位置:成果数据库 > 期刊 > 期刊详情页
基于覆盖网的协同式网络安全防护与分析系统
  • ISSN号:1671-1122
  • 期刊名称:《信息网络安全》
  • 时间:0
  • 分类:TP393.08[自动化与计算机技术—计算机应用技术;自动化与计算机技术—计算机科学与技术]
  • 作者机构:[1]清华大学,北京100084
  • 相关基金:国家973项目[2011CD302600、2011CB302805、2012CB315800]; 国家自然科学A3重点基金项目[61161140320]
作者: 韩阜业[1], 陈震[1], 梁勇[1], 李军[1]
关键词: 协同网络, 安全系统, 覆盖网, collaborative internet, security, overlay network
中文摘要:

互联网安全形势依然严峻,网络安全事件层出不穷,虽然网络安全系统一直在不断的发展,但是传统安全系统间缺少协同机制,难以实施统一的安全策略,无法发挥整体优势。文章提出了一种基于覆盖网的协同式网络安全防护与分析系统,通过覆盖网架构,将原本孤立的网络安全设备互连起来,协同工作,分布式感知与控制管理网络流量,集中分析与处理安全事件,形成全程全网的网络安全事件管理与解决方案。该方案充分利用了覆盖网技术、P2P通讯技术、可信网络连接技术、高速流量记录查询技术和云计算技术等现有的技术来架构一个实用的协同网络安全防护与分析系统。

英文摘要:

Internet security problem is still not well addressed as there are many network security event occurs,such as sending huge volumes of spam or launching Distributed Denial-of-Service(DDoS) attacks to victim targets.These attacks are launched by attackers who controlled a well-organized distributed network consists of a larger volume of hosts called bots.It is difficult to suppress such a distributed,widely,and automotive organized botnet without collaborative effort among the well deployed network security appliances(e.g.Unified Threat Management,i.e.UTM) in Internet.In this paper,we propose a practical Collaborative Internet Security System based on Overlay Network.We design a Peer-to-Peer communication protocol,a collaborative module,and retrofit security functions for UTM to virtually interconnect these UTMs to build a Security Overlay Network.In this Security Overlay Network,each UTM can communicate with each other to exchange security rules,events and signatures,and the huge size of signatures and security rules file can be disseminated easily,also ensure the security rules version in UTM will be consistency.Our design leverages existing technology to fully construct a comprehensive Collaborative Internet Security System for practical use.In the real deployment of our Security Overlay Network,several concrete applications,experiments and demos are also conducted and the results are also presented.

同期刊论文项目
 面向服务的未来互联网体系结构与机制研究
期刊论文 18
下一代互联网安全与隐私关键性技术的研究
期刊论文 184 会议论文 113
同项目期刊论文
TST: Threshold Based Similarity Transitivity Method in Collaborative Filtering with Cloud Computing
安全两方线段求交协议及其在保护隐私凸包交集中的应用
基于动态邻接信任模型的安全路由算法研究
基于参数建模的分布式信任模型
面向MANET路由的多属性动态信任模型
利用干扰消除的协同中继传输方案
基于代理的即时属性撤销KP-ABE方案
TIFAflow: Enhancing Traffic Archiving System with Flow Granularity for Forensic Analysis in Network
<span style="font-family: ;" lang="EN-US" New="" Times=""
<span style="font-size:10.5pt;font-family:&quot;color:black;">Hierarchical quant
CPPA:Cloud based Privacy Preserving Aggregation Architecture in Muti-Domain Wireless Networks
Quantum secret sharing for general access structures based on multiparticle entanglements
A class of protocols for quantum private comparison based on the symmetry of states
Efficient Lattice - Based Signcryption in Standard Model
Effect of spatial distribution on the synchronization in rings of coupled oscillators
An Efficient Patch Dissemination Strategy for Mobile Networks
Adaptive Synchronization of Complex Dynamical Multilinks Networks with Similar Nodes
MobSafe:Cloud Computing Based Forensic Analysis for Massive Mobile Applications Using Data Mining
<span style="font-size:10.5pt;font-family:&quot;color:black;">Quantum secret sha
Dependability Analysis of Control Center Networks in Smart Grid
A Distributed Fault/Intrusion-Tolerant Sensor Data Storage Scheme Based on Network Coding and Homomo
Hierarchical quantum information splitting of an arbitrary two - qubit state via the cluster state
一种无状态的短签名方案
A secure and efficient data aggregation framework in vehicular sensing networks
More efficient CCA-secure unidirectional proxy re-encryption schemes without random oracles
A collaborative botnets suppression system based on overlay network
<span style="font-size:10.5pt;font-family:&quot;color:black;">A class of protoco
Human-factor-aware Privacy Preserving Aggregation in Smart Grid
Fairness-aware and Privacy-Preserving Friend Matching Protocol in Mobile Social Networks
Performance evaluation and dynamic optimization of speed scaling on web servers in cloud computing
Securing m-healthcare social networks: challenges, countermeasures and future directions
Multi-use unidirectional identity-based proxy re-encryption from hierarchical identity-based encrypt
<span style="font-size:10.5pt;font-family:&quot;">CCA-Secure IB-KEM from Identit
SUCCESS: A Secure User-centric and Social-aware Reputation Based Incentive Scheme for DTNs
Chameleon Hash Functions and One-Time Signature Schemes from Inner Automorphism Groups
<span style="font: 13px/16px Arial, sans-serif; color: rgb(34, 34, 34); text-transform: none
一个高效安全的空间加密方案
<span style="font-size:10.5pt;font-family:&quot;"><a href="http://online
<span style="color: black; font-family: ;" Roman?,?serif?;font-size:10.5pt;?="&quo
Efficient Trust Based Information Sharing over Distributed Collaborative Network
基于CNN同心邻域极值的多车道智能交通系统图像多车牌区域的边缘检测
动态疫苗接种的入侵检测方法
基于可信建模过程的信任模型评估算法
对一个格基身份签名方案的分析和改进
基于粗糙集和人工免疫的集成入侵检测模型
一种基于身份的智能电网认证模式
VANET中一种保护隐私的安全叫车协议
微博影响力评价研究
TIFAflow: Enhancing Traffic Archiving System with Flow Granularity for Forensic Analysis in Network Security
有限域上方程x~r=a的求解
ICN体系结构与技术研究
物联网汇聚安全网关关键技术研究
高速网络流量管理系统研究
内容中心网络的隐私问题研究
基于特征码病毒扫描技术的研究
基于倒排列表的网流索引检索与压缩方法
一种基于大数据技术的舆情监控系统
Google Bigtable系统的可信性研究
互联网自治域商业关系推测算法
transmission mechanism based on burst filling in hybrid optical burst/circuit switching networks
OBS网络中一种基于非线性整数规划的多路由机制
S-Vivaldi:一种基于空间修复的因特网时延空间嵌入算法
可自恢复的数字图像认证算法研究
微博影响力评价研究
基于服务网络的语义模型和标识的研究
服务定制网络助推未来网络发展
IPv6过渡机制:研究综述、评价指标与部署考虑
ICN体系结构与技术研究
物联网汇聚安全网关关键技术研究
高速网络流量管理系统研究
内容中心网络的隐私问题研究
基于特征码病毒扫描技术的研究
基于倒排列表的网流索引检索与压缩方法
一种基于大数据技术的舆情监控系统
互联网性能测量技术发展研究
期刊信息
  • 《信息网络安全》
  • 主管单位:中华人民共和国公安部
  • 主办单位:公安部第三研究所 中国计算机学会 计算机安全专业委员会
  • 主编:关非
  • 地址:北京市海淀区阜成路58号新洲商务大厦301B
  • 邮编:100142
  • 邮箱:gassbj@163.com
  • 电话:010-88114408 88111078 88118778
  • 国际标准刊号:ISSN:1671-1122
  • 国内统一刊号:ISSN:31-1859/TN
  • 邮发代号:4-688
  • 获奖情况:
  • 万方,同方,维普
  • 国内外数据库收录:
  • 被引量:6058