| 网络边界安全的动态防护模型 |
| |
| 引用本文: | 陈玉来,单蓉胜,白英彩. 网络边界安全的动态防护模型[J]. 信息安全与通信保密, 2007, 0(2): 157-159 |
| |
| 作者姓名: | 陈玉来 单蓉胜 白英彩 |
| |
| 作者单位: | 上海交通大学信息安全学院,上海,200240 |
| |
| 摘 要: | 文章提出了一个网络安全防护的动态模型,并基于该模型实现了系统原型。该系统实现了信息流的访问控制和攻击分析检测的有机整合,并根据攻击分析检测的结果进行闭环响应;同时利用TCP服务识别技术以及主动端口扫描技术及时地获得网络服务的变化,然后根据这些变化动态加载分析检测规则,提高了攻击分析检测的准确性和效率。实验结果表明,系统有效地实现了闭环动态防护机制。
|
| 关 键 词: | 网络边界安全 信息流的访问控制 信息流的分析与检测 |
| 文章编号: | 1009-8054(2007)02-0157-03 |
| 修稿时间: | 2006-12-21 |
Dynamic Defense Security Model for Network Perimeter |
| |
| CHEN Yulai,SHAN Rongsheng,BAI Yingcai. Dynamic Defense Security Model for Network Perimeter[J]. China Information Security, 2007, 0(2): 157-159 |
| |
| Authors: | CHEN Yulai SHAN Rongsheng BAI Yingcai |
| |
| Abstract: | This paper presents a dynamic defense model of network security, based on which a prototype system is implemented. The system integrates the mechanisms of detection and access control, and has close loop response to the results of attack detection. The system obtains some changes of the service port by network service discrimination and active scan technologies, and then dynamically adjusts and loads the detection module according to these changes, so that the accuracy and efficiency of detection are improved. The experimental results show that the system has a closed-loop dynamic protection mechanism. |
| |
| Keywords: | network perimeter security access control of information flow analysis and detection of Information flow |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
