基于社团结构的网络协同防御

以公共互联网安全需求为背景,研究基于社团结构的网络协同防御问题.首先,根据网络逻辑结构及节点功能,将目标网络划分为多个网络社团,按照分布式协同控制模式设计了协同防御架构基础通信模型,在此基础上,融合信息蜜罐和蜜网、协同防御策略库、基于节点信任值管理的防火墙等功能模块,提出了基于社团结构的网络协同防御架构.其次,借鉴网络生态系统运维理念,设计了网络协同防御机制,通过态势感知协同、态势分析协同、行动决策协同和调节反馈协同等集体行动,提升网络的病毒检测能力、快速响应能力和应急恢复能力.最后,以潜伏型病毒防御为例,给出了网络协同防御流程,仿真分析了协同防御性能.相比无协同防御网络,基于社团结构的网络协同防御能以较小的通信损失,抑制潜伏型病毒传播和维护网络安全.

A Cooperative Network Defense Based on Community Structure

Taking public Internet security requirements as a background, the study of network cooperative defense is based on community structure. First, according to the logical structure and node function of the network, the target network is divided into several network communities, and a basic communication model of cooperative defense architecture is designed according to the distributed cooperative control mode. On this basis, a cooperative network defense architecture based on community structure is proposed by integrating information honeypot and honeynet, cooperative defense strategy library, and firewall based on the node trust value management. A cooperative mechanism is designed by using the experience of concept of network ecosystem operation for reference. Through the collective activities as situation awareness, the situation analysis, the action decision and the regulation feedback, the network defense abilities, such as virus detection, rapid response and emergency recovery, can be improved respectively. Finally, taking the latent virus defense as an example, the cooperative network defense flow is given as well as numerical performance simulations. Compared with the non cooperative defense network, the network cooperative defense based on community structure can inhibit the spread of latent virus and enhance network security with less communication loss.