基于CSCW的内网安全审计系统应用研究
|
摘要
随着网络的快速发展和计算机的普及,网络已成为社会运行和国家发展的必备基础设施,网络安全问题已经不容忽视。人们不断研发新的技术以保障网络安全,如:认证加密、防病毒、防火墙和入侵检测系统等技术。然而根据各方的数据统计:五成以上的网络攻击事件源于网络内部。要想从根本上杜绝恶性攻击事件的发生,必须首先强化企业内部网的安全防范与安全管理。
内网安全是目前网络安全领域的研究热点,内网安全审计系统随之诞生和发展。基于传统的内网安全审计系统只专注于对审计策略的定制、用户行为的监控、各种审计日志的管理、告警行为的处理等,审计的控制中心往往是孤立地工作,有时候单凭个人的经验,对审计策略的定制可能准确性不高、针对性不强,对目前内网的安全隐患不能作出及时的反应和察觉。当审计的客户机数目比较庞大时,控制中心很可能会因不堪重荷而无法正常工作。
现阶段几乎每项工作的完成都是许多人智慧的共同结晶,因此协同工作在当今社会变得日益重要。利用协同工作提高整个内网安全审计的效率,使具有多个控制中心的内网安全审计系统能够协同工作,是解决上述问题的关键。负载均衡提供了一种廉价有效的扩展服务器带宽和增加吞吐量,加强网络数据处理能力,提高网络的灵活性和可用性的方法。可行有效的负载均衡能为系统构造一个良好的协同工作环境。
论文分析了当前的内网安全审计系统,针对现有内网安全审计系统协同性的不足,详细探讨了内网安全审计系统与CSCW相结合的可能性,研究了内网安全审计系统的协同工作可能带来的问题,以及CSCW环境下内网安全审计系统的新特性,在现有负载均衡算法的基础上,提出了基于可拓模糊理论的负载均衡算法,构建了一个协同环境,设计了一个基于CSCW的内网安全审计系统。该系统以通信机制作为协同工作的基础,以Agent作为协同工作的单元,把协同和控制中心相结合。本文结合相关的关键技术和编程技巧,实现了系统原型的核心模块,解决了安全审计系统中控制中心不能协同工作的问题。最后总结了本文的研究工作,指出了下一步的研究方向。
With the rapid development of Internet and the popularity of computer, network has become the necessary infrastructure of social and national development. The network security problems can not to be ignored. People take a variety of measures to protect network security, such as Authenticated Encryption, Anti-Virus, Firewall, Intrusion Detection System and other technology. However, more than 50 percents of network attacks originate from Intranet in accordance with the statistics. To fundamentally eliminate the vicious attacks, we must strengthen the security guard and security management of Intranet at first.
Intranet security is the hotspot of research on network security, following it, the Intranet security audit system has produced and developed. But the traditional Intranet security audit systems only focus on customizing the audit strategy, monitoring the user behaviors, managing various audit logs and handling the warning behaviors. Usually the control center of audit works in isolation, if only use the personal experience to customize the audit strategy , the accuracy is not high, the pertinence is not strong and it can not make the in-time response and detection to the network security risks. If the number of the audit clients is too big, the load is likely to be too heavy and so that the control centre can not work properly.
At this stage, the completion of each work is the wisdom crystallization of many people. So teamwork is becoming increasingly important in today's society. Use cooperative work to improve the efficiency of the Intranet security audit, so that the Intranet security audit system with a number of control centers can work collaboratively, which is the key to solve the problem. Load balancing provides a cheap and effective capacity to expand the bandwidth and throughput of servers, enhance network's data processing capacity and improve network's flexibility as well as the number of availability methods. Feasible and effective load balancing system can construct a good collaborative work environment.
This paper analyses current Intranet security audit systems, focuses on the disadvantage of existing Intranet security audit system in the collaboration, discusses the combinability between Intranet security audit system and CSCW, studies the potential problems in the cooperative work and the new characteristics in the Intranet security audit system based on CSCW, and then based on existing load balancing algorithmic, brings forward a new load balancing algorithmic based on extension theory, structures a cooperative environmet and designs a Intranet security audit system based on CSCW. The cooperative work of the system base on message communication mechanism and Agent. The paper combines the key technologies and programming skills, implements the core modules of the system. It solves the collaboration in the control center of Intranet security audit system. At the end, the paper summarizes the research and presents the next research.
内网安全是目前网络安全领域的研究热点,内网安全审计系统随之诞生和发展。基于传统的内网安全审计系统只专注于对审计策略的定制、用户行为的监控、各种审计日志的管理、告警行为的处理等,审计的控制中心往往是孤立地工作,有时候单凭个人的经验,对审计策略的定制可能准确性不高、针对性不强,对目前内网的安全隐患不能作出及时的反应和察觉。当审计的客户机数目比较庞大时,控制中心很可能会因不堪重荷而无法正常工作。
现阶段几乎每项工作的完成都是许多人智慧的共同结晶,因此协同工作在当今社会变得日益重要。利用协同工作提高整个内网安全审计的效率,使具有多个控制中心的内网安全审计系统能够协同工作,是解决上述问题的关键。负载均衡提供了一种廉价有效的扩展服务器带宽和增加吞吐量,加强网络数据处理能力,提高网络的灵活性和可用性的方法。可行有效的负载均衡能为系统构造一个良好的协同工作环境。
论文分析了当前的内网安全审计系统,针对现有内网安全审计系统协同性的不足,详细探讨了内网安全审计系统与CSCW相结合的可能性,研究了内网安全审计系统的协同工作可能带来的问题,以及CSCW环境下内网安全审计系统的新特性,在现有负载均衡算法的基础上,提出了基于可拓模糊理论的负载均衡算法,构建了一个协同环境,设计了一个基于CSCW的内网安全审计系统。该系统以通信机制作为协同工作的基础,以Agent作为协同工作的单元,把协同和控制中心相结合。本文结合相关的关键技术和编程技巧,实现了系统原型的核心模块,解决了安全审计系统中控制中心不能协同工作的问题。最后总结了本文的研究工作,指出了下一步的研究方向。
With the rapid development of Internet and the popularity of computer, network has become the necessary infrastructure of social and national development. The network security problems can not to be ignored. People take a variety of measures to protect network security, such as Authenticated Encryption, Anti-Virus, Firewall, Intrusion Detection System and other technology. However, more than 50 percents of network attacks originate from Intranet in accordance with the statistics. To fundamentally eliminate the vicious attacks, we must strengthen the security guard and security management of Intranet at first.
Intranet security is the hotspot of research on network security, following it, the Intranet security audit system has produced and developed. But the traditional Intranet security audit systems only focus on customizing the audit strategy, monitoring the user behaviors, managing various audit logs and handling the warning behaviors. Usually the control center of audit works in isolation, if only use the personal experience to customize the audit strategy , the accuracy is not high, the pertinence is not strong and it can not make the in-time response and detection to the network security risks. If the number of the audit clients is too big, the load is likely to be too heavy and so that the control centre can not work properly.
At this stage, the completion of each work is the wisdom crystallization of many people. So teamwork is becoming increasingly important in today's society. Use cooperative work to improve the efficiency of the Intranet security audit, so that the Intranet security audit system with a number of control centers can work collaboratively, which is the key to solve the problem. Load balancing provides a cheap and effective capacity to expand the bandwidth and throughput of servers, enhance network's data processing capacity and improve network's flexibility as well as the number of availability methods. Feasible and effective load balancing system can construct a good collaborative work environment.
This paper analyses current Intranet security audit systems, focuses on the disadvantage of existing Intranet security audit system in the collaboration, discusses the combinability between Intranet security audit system and CSCW, studies the potential problems in the cooperative work and the new characteristics in the Intranet security audit system based on CSCW, and then based on existing load balancing algorithmic, brings forward a new load balancing algorithmic based on extension theory, structures a cooperative environmet and designs a Intranet security audit system based on CSCW. The cooperative work of the system base on message communication mechanism and Agent. The paper combines the key technologies and programming skills, implements the core modules of the system. It solves the collaboration in the control center of Intranet security audit system. At the end, the paper summarizes the research and presents the next research.
引文
[1]Tsutomu Shimomura.Takedown:The pursuit and capture of American Most wanted computer outlaw-by the man who did it.Section 1,1994:11-13.
[2]王晓辉,常国岑,邓瑛.网络安全监控与审计系统的设计与实现[J].计算机工程,2002,28(12):195-197.
[3]管军霞.网络监控与审计系统的研究与实现[D].长沙:国防科学技术大学,2005:15-18.
[4]G.B.White,E.A.Fisch.Network security fundamentals[J].EDPACS(USA),1998,25(8):3-12.
[5]Ferraresi Simone.Automatic conflict analysis and resolution of traffic filtering policy for firewall and security gateway[A].In:2007 IEEE International Conference on Communications[C].Roma Italy,2007,1304-1310.
[6]曾毅.分布式网络安全审计关键技术研究[D].成都:电子科技大学,2005:24-25.
[7]Allen J,Christie A,Fithen Wetal.State of the practice of intrusion detection technologies[R],technical report(CMU/SEI-99-TR-028),January 2000.
[8]Briney.A New Direction in Intrusion Detection.http://www.infosecuritymag.com,August,2001.
[9]B.Mukherjee,L.T,Heberlein,K.N.Levitt.Network Intrusion Detection[J].IEEE Network,1994,8(3):26-41.
[10]Vigna G,Kemmerer R A,NetS TAT.A Network-based Intrusion Detection System[J].Journal of Computer Security,1999,7(1):512-515.
[11]何得勇.内部网行为监管审计系统的设计与实现[D].西安:西北工业大学,2004:11-13.
[12]National Security Agency.Information Assurance Solutions Technical Directors[R].Information Assurance Technical Framework.Version 3.1,2002,9.
[13]侯小梅,毛宗源,张波.基于P2DR模型的Internet安全技术[J].计算机工程与应用,2000,36(12):1-5.
[14]Ptacek T.H,Newsham T.N.Insertion,Evasion,and Denial of Service:Eluding Network Intrusion[Z].Secure Networks Inc,1998:7-12.
[15]董晓梅,王丽娜,于戈等.分布式入侵检测系统综述[J].计算机科学,2002,29(3):16-19.
[16]张浩亮,刘利军.一种分布式安全审计模型研究与系统设计[J].计算机安全,2007,3:25-28.
[17]Jonathan Grudin,Computer-Supported Cooperative Work:History and Focus,Computer,May 1994,21(5):19-26.
[18]史美林,向勇,杨光信.计算机支持的协同工作[M].北京:电子工业出版社,2000:5-8.
[19]汤庸,冀高峰,朱君等.协同软件技术及应用[M].北京:机械工业出版社,2007:12-13.
[20]史美林,向勇.CSCW研究中的关键技术[J].中国学术期刊文摘,1997,3(11):1389-1392.
[21]汤庸.计算机支持的协同工作概观[J].工业工程1999,2(3):10-12.
[22]Giguseppe Mantovani.Social Context in HCI:A new framework for mental models cooperation,and communication[J].Cognitive Science,1996,20(2):237-269.
[23]孙艳春,刘积仁.CSCW系统体系结构模型的研究[J].小型微型计算机系统,2001,22(2):210-213.
[24]王魁生,李人厚,李宏敏,张鹏程,任艳花.一个CSCW系统的设计与实现[J].小型微型计算机系统,2001,22(2):214-218.
[25]林建明,陈庆章,赵小敏,吕灵燕.CSCW系统中群体感知技术的研究[J].计算机工程,2001,27(9):43-45.
[26]Markus EMAIL Sohlenkamp.Supporting Group Awareness in Multi-user Environments through Perceptualization[J].European Research Consortium for Informatics and Mathematics at FHG,1999,6:221-226.
[27]陈品德.CSCW系统中共享应用问题剖析[J].计算机工程,1999,25(5):15-17.
[28]冯晨华,徐捷,王鸿谷,庄钊文.CSCW系统中的并发控制机制的研究[J].计算机工程与应用,1999,35(4):21-23.
[29]Luis Aversa,Azer Bestavros.Load Balancing a Cluster of Web Servers Using Distributed Packet Rewriting[J],IEEE Internet Computing,2000,7(8):24-30.
[30]刘广.协同设计中Agent技术研究[D].西安:西北工业大学,2003:33-34.
[31]马恒太,蒋建春,陈伟锋,卿斯汉.基于Agent的分布式入侵检测系统模型[J].软件学报,2000,11(10):1312-1319.
[32]F.Haron and J.R.Davy.Algorithmic Adaptivity in Dynamic Load Balancing[A].In:Proceeding of the Parallel and Distributed Computing and Networks[C].Singapore,August 1997:151-154.
[33]Shoham Y.Agent-oriented programming[J].Artificial Intelligence,1993,60(1):51-92.
[34]Rao A.S,Georgeff M.P.Modeling rational agents within a BDIarchitecture[A].In:Proc 2nd International Conference(KR91)[C].Cambridge,MA,USA,1991:473-484.
[35]刘华勇.基于Agent的计算机协同工作模型研究[D].西安:西北工业大学,2001:14-16.
[36]Finin T,Labrou Y.KQML as an agent communication Language[A].In:Software agents[C],edited by Bradshaw J.M.AAAI Press/The MIT Press,1997:291-316.
[37]蒋明亮.基于CSCW的异构数据库集成技术研究[D].广州:广东工业大学,2007:29-35.
[38]XUE L,ZHANG K,SUN C.Conflict Control Locking in Distributed Cooperative Graphics Editors[A].In:Proceedings of the 1st International Conference on Web Information Systems Engineering (WISE 2000)[C].IEEE Computer Society Press HongKong,2000:401-408.
[39]冯晨华,徐捷等.CSCW系统中的并发控制机制的研究[J].计算机工程与应 用,1999,35(4):21-23.
[40]C.Sun,Wentong Cai.Capturing Causality by Compressed Vector Clock in Real-time Group Editors[A].In:Proceedings of the International Parallel and Distributed Processing Symposium(IPDPS.02)[C].IEEE Computer Society Washington,DC,USA,2002:558-565.
[41]SUN C Z,SOSIC R.Consistency maintenance in web-based real-time group editors[A].In:Proc of the 19th IEEE International Conference on Distributed Computing Systems[C].Austin,1999:15-22.
[42]Cardellini V.,Colajanni M..Dynamic loadbalancing on Webserver systems[J].IEEE Internet Computing,May-June 1999,3(3):28-39.
[43]Trevor Schroeder,Steve Goddard,Byrav Ramamurthy.Scalable Web Server Clustering Technologies[J].IEEE Network,May 2000,14(3):38-45.
[44]Fu Yong,Wang Hongan.Distributed Utilization Control for Real-Time Clusters with Load Balancing[A].In:Proceedings of the 27th IEEE International Real-Time Systems Symposium[C].IEEE Computer Society Washington,DC,USA,2006:137-146.
[45]王洪伟,吴家春,蒋馥.基于可拓集的决策模型研究[J].计算机科学,2003,30(8):130-133.
[46]杨春燕,蔡文.可拓工程[M].北京:科学出版社,2007:18-97.
[47]M.Andreolini,S.Casolari.Dynamic load balancing for network intrusion detection systems based on distributed architectures[A].In:Sixth IEEE International Symposium on Network Computing and Applications[C].Cambridge,MA,July 2007:153-160.
[2]王晓辉,常国岑,邓瑛.网络安全监控与审计系统的设计与实现[J].计算机工程,2002,28(12):195-197.
[3]管军霞.网络监控与审计系统的研究与实现[D].长沙:国防科学技术大学,2005:15-18.
[4]G.B.White,E.A.Fisch.Network security fundamentals[J].EDPACS(USA),1998,25(8):3-12.
[5]Ferraresi Simone.Automatic conflict analysis and resolution of traffic filtering policy for firewall and security gateway[A].In:2007 IEEE International Conference on Communications[C].Roma Italy,2007,1304-1310.
[6]曾毅.分布式网络安全审计关键技术研究[D].成都:电子科技大学,2005:24-25.
[7]Allen J,Christie A,Fithen Wetal.State of the practice of intrusion detection technologies[R],technical report(CMU/SEI-99-TR-028),January 2000.
[8]Briney.A New Direction in Intrusion Detection.http://www.infosecuritymag.com,August,2001.
[9]B.Mukherjee,L.T,Heberlein,K.N.Levitt.Network Intrusion Detection[J].IEEE Network,1994,8(3):26-41.
[10]Vigna G,Kemmerer R A,NetS TAT.A Network-based Intrusion Detection System[J].Journal of Computer Security,1999,7(1):512-515.
[11]何得勇.内部网行为监管审计系统的设计与实现[D].西安:西北工业大学,2004:11-13.
[12]National Security Agency.Information Assurance Solutions Technical Directors[R].Information Assurance Technical Framework.Version 3.1,2002,9.
[13]侯小梅,毛宗源,张波.基于P2DR模型的Internet安全技术[J].计算机工程与应用,2000,36(12):1-5.
[14]Ptacek T.H,Newsham T.N.Insertion,Evasion,and Denial of Service:Eluding Network Intrusion[Z].Secure Networks Inc,1998:7-12.
[15]董晓梅,王丽娜,于戈等.分布式入侵检测系统综述[J].计算机科学,2002,29(3):16-19.
[16]张浩亮,刘利军.一种分布式安全审计模型研究与系统设计[J].计算机安全,2007,3:25-28.
[17]Jonathan Grudin,Computer-Supported Cooperative Work:History and Focus,Computer,May 1994,21(5):19-26.
[18]史美林,向勇,杨光信.计算机支持的协同工作[M].北京:电子工业出版社,2000:5-8.
[19]汤庸,冀高峰,朱君等.协同软件技术及应用[M].北京:机械工业出版社,2007:12-13.
[20]史美林,向勇.CSCW研究中的关键技术[J].中国学术期刊文摘,1997,3(11):1389-1392.
[21]汤庸.计算机支持的协同工作概观[J].工业工程1999,2(3):10-12.
[22]Giguseppe Mantovani.Social Context in HCI:A new framework for mental models cooperation,and communication[J].Cognitive Science,1996,20(2):237-269.
[23]孙艳春,刘积仁.CSCW系统体系结构模型的研究[J].小型微型计算机系统,2001,22(2):210-213.
[24]王魁生,李人厚,李宏敏,张鹏程,任艳花.一个CSCW系统的设计与实现[J].小型微型计算机系统,2001,22(2):214-218.
[25]林建明,陈庆章,赵小敏,吕灵燕.CSCW系统中群体感知技术的研究[J].计算机工程,2001,27(9):43-45.
[26]Markus EMAIL Sohlenkamp.Supporting Group Awareness in Multi-user Environments through Perceptualization[J].European Research Consortium for Informatics and Mathematics at FHG,1999,6:221-226.
[27]陈品德.CSCW系统中共享应用问题剖析[J].计算机工程,1999,25(5):15-17.
[28]冯晨华,徐捷,王鸿谷,庄钊文.CSCW系统中的并发控制机制的研究[J].计算机工程与应用,1999,35(4):21-23.
[29]Luis Aversa,Azer Bestavros.Load Balancing a Cluster of Web Servers Using Distributed Packet Rewriting[J],IEEE Internet Computing,2000,7(8):24-30.
[30]刘广.协同设计中Agent技术研究[D].西安:西北工业大学,2003:33-34.
[31]马恒太,蒋建春,陈伟锋,卿斯汉.基于Agent的分布式入侵检测系统模型[J].软件学报,2000,11(10):1312-1319.
[32]F.Haron and J.R.Davy.Algorithmic Adaptivity in Dynamic Load Balancing[A].In:Proceeding of the Parallel and Distributed Computing and Networks[C].Singapore,August 1997:151-154.
[33]Shoham Y.Agent-oriented programming[J].Artificial Intelligence,1993,60(1):51-92.
[34]Rao A.S,Georgeff M.P.Modeling rational agents within a BDIarchitecture[A].In:Proc 2nd International Conference(KR91)[C].Cambridge,MA,USA,1991:473-484.
[35]刘华勇.基于Agent的计算机协同工作模型研究[D].西安:西北工业大学,2001:14-16.
[36]Finin T,Labrou Y.KQML as an agent communication Language[A].In:Software agents[C],edited by Bradshaw J.M.AAAI Press/The MIT Press,1997:291-316.
[37]蒋明亮.基于CSCW的异构数据库集成技术研究[D].广州:广东工业大学,2007:29-35.
[38]XUE L,ZHANG K,SUN C.Conflict Control Locking in Distributed Cooperative Graphics Editors[A].In:Proceedings of the 1st International Conference on Web Information Systems Engineering (WISE 2000)[C].IEEE Computer Society Press HongKong,2000:401-408.
[39]冯晨华,徐捷等.CSCW系统中的并发控制机制的研究[J].计算机工程与应 用,1999,35(4):21-23.
[40]C.Sun,Wentong Cai.Capturing Causality by Compressed Vector Clock in Real-time Group Editors[A].In:Proceedings of the International Parallel and Distributed Processing Symposium(IPDPS.02)[C].IEEE Computer Society Washington,DC,USA,2002:558-565.
[41]SUN C Z,SOSIC R.Consistency maintenance in web-based real-time group editors[A].In:Proc of the 19th IEEE International Conference on Distributed Computing Systems[C].Austin,1999:15-22.
[42]Cardellini V.,Colajanni M..Dynamic loadbalancing on Webserver systems[J].IEEE Internet Computing,May-June 1999,3(3):28-39.
[43]Trevor Schroeder,Steve Goddard,Byrav Ramamurthy.Scalable Web Server Clustering Technologies[J].IEEE Network,May 2000,14(3):38-45.
[44]Fu Yong,Wang Hongan.Distributed Utilization Control for Real-Time Clusters with Load Balancing[A].In:Proceedings of the 27th IEEE International Real-Time Systems Symposium[C].IEEE Computer Society Washington,DC,USA,2006:137-146.
[45]王洪伟,吴家春,蒋馥.基于可拓集的决策模型研究[J].计算机科学,2003,30(8):130-133.
[46]杨春燕,蔡文.可拓工程[M].北京:科学出版社,2007:18-97.
[47]M.Andreolini,S.Casolari.Dynamic load balancing for network intrusion detection systems based on distributed architectures[A].In:Sixth IEEE International Symposium on Network Computing and Applications[C].Cambridge,MA,July 2007:153-160.
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |