中文摘要：

借助恶意代码快速传播搭建的分布式平台对互联网实施大规模入侵,已经成为网络安全领域的热点问题.＂协同安全＂是应对恶意代码分布式攻击的必然趋势,因此提出了一个基于动态对等网层次结构的网络预警模型.该模型的体系结构包含自上而下的两层对等覆盖网和4类节点角色,可以有效地整合网络中各种异构安全防护设施的数据和资源,并且使网络安全防护体系具备了动态自适应调整和跨安全域协作的能力.初步实验表明,该模型不仅可以进行报警消息聚合和关联分析、攻击场景图的生成和实施一定的主动防护,并且具备良好的鲁棒性、扩展性和可管理性.

英文摘要：

The increasing array of invasions against Internet, which are implemented through the distributed platform fabricated by rapid diffusion of malwares, such as worm and botnet, has become a hotspot of network security research. Traditional network warning models have inefficient infrastructure to integrate widely scattering data and computational resources, leading to incompetence in detecting and preventing Internet-scale threats. In this paper, the notion of ＂collaborative security＂ is addressed to be an inevitable approach to resist Internet-scale attacks originated from widely spreading malwares. Therefore, a novel network-warning model based on dynamic peer-to-peer overlay hierarchy has been proposed. The infrastructure of this model has a two-level dynamic P2P overlay hierarchy, which consists of four roles of peers from the top downward and endues the global network defense framework with the ability of self-adaptive adjustment and collaboration across various security domains. As a fundamental characteristic of this model, a compatible XML-based distributed message sharing method is also presented, which effectively integrates the data resources of heterogeneous network security facilities. The result of preliminary experiments based on a proof-of-concept prototype system demonstrates that this model not only carries out alert message aggregation, correlated analysis, attack scenario generation and implementation of active defense mechanism with improved performance and accuracy, but also has prominant robustness, scalability and manageability.