略。从各个角度描述了不同的安全控制方法。然后分析入侵检测技术。比较异常检测和滥用检测各自的优缺点,以及各种检测方法的数据来源。还研究了JavaBeans技术和Java RMI在分布式计算中的应用。在以上研究的基础上提出了DNSMF框架设计思想。DNSMF系统主要组件是:DNSMF控制器,每台主机一个主机监控器,以及每个网段一个LAN监控器。DNSMF是通过多个实体的自治与协作来提高入侵检测的准确性的框架结构。文中给出了DNSMF各子组件的定义模型,并且提出了组件间的通信机制。通过对各组件模型的定义和通信机制的提出,把分布式监管、数据精简和集中式的数据分析处理结合到DNSMF框架中。本文最后利用Java技术实现了DNSMF的一个原型系统,并过两个实例检验了DNSMF框架的实用性。
Nowadays, network intrusion and attack affairs happen frequently, which makes people pay more attention on the spot of network security management technology. Network security technology becomes an important research direction of network technology. A good model can be a solid base for building a network security management system with high credibility. In this thesis, after giving a systematic study on network security technology and intrusion detection, we designed and implemented a distributed network security management framework ?DNSMF(Distributed Security Management Framework).
First, the paper gave some research on the security strategy of computer network, with different method of security control described. Then it analyzed intrusion detection technology, compared the merits and shortcomings of Anomaly-based Detection and Misuse-based Detection, and depicted the source data of different detection ways. The research of applying Java Beans technology and Java RMI technology to distributed computing were also discussed.
On the base of the above research work, we put forward the design idea of DNSMF. The components of DNSNF are the DNSMF controller, a single host monitor per host, and a single LAN monitor for each broadcast segment in the monitored network. DNSMF is a framework, which increase the veracity of intrusion detection by the autonomy and cooperation of multiple agents. Every definition of component of DNSMF is given, and the communication mechanism between components was brought forward. So, we concentrated distributed monitoring, data simplifying and centralized data analysis and disposal technologies into DNSMF.
Finally, the thesis implemented an prototype of DNSMF using Java technology, and gave two real examples to validate the practicability of DNSMF.
Nowadays, network intrusion and attack affairs happen frequently, which makes people pay more attention on the spot of network security management technology. Network security technology becomes an important research direction of network technology. A good model can be a solid base for building a network security management system with high credibility. In this thesis, after giving a systematic study on network security technology and intrusion detection, we designed and implemented a distributed network security management framework ?DNSMF(Distributed Security Management Framework).
First, the paper gave some research on the security strategy of computer network, with different method of security control described. Then it analyzed intrusion detection technology, compared the merits and shortcomings of Anomaly-based Detection and Misuse-based Detection, and depicted the source data of different detection ways. The research of applying Java Beans technology and Java RMI technology to distributed computing were also discussed.
On the base of the above research work, we put forward the design idea of DNSMF. The components of DNSNF are the DNSMF controller, a single host monitor per host, and a single LAN monitor for each broadcast segment in the monitored network. DNSMF is a framework, which increase the veracity of intrusion detection by the autonomy and cooperation of multiple agents. Every definition of component of DNSMF is given, and the communication mechanism between components was brought forward. So, we concentrated distributed monitoring, data simplifying and centralized data analysis and disposal technologies into DNSMF.
Finally, the thesis implemented an prototype of DNSMF using Java technology, and gave two real examples to validate the practicability of DNSMF.
引文
[1] D. E. Comer. Internetworking with TCP/IP. Prentice-Hall.third edition, 1995.
[2] Ivan Victor Krsul. Computer Vulnerability Analysis. PhD thesis.Purdue University, 1998
[3] Thomas H. Ptacek and Timothy N. Newsham. Insertion, evasion, and denial of service: Eluding network intrusion detection. Technical report. Secure Networks Inc, January 1998
[4] 江嵩,杨金生.网络管理系统分布诊断方法研究.计算机研究与发展.1999,3,36(3),349-352页
[5] Anish Bhmani. Security the Comercial Internet. Communications of the ACM. 1997,40(2): 92-102P
[6] Bruce Schneier. Applied Cryptography Second Edition.protocols.algorithms, and source in C. 1996 published by john Wiley&Sons. Inc
[7] Rofe Oppliger. Internet Security: Firewalls and Beyond. Communications of the ACM. 1997,40(2): 92-102P
[8] J.P Anderson. Computer Security Threat Monitoring and Surveillance. Technical report,James P Anderson Co. Fort Washington. Pennsylvania, 1980.
[9] Biswanath Mudherjee, Todd L. Heberlein, and Karl N. Levitt. Network intrusion detection. IEEENetwork.8(3): 25-41P. May/June 1994.
[10] H.S.Javits and A.aldes. The SRI Statitical Anomaly Detection. In Proceeding of the 14th National Computer Security Conference. October 1991
[11] 汪立东,李亚平,方滨兴.一个基于神经网络的入侵检测系统.计算机工程.1999,vol.25:56-58页
[12] Cannady J.Mahaffey The Application of Artificial Neural Networks to Anomaly Detection: Initial Results. Proceedings of First International Workshop on the Recent Advances in Intrusion Detection. Louvain-la Neuve, Belgium, 1998-09-14
[13] Dorothy E. Denning. An Intrusion-Detection Model IEEE Transactions on Software Engineering, 1987,13(2): 222-232P
[14] Sandeep Kumar,Eugene H.Spafford. A Pattern Matching Model For Misuse Intrusion D etection. 1998
[15] T,Lunt,H. Javitz.A.Valdes et al. Areal-time Intrusion-Detection Expert System(IDES).SRI International Technical Report. SRI Project 6784, February 28,1992
[16] Edward Amoroso. Intrusion Detection. Intrusion. NET Books, 1999 isbn 09666700-7-8
[17] IIgun K.USTAT. A Real-time Intrusion Detection System for UNIX. In Proceedings of the IEEE Symposium on Research in Security and Privacty. 1993(5): 16-28P
[18] Sandeep Kumar Eugene H. Spafford. An Application of Pattern Matching in Intrusion Detection. Computers & Security, 15(2): 103-121P, 1998.
[19] Phillip A.Porras and Richard A. Kemmerer. Penetration State Transition Anslysis-A Rule-Based Intrusion Detection Approach. In Eighth Annual Computer Security Applications Conference. Pages 220-229P IEEE Computer Society press. November 30-December 4 1992
[20] Kurt Jensen. Colored Petri Nets-Basic Concepts I. Springer Verlag, 1992
[21] Judith Hochberg, Kathleen Jackson. Cathy Stallings.J.F. McClary. David DuBois,and Josephine Ford. NADIR: An Anutomated system for detecting network intrusion and misuse. Computers and Security, 1993,12(3):235-248P
[22] S. Staniford-Chen,S. Cheung. R. Crawford. M. Dilger. J.Frank. J. Hoagland. K. Levitt. C. Wee.R. Yip.and D. Zerkle. GrIDS: A graph based intrusion detection system for large networks.In Proceedingss of the 19th National Information Systeme Security Conference.volume 1. National Insitute of Standards and Technolgy. 1996: 361-370P
[23] Abdelaziz Mounji. Languages and Tools for Rule-Based Distributed Intrusion Detection. Thesis for doctor degree. Facultes Universitaires Noter-Dame de la Paix Namur(Belgium),1997:1
[24] Mukesh M.Prabhu. S.V. Raghavan. Security in Computer Networks and Distributed Systems. Computer Communications. 1996Vol. 19:379-388P
[25] S. R. Snapp. J.Brentano. G.V. Dias. T. L.Grance. L.T. Heberlein. C.Ho.K.N. Levitt. B.Mukherjee. S.E.Smaha. T. Grance. D.M.Teal,andD.Mansur. DIDS(Di stributed Intrusion Detection System)-Motivation, Architecture, and an early Prototype. Proceedings of the 14th National Computer Security Conference, 1991:167-176P
[26] K.Arnold and J. Gosling. The Java Programming Language, Second Edition. Addison-Wesley, Reading, Mass. 1998
[27] T. Lindholm and F. Yellin. The Java Virtual Machine Specification. Addison Wesley, Reading, Mass. 1997
[28] Sun Microsystems. Inc. Java Mangement Extensions White Papers. 1999. URL at http://java, sun.com/products/javaManagement/R.Heady. G.Luger, A.Maccabe, and M. Servilla. The Architecture of a Net Work Level Intrusion Detection System. Technical Report. University of New Mexico. Department of Computer Science. 1990
[29] L. Heberlein. G. Dias. K. Levitt. B.Mukherjee. J. Wood.and D. Wolber. Anetwork Security Monitor. In Proceedings of the IEEE Symposium on Research in Security and Privacy, 1990
[30] Gregory B. White. Eric A. Fisch.and Udo W. Pooperation security managres:A peer-based intrusion derecticn system. IEEE Network. January/Februay 1996:20-23P
[31] Jeffrey M. Bradshaw. An introduction to software agents. In Jeffrey M. Bradshaw. Editor, Software Agents. AAAI Press/The MIT Press. 1997:1
[32] Jai Sundar Balasubramaniyan. Jose Omar Garcia-Fernandez. An Architecture for Intrusion Detection using Autonomous Agents. COAST Technical Report98(5)
[33] Mark Crosbie. Gene Spafford. Defending a Computer System using Autonomous Agents. Technical Report. Purdue University Dept. of Computer Sciences. 1994
[34] William M. Farmer. Joshus D. guttman, and vipin swarup. Security for mobile agents: Issues and requirements. In Proceedings of the 19th National Information System Security Conference.volume 2.pages591-597P. National Information System Security Conference. volue 2. pages591-597P National Institute of Standards and Technology. October 1996.
[35] D.Seeley. A tour of the worm. In Proceedings Of 1989 Winter Usenix Conference; Spafford. The Internet Worm Program: An Analysis. In ACM Computer Communication Review: 1991,19(1):17-57P
[36] Eugene H Spafford. The Internet Worm Program: An Analysis. In ACM Computer Communication Review: 1991,19(1): 17-57P
[37] David Newman, Tadesse Gdesse Gionrgis&Farhad Yaveri-Issalou, Intrusion Detection System: Suspicious Finds. Data Communications, 1998,27(11)
[38] Deborah,Frincke. Don,Todin,Yuan Ho,Planning,Petri Netsand lnstrusion Detection.21st Nissc Proceedings. Hyatt Regency-Crystal City, Virginia, 1998
[39] Greb Vert, Deborah A. Frinche.Jesse Mc Connell.A Visual Mathematical Model for Instursion Detection.21st NISSC Proceedings, Hyatt Regency-Crystal City, Virginia, 1998
[40] IEEE Journal on Selected Areas in Communications, May 1989. Special issue on Secure Communications.
[41] G.McGraw and E.W. Felten. Java Security:Hostile Applets.Holes.and Antidotes. John Wiley & Sons.New York, 1997
[42] Sun Microsystems, Inc. Ihe Java Extensions Framework. 1998. URL at http ://java.xun.com/products/jdk/1.2/docs/guide/extension
[2] Ivan Victor Krsul. Computer Vulnerability Analysis. PhD thesis.Purdue University, 1998
[3] Thomas H. Ptacek and Timothy N. Newsham. Insertion, evasion, and denial of service: Eluding network intrusion detection. Technical report. Secure Networks Inc, January 1998
[4] 江嵩,杨金生.网络管理系统分布诊断方法研究.计算机研究与发展.1999,3,36(3),349-352页
[5] Anish Bhmani. Security the Comercial Internet. Communications of the ACM. 1997,40(2): 92-102P
[6] Bruce Schneier. Applied Cryptography Second Edition.protocols.algorithms, and source in C. 1996 published by john Wiley&Sons. Inc
[7] Rofe Oppliger. Internet Security: Firewalls and Beyond. Communications of the ACM. 1997,40(2): 92-102P
[8] J.P Anderson. Computer Security Threat Monitoring and Surveillance. Technical report,James P Anderson Co. Fort Washington. Pennsylvania, 1980.
[9] Biswanath Mudherjee, Todd L. Heberlein, and Karl N. Levitt. Network intrusion detection. IEEENetwork.8(3): 25-41P. May/June 1994.
[10] H.S.Javits and A.aldes. The SRI Statitical Anomaly Detection. In Proceeding of the 14th National Computer Security Conference. October 1991
[11] 汪立东,李亚平,方滨兴.一个基于神经网络的入侵检测系统.计算机工程.1999,vol.25:56-58页
[12] Cannady J.Mahaffey The Application of Artificial Neural Networks to Anomaly Detection: Initial Results. Proceedings of First International Workshop on the Recent Advances in Intrusion Detection. Louvain-la Neuve, Belgium, 1998-09-14
[13] Dorothy E. Denning. An Intrusion-Detection Model IEEE Transactions on Software Engineering, 1987,13(2): 222-232P
[14] Sandeep Kumar,Eugene H.Spafford. A Pattern Matching Model For Misuse Intrusion D etection. 1998
[15] T,Lunt,H. Javitz.A.Valdes et al. Areal-time Intrusion-Detection Expert System(IDES).SRI International Technical Report. SRI Project 6784, February 28,1992
[16] Edward Amoroso. Intrusion Detection. Intrusion. NET Books, 1999 isbn 09666700-7-8
[17] IIgun K.USTAT. A Real-time Intrusion Detection System for UNIX. In Proceedings of the IEEE Symposium on Research in Security and Privacty. 1993(5): 16-28P
[18] Sandeep Kumar Eugene H. Spafford. An Application of Pattern Matching in Intrusion Detection. Computers & Security, 15(2): 103-121P, 1998.
[19] Phillip A.Porras and Richard A. Kemmerer. Penetration State Transition Anslysis-A Rule-Based Intrusion Detection Approach. In Eighth Annual Computer Security Applications Conference. Pages 220-229P IEEE Computer Society press. November 30-December 4 1992
[20] Kurt Jensen. Colored Petri Nets-Basic Concepts I. Springer Verlag, 1992
[21] Judith Hochberg, Kathleen Jackson. Cathy Stallings.J.F. McClary. David DuBois,and Josephine Ford. NADIR: An Anutomated system for detecting network intrusion and misuse. Computers and Security, 1993,12(3):235-248P
[22] S. Staniford-Chen,S. Cheung. R. Crawford. M. Dilger. J.Frank. J. Hoagland. K. Levitt. C. Wee.R. Yip.and D. Zerkle. GrIDS: A graph based intrusion detection system for large networks.In Proceedingss of the 19th National Information Systeme Security Conference.volume 1. National Insitute of Standards and Technolgy. 1996: 361-370P
[23] Abdelaziz Mounji. Languages and Tools for Rule-Based Distributed Intrusion Detection. Thesis for doctor degree. Facultes Universitaires Noter-Dame de la Paix Namur(Belgium),1997:1
[24] Mukesh M.Prabhu. S.V. Raghavan. Security in Computer Networks and Distributed Systems. Computer Communications. 1996Vol. 19:379-388P
[25] S. R. Snapp. J.Brentano. G.V. Dias. T. L.Grance. L.T. Heberlein. C.Ho.K.N. Levitt. B.Mukherjee. S.E.Smaha. T. Grance. D.M.Teal,andD.Mansur. DIDS(Di stributed Intrusion Detection System)-Motivation, Architecture, and an early Prototype. Proceedings of the 14th National Computer Security Conference, 1991:167-176P
[26] K.Arnold and J. Gosling. The Java Programming Language, Second Edition. Addison-Wesley, Reading, Mass. 1998
[27] T. Lindholm and F. Yellin. The Java Virtual Machine Specification. Addison Wesley, Reading, Mass. 1997
[28] Sun Microsystems. Inc. Java Mangement Extensions White Papers. 1999. URL at http://java, sun.com/products/javaManagement/R.Heady. G.Luger, A.Maccabe, and M. Servilla. The Architecture of a Net Work Level Intrusion Detection System. Technical Report. University of New Mexico. Department of Computer Science. 1990
[29] L. Heberlein. G. Dias. K. Levitt. B.Mukherjee. J. Wood.and D. Wolber. Anetwork Security Monitor. In Proceedings of the IEEE Symposium on Research in Security and Privacy, 1990
[30] Gregory B. White. Eric A. Fisch.and Udo W. Pooperation security managres:A peer-based intrusion derecticn system. IEEE Network. January/Februay 1996:20-23P
[31] Jeffrey M. Bradshaw. An introduction to software agents. In Jeffrey M. Bradshaw. Editor, Software Agents. AAAI Press/The MIT Press. 1997:1
[32] Jai Sundar Balasubramaniyan. Jose Omar Garcia-Fernandez. An Architecture for Intrusion Detection using Autonomous Agents. COAST Technical Report98(5)
[33] Mark Crosbie. Gene Spafford. Defending a Computer System using Autonomous Agents. Technical Report. Purdue University Dept. of Computer Sciences. 1994
[34] William M. Farmer. Joshus D. guttman, and vipin swarup. Security for mobile agents: Issues and requirements. In Proceedings of the 19th National Information System Security Conference.volume 2.pages591-597P. National Information System Security Conference. volue 2. pages591-597P National Institute of Standards and Technology. October 1996.
[35] D.Seeley. A tour of the worm. In Proceedings Of 1989 Winter Usenix Conference; Spafford. The Internet Worm Program: An Analysis. In ACM Computer Communication Review: 1991,19(1):17-57P
[36] Eugene H Spafford. The Internet Worm Program: An Analysis. In ACM Computer Communication Review: 1991,19(1): 17-57P
[37] David Newman, Tadesse Gdesse Gionrgis&Farhad Yaveri-Issalou, Intrusion Detection System: Suspicious Finds. Data Communications, 1998,27(11)
[38] Deborah,Frincke. Don,Todin,Yuan Ho,Planning,Petri Netsand lnstrusion Detection.21st Nissc Proceedings. Hyatt Regency-Crystal City, Virginia, 1998
[39] Greb Vert, Deborah A. Frinche.Jesse Mc Connell.A Visual Mathematical Model for Instursion Detection.21st NISSC Proceedings, Hyatt Regency-Crystal City, Virginia, 1998
[40] IEEE Journal on Selected Areas in Communications, May 1989. Special issue on Secure Communications.
[41] G.McGraw and E.W. Felten. Java Security:Hostile Applets.Holes.and Antidotes. John Wiley & Sons.New York, 1997
[42] Sun Microsystems, Inc. Ihe Java Extensions Framework. 1998. URL at http ://java.xun.com/products/jdk/1.2/docs/guide/extension