CN103116670A - Transition consistency verification method of computer network defending strategy - Google Patents
Transition consistency verification method of computer network defending strategy Download PDFInfo
- Publication number
- CN103116670A CN103116670A CN2013100331211A CN201310033121A CN103116670A CN 103116670 A CN103116670 A CN 103116670A CN 2013100331211 A CN2013100331211 A CN 2013100331211A CN 201310033121 A CN201310033121 A CN 201310033121A CN 103116670 A CN103116670 A CN 103116670A
- Authority
- CN
- China
- Prior art keywords
- measure
- strategy
- measures
- statement
- packet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Disclosed is a transition consistency verification method of a computer network defending (CND) strategy. The steps are as follows: (1) strategy preprocessing is firstly carried out; the input strategy description files and topology description files are analyzed through a lexical analyzer and a grammar analyzer generated by a lex (lexical analyzer)/yacc (yet another compiler compiler) tool, and a data package range of processing actions of each kind is obtained. A corresponding subject and a corresponding object are elaborated; (2) then measure preprocessing is carried out: the input measure description files are analyzed through the lexical analyzer and the grammar analyzer generated by the lex/yacc tool so as to confirm a protection domain managed by the equipment, irrelevant configuration rules are removed, and the data package range processed by the regulated actions is taken out; (3) data package ranges of actions of various kinds are formed in logical expressions, and the logical expressions correspond to related safety equipment. Solving of a property decision tool Yices can be met by propositional logic, all the data package ranges are browsed, and whether redundancy or deficiency of the measures exists is detected.
Description
Technical field
The invention belongs to the computer network security technology field, consistent method whether between the high-rise strategy in a kind of authenticating computer cyber-defence and the underlying device measure specifically, the thought slave firewall Rule Extended of consistency analysis in the environment of computer network defense strategy.
Background technology
The computer network defense strategy refers to that computer network and infosystem are selected the rule of defensive measure according to certain condition in order to realize specific Security Target.Along with increased for the attack of large-scale network and infosystem, the research of network security has entered the stage of dynamic security.Strategy is being played the part of important role always in the management of safety equipment, impact is and guiding the configuration of safety practice.Usually, strategy is based on human thinking's abstraction cognition, can't directly be understood by the network equipment.The cyber-defence strategy of high level need to be translated through artificial or robotization ground, be processed into the low layer measure, could be carried out by equipment and personnel.The conversion of defence policies is the process of a Stepwise Refinement, and a vital task in the tactful evolutionary process is exactly consistency analysis and the checking of each abstraction hierarchy strategy conversion.By the consistance before and after the check conversion, the disappearance of analyzing and pointing out to produce in the transfer process and redundant situation can instruct strategy further to develop, and can correctly carry out on equipment for strategy provides solid foundation.The conversion consistency verification method of existing computer network defense strategy mainly contains following problem:
(1) be limited to research object, the model checking method of logic-based programming only for traditional packet filter firewall, can not be expressed the integrality of computer network defense during research strategy conversion consistency problem fully.Therefore, expand model to all kinds of defence policies, still require study.
(2) present, based on the consistency detection model of Colored Petri Net, only can whether have logic error by verification system, and can not locate the reason that leads to errors and occur.And the state explosion problem of Colored Petri Net has limited the network size that he can verify.
(3) research method of semantic-based similarity is because the participation of subjective factor causes conforming judgement to be inaccurate.And similarity is a numerical value, can't point out with precision to produce inconsistent position.
Summary of the invention
Technology of the present invention is dealt with problems: overcome the deficiencies in the prior art, a kind of conversion consistency verification method of computer network defense strategy is proposed, the method both can have been analyzed and location measure exists with respect to strategy disappearance or redundancy, can also based on strategy, provide and not satisfy conforming measure counter-example and improvement idea.And the method time efficiency is higher, is fit to the checking of fairly large network.
The technical scheme that the present invention takes is: the conversion consistency verification method of computer network defense strategy, and step is as follows:
(1) in the data preprocessing part, mainly be comprised of the two large divisions, a part is the pre-service to strategy, and another part is the pre-service to measure.Strategy is the benchmark that system conformance is analyzed, and for the processing of strategy, at first is the grammatical analysis according to lex and yacc, obtains the packet scope of processing for each class action.Corresponding main body, object are carried out precision.
(2) the measure preprocessing part slightly is more complex than the pre-service of strategy in the step (1).Because after strategy is converted to measure, a strategy may generate many measures.But the measure collection that obtains is identical in basic structure, the instantiation IP in the place that minority is different is present in that different measure disposes the inconsistent or same noun indication of concrete node generation is different, in the strategy node of placing is referred to as organizational structure, this noun has been continued to use in measure.Therefore, at first to determine the protected field that equipment is managed, then weed out irrelevant configuration rule, and the handled packet scope of the action of its regulation is extracted.
(3) generation of satisfiability expression formula is the body matter of consistency analysis with verification portion, grammer by the description of SMT descriptive language, the packet scope of all kinds of actions that step (1), step (2) are generated is expressed as logical expression, and corresponds on the corresponding safety equipment.The SMT instrument is the same with the SAT instrument all to be can satisfy problem with solving propositional logic.But different is that the SAT instrument only can solve the logical proposition that only comprises Boolean variable.And according to particular theory and logic, SMT can solve more widely propositional logic problem, these problems can comprise integer variable, and the variable of type real, a logical proposition that contains integer variable or real variable that only needs to obtain are given the SMT instrument and found the solution and get final product.Choose Yices here and find the solution instrument as logical formula.Can easily the packet scope be converted into the logical expression of integer form, thereby utilize ripe proof of compliance instrument to travel through all packet scopes, and obtain measure and whether have redundancy or disappearance.
(4) the error tracking part is mainly finished the work of two aspects.1. locate the position of inconsistent generation.In step (3), can satisfy expression formula and produce and to satisfy solution, just can determine to have produced herein disappearance or redundant.2. construction data bag counter-example.Because the SMT solver only can provide a packet tuple that satisfies expression formula, this is not sufficient to guidance management person and improves inconsistent.Therefore by merging the minterm in the expression formula, reach the packet scope that constructs counter-example, find out all inconsistent data bag scopes.
A CND strategy in the described step (1) comprises organizational structure, role, activity, view, context, measure element.
The defensive measure in the dynamic security model can be described in the DMDL language that description measure file in the described step (1) adopts, the defensive measure that its emphasis is described comprises: in the safeguard measure to the description of static packet filtering rules, to the description of status firewall, and to the description of SYNFlood (IP protocol synchronization position inundation), UDPStorm (udp protocol inundation), ICMPFlood (ICMP agreement inundation) traffic filtering parameter; In the detection method to the description of inbreak detection rule, to the description of intrusion detection node configuration information; The configuration of responsive measures is described.
Behavior extraction of semantics in the described step (2) is to extract by the statement that all is comprised the measure nonterminal symbol, comprises safeguard measure different classes of in the above-mentioned production, detection method and responsive measures.Because nonterminal symbol can produce fixing and unique terminal symbol action at last, therefore, the view, the role that this statement are related to according to final terminal symbol action carry out corresponding classification.
Data field tuple in the described step (3) refers to utilize recurcall (repeating to call), success (success) and three derivation rules of failure (failure) that iterative processing is carried out in all measures to the conversion method of satisfiability expression formula, and simultaneously mark is carried out in measure, process successful condition and have two: 1. will handle all measure rules, this represents that the packet of processing in all measures all has statement in strategy, namely satisfy break-even definition; 2. the packet of policy statement all should be among the process range of measure, and this is to the definition without disappearance; Process failed condition and also have two: 1. measure is gathered not processed complete.It can be parked in the rule place when pre-treatment so, and this rule of prompting keeper exists redundant.Because the packet scope of this rule statement there is no statement in strategy; 2. satisfy the failure derivation rule, after this represented that all measures are finished dealing with, still the need of some policy statement packet to be processed was not processed, namely had disappearance.
The method of finding the solution counter-example in the described step (4) refers to exist in the situation of authentication failed, and the SMT solver provides a solution that satisfies expression formula, by record counter-example packet, thereby therefrom extracts wherein expression formula; Because the SMT solver only can provide a counter-example, then returns; Therefore, need to temporarily ignore this counter-example, and allow Tactics and measures be consistent, could begin to carry out the checking of a new round, by constantly setting up new counter-example, with and corresponding satisfiability expression formula, polynomial expression identical in the expression formula is merged, thereby obtain the scope of counter-example packet, for keeper's device configuration management provides improvement idea.
The present invention is with the beneficial effect that existing technical method is compared:
(1) the present invention can analyze and verifies the consistance between CNDPSL language description strategy and the measure.CNDPSL is a kind of language of stating formula, and the formalized model of strategy, measure, network has been set up in the abstract control behavior of cyber-defence, can unify to describe protection, detection and response strategy.Therefore the present invention is significant to automatic deployment and the defect analysis of the strategy in the computer network defense, measure.
(2) the present invention is directed between the Tactics and measures in the computer network defense consistance and analyze, rather than only study for traditional packet filter firewall, therefore can express preferably the integrality of computer network defense.The method that the present invention proposes not only can accurately be located and be produced inconsistent position, the state explosion problem that Petri net analytical approach produces also can not occur, and has improved to the full extent consistency checking efficient, is applicable to the checking of fairly large network.
(3) based on the consistency detection model of Colored Petri Net, only can whether have logic error by verification system, and can not locate the reason that leads to errors and occur.And the state explosion problem of Petri net has limited the network size that he can verify.And the verification model based on SMT that the present invention proposes does not just have this problem.
(4) the satisfiability verification technique based on SMT of the present invention's proposition is compared with existing SAT method, can be fast, accurate analysis and the location measure disappearance or the redundancy that exist with respect to strategy, and can based on strategy, provide and not satisfy conforming measure counter-example and improvement idea.
Description of drawings
Fig. 1 is the functional structure chart that strategy of the present invention is changed the consistency analysis system;
Fig. 2 is the state transition diagram of automaton model of the present invention;
Fig. 3 is the precedence diagram of data preprocessing module of the present invention;
Fig. 4 is the process flow diagram of behavior extraction of semantics module of the present invention;
Fig. 5 is data field derivation rule figure of the present invention;
Fig. 6 is Opposite Example algorithm flow chart of the present invention.
Embodiment
The present invention adopts and based on the satisfiability solving theory of SMT the Tactics and measures in the computer network defense is carried out modeling, and then both are carried out consistency checking.If be configured to satisfy formula, then illustrate to exist inconsistently between strategy and the measure, utilize derivation rule can obtain counter-example, can obtain inconsistent position, type and reason by further parsing.
1, automat is described
Conceptual model according to the consistency analysis of the computer network defense strategy that provides before conversion, constructed the automaton model of the consistency analysis of computer network defense strategy conversion, wherein the state transition function of automaton model comes from the relation between the activity in the conceptual model, each state by entitative concept at a time all values and consist of.This model is expressed as follows with pushdown automata:
P=(Q,∑,Γ,δ,q
0,Z
0,F)
Wherein, state set Q={q wherein
0, q
1, q
2, q
3, q
4, q
5, q
5' q
6, q
7, q
8, q
9, q
10Incoming symbol collection ∑={ p, m, s
p, s
m, t}; Stack symbol collection Γ={ P, M, W
p, W
m, C
p, C
m, S
p, S
m, D, S
s, C
s, Z
0; δ is the shape body transfer function of automat, and concrete state transition as shown in Figure 2; Final state collection F={q
0.
q
0Expression initial state and normal final state are namely finished conforming analysis, q
1The complete state of expression reception strategy statement, q
2Represent the reception strategy syntax and obtain the in order state of words and phrases collection of strategy, q
3Expression is extracted the behavior semanteme of orderly words and phrases collection and is obtained the state of policy data territory tuple, q
4The complete state of measure statement, q are accepted in expression
6The state of the measure syntax and the orderly words and phrases collection of the measure that obtains, q are accepted in expression
7The state of topology and the orderly concept set of the measure that obtains and policy construction, q are accepted in expression
8Expression is accepted the measure syntax and is obtained measure structure and the state of policy construction, q
9Expression obtains structural similarity and the right state of key, q by policy construction and measure structure
10Expression by key to obtaining the state of concept similarity, at last by q
10State returns original state q after comprehensively drawing semantic similarity
0Automaton model as shown in Figure 2, table 1 has provided the symbol description of ∑ and Γ.
Symbol description table in table 1 automat
Symbol | The symbol implication |
p | Represent tactful descriptive statement |
m | Expression measure descriptive statement |
s p | Represent tactful syntax |
s m | Expression measure syntax |
t | The expression topology is described |
P | Stack symbol represents tactful descriptive statement |
M | Stack symbol, expression measure descriptive statement |
W p | Stack symbol, the expression strategy is the words and phrases collection in order |
W m | Stack symbol, the orderly words and phrases collection of expression measure |
C p | Stack symbol, the expression strategy is concept set in order |
C m | Stack symbol, the orderly concept set of expression measure |
S p | Stack symbol, the semantic structure of expression policy statement |
S m | Stack symbol, the semantic structure of expression measure statement |
D | Stack symbol, the expression key is to collection |
S s | Stack symbol, expression statement satisfiability expression formula |
C s | Stack symbol, expression measure location set |
Z 0 | Symbol at the bottom of the stack is without implication |
2, data pre-service
Data preprocessing module of the present invention mainly is comprised of two submodules, and a part is the pre-service to policy statement, and another part is the pre-service to the measure statement, as shown in Figure 3.Policy statement is the benchmark that system conformance is analyzed, and this problem thinks that whole strategy is to have embodied comparatively accurately the upper strata intention.For the processing of strategy, at first be the grammatical analysis according to Lex, Yacc, obtain the packet scope of processing for each class action.Corresponding main body, object are carried out precision.As another module of data preprocessing module, the pre-service of measure statement slightly is more complex than the pre-service of policy statement.Because after strategy is converted to measure, a policy statement may generate many measure statements.But the measure statement collection that obtains is identical in basic structure, the instantiation IP in the place that minority is different is present in that different measure disposes the inconsistent or same noun indication of concrete node generation is different, in the strategy node of placing is referred to as organizational structure, this noun has been continued to use in measure.Therefore, at first to determine the protected field that equipment is managed, then weed out irrelevant configuration rule, and the handled packet scope of the action of its regulation is extracted.
By the grammatical analysis of Lex, Yacc, policy statement is identified as corresponding syntactical unit.Because this paper only need to extract the behavior semanteme, therefore all are comprised<measure the statement of nonterminal symbol extracts, and comprises different classes of in the above-mentioned production<measure (<protect_measure 〉,<detect_measure 〉,<response_measure 〉).Because nonterminal symbol can produce fixing and unique terminal symbol action at last, therefore, the view, the role that this statement are related to according to final terminal symbol action carry out corresponding classification.Wherein, terminal symbol comprises permit, deny in the above-mentioned production, detect_ICMPFlood, detect_SYNFlood, detect_UDPFlood, detect_Slammer, detect_IPSpoof, detect_PasswordCracker, detect_Smurf, detect_authorityexploit, detect_informationthief, detect_servicedenial, detect_trojan, detect_worm, detect_all, prohibit_source, stop_service etc.And all need find its corresponding declarative statement for sorted role, view etc., and be refined as the data field tuple.By with the object of difference action mark and storing respectively, so that further generate the satisfiability expression formula initial conditions has been arranged.Its extraction process as shown in Figure 4.
3, the satisfiability expression formula generates and checking
The semantic data field tuple that obtains that extracts can't be directly by the solver of SMT institute Direct Recognition.Therefore, need a kind of robotization to convert the data field tuple to first order logic expression formula that the SMT prescribed language is described.Secondly, the satisfiability expression formula that generates need to be made up, it is configured to never satiable expression formula.If can be satisfied, then represent to exist between strategy and the measure inconsistent, it satisfies solution namely is inconsistent counter-example.The below provides two aspects that consistency checking detects: without disappearance, irredundant.At first, begin with two tuples (MC, D).Wherein MC is measure (filtering rule) sequence, and D is the subset of data field complete or collected works P, utilizes D to store by the data field scope of rule treatments accumulative total before the MC.
As shown in Figure 5, Recurcall is topmost derivation rule.It is at first regular with article one of (MC, D) centering
Extract, if it satisfies regular not processed before this rule of the related packet of dom (r), and in the packet scope of policy statement, so, just this rule is labeled as processing, pick out among the MC.Simultaneously D is extended for D ∪ dom (r).Thereby the like this processing of iteration can be handled whole measure rule.
Successful condition.Successful condition comprises two.The first, handle all measure rules, namely
This represents that the packet of processing in all measures all has statement in strategy, namely satisfy break-even definition.The second, satisfy
The packet that is policy statement all should be among the process range of measure, and this is to the definition without disappearance.
Failed condition.In the process of implementation, there are two class mistakes.The first, MC is not processed complete.It can be parked in the rule place when pre-treatment so, and this rule of prompting keeper exists redundant.Because the packet scope of this rule statement there is no statement in strategy.The second, do not satisfy
After this represented that all measures are finished dealing with, still the need of some policy statement packet to be processed was not processed, namely had disappearance.
The packet scope dom (Ri) that utilizes satisfiability method representation strategy, measure to represent, and then carry out the Property Verification of measure redundancy, disappearance.Following two expression formulas of major requirement can satisfy never.For irredundant, namely require for each rule Ri,
Can satisfy never.Wherein,
Φ
AiFor action in the strategy is the satisfiability expression formula of the packet scope of Ai.On the other hand, for without disappearance, namely require the Φ that obtains for handling all measure rules
i, and corresponding actions Φ in the strategy
Ai, guarantee
Can not be satisfied.
4, data Opposite Example
Because by the result that the SMT solver obtains, when having satisfied the solution, what return only is the counter-example of a packet.Be not enough to like this allow the keeper aware the potential safety hazard that whole network exists.Therefore, by with a plurality of counter-examples that exist with expression formula, by the method that minterm is cleared up, pool one and satisfy the packet scope of separating.Its process flow diagram as shown in Figure 6.
At first, utilize the solver of SMT to verify one by one the satisfiability expression formula that structure is good, intact the missing the season of checking, may have the situation of authentication failed.At this moment, the SMT solver provides a solution that satisfies expression formula.This solution namely is the form of the satisfiability expression formula of a counter-example packet.By record counter-example packet, thereby therefrom extract wherein expression formula.Because the SMT solver only can provide a counter-example, then returns.Therefore, need to temporarily ignore this counter-example, and allow Tactics and measures be consistent, could begin to carry out the checking of a new round, by constantly setting up new counter-example, with and corresponding satisfiability expression formula, polynomial expression identical in the expression formula is merged, thereby obtain the scope of counter-example packet, for keeper's device configuration management provides improvement idea.
5, error tracking
The error tracking module is mainly finished the work of two aspects.The first, locate the position of inconsistent generation.Satisfy expression formula and produced and to satisfy solution corresponding, just can determine to have produced herein disappearance or redundant.The second, construction data bag counter-example.Because the SMT solver only can provide a packet tuple that satisfies expression formula, this is not sufficient to guidance management person and improves inconsistent.Therefore by merging the minterm in the expression formula, reach the packet scope that constructs counter-example, find out all inconsistent data bag scopes.
Claims (5)
1. the conversion consistency verification method of computer network defense strategy is characterized in that step is as follows:
(1) at the data preprocessing part, utilize Lex, Yacc automatically to resolve CNDPSL (CND Policy Specification Language, the computer network defense policy description language) the measure file that the strategy file of describing and DMDL (defensive measure descriptive language) describe, can parse protection type strategy, detection type strategy and response type strategy and protection type measure, the measure of detection type and response type measure, wherein, deposit many strategies in the strategy file, depositing many measures in the measure file;
(2) behavior of the Tactics and measures in the extraction step (1) is semantic, and draws the data field tuple of each class behavior, and can provide the structural representation of the data field tuple of Tactics and measures;
(3) obtain after the data field tuple of the different behaviors of Tactics and measures by step (2), can generate the satisfiability expression formula according to the data field tuple that obtains Tactics and measures, be input to SMT (Satisfiability Modular Theory, the satisfiability theory of modules) among the decision means Yices, verifies consistance according to the reliability that defines in the model and two aspects of completeness;
(4) if in step (3), detect inconsistent, then enter the error tracking stage, at this moment will adopt data packet generator by sending the packet corresponding with the data field tuple, whether in strategy, state really of observed data, and not configuration in measure, thereby the correctness of checking consistency analysis system, and can based on strategy, provide and not satisfy conforming measure counter-example and improvement idea.
2. the conversion consistency verification method of computer network defense strategy according to claim 1, it is characterized in that: a CND strategy in the described step (1) comprises organizational structure, role, activity, view, context, measure element.
3. the conversion consistency verification method of computer network defense strategy according to claim 1, it is characterized in that: the defensive measure in the dynamic security model can be described in the DMDL language that the description measure file in the described step (1) adopts, the defensive measure that its emphasis is described comprises: in the safeguard measure to the description of static packet filtering rules, to the description of status firewall, and to the description of SYNFlood, UDPStorm, ICMPFlood traffic filtering parameter; In the detection method to the description of inbreak detection rule, to the description of intrusion detection node configuration information; The configuration of responsive measures is described.
4. the conversion consistency verification method of computer network defense strategy according to claim 1; it is characterized in that: the behavior extraction of semantics in the described step (2); be to extract by the statement that all is comprised the measure nonterminal symbol, comprise safeguard measure different classes of in the above-mentioned production, detection method and responsive measures.Because nonterminal symbol can produce fixing and unique terminal symbol action at last, therefore, the view, the role that this statement are related to according to final terminal symbol action carry out corresponding classification.
5. the conversion consistency verification method of computer network defense strategy according to claim 1, it is characterized in that: the data field tuple in the described step (3) refers to utilize recurcall (repeating to call) to the conversion method of satisfiability expression formula, success (success) and three derivation rules of failure (failure) carry out iterative processing to all measures, and simultaneously mark is carried out in measure, process successful condition and have two: 1. will handle all measure rules, this represents that the packet of processing in all measures all has statement in strategy, namely satisfy break-even definition; 2. the packet of policy statement all should be among the process range of measure, and this is to the definition without disappearance; Process failed condition and also have two: 1. measure is gathered not processed complete; It can be parked in the rule place when pre-treatment so, and this rule of prompting keeper exists redundant.Because the packet scope of this rule statement there is no statement in strategy; 2. satisfy the failure derivation rule, after this represented that all measures are finished dealing with, still the need of some policy statement packet to be processed was not processed, namely had disappearance.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310033121.1A CN103116670B (en) | 2013-01-28 | 2013-01-28 | The switching consistency verification method of computer network defense strategy |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310033121.1A CN103116670B (en) | 2013-01-28 | 2013-01-28 | The switching consistency verification method of computer network defense strategy |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103116670A true CN103116670A (en) | 2013-05-22 |
CN103116670B CN103116670B (en) | 2015-12-23 |
Family
ID=48415043
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310033121.1A Expired - Fee Related CN103116670B (en) | 2013-01-28 | 2013-01-28 | The switching consistency verification method of computer network defense strategy |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103116670B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109246159A (en) * | 2018-11-27 | 2019-01-18 | 杭州迪普科技股份有限公司 | A kind of method and apparatus for verifying security strategy |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050071792A1 (en) * | 2003-09-26 | 2005-03-31 | Mentor Graphics Corporation | Secure exchange of information in electronic design automation |
CN101950340A (en) * | 2010-09-17 | 2011-01-19 | 北京航空航天大学 | Computer network defensive strategy conversion-oriented semantic similarity detection system |
-
2013
- 2013-01-28 CN CN201310033121.1A patent/CN103116670B/en not_active Expired - Fee Related
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050071792A1 (en) * | 2003-09-26 | 2005-03-31 | Mentor Graphics Corporation | Secure exchange of information in electronic design automation |
CN101950340A (en) * | 2010-09-17 | 2011-01-19 | 北京航空航天大学 | Computer network defensive strategy conversion-oriented semantic similarity detection system |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109246159A (en) * | 2018-11-27 | 2019-01-18 | 杭州迪普科技股份有限公司 | A kind of method and apparatus for verifying security strategy |
CN109246159B (en) * | 2018-11-27 | 2021-09-21 | 杭州迪普科技股份有限公司 | Method and device for verifying security policy |
Also Published As
Publication number | Publication date |
---|---|
CN103116670B (en) | 2015-12-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111163086B (en) | Multi-source heterogeneous network security knowledge graph construction and application method | |
CN107404473A (en) | Based on Mshield machine learning multi-mode Web application means of defences | |
CN106709613B (en) | Risk assessment method applicable to industrial control system | |
CN100463461C (en) | Active network safety loophole detector | |
CN108616534A (en) | A kind of method and system for protecting internet of things equipment ddos attack based on block chain | |
CN107517216A (en) | A kind of network safety event correlating method | |
CN107315954A (en) | A kind of file type identification method and server | |
CN104168288A (en) | Automatic vulnerability discovery system and method based on protocol reverse parsing | |
CN101448007A (en) | Attack prevention system based on structured query language (SQL) | |
CN101968769A (en) | Behavioral model-based software security test case generation method | |
CN107360152A (en) | A kind of Web based on semantic analysis threatens sensory perceptual system | |
WO2017152877A1 (en) | Network threat event evaluation method and apparatus | |
CN102611713A (en) | Entropy operation-based network intrusion detection method and device | |
CN108881316B (en) | Attack backtracking method under heaven and earth integrated information network | |
Hubballi et al. | Network specific false alarm reduction in intrusion detection system | |
Nadiammai et al. | A comprehensive analysis and study in intrusion detection system using data mining techniques | |
Rufai et al. | Improving bee algorithm based feature selection in intrusion detection system using membrane computing | |
RU148692U1 (en) | COMPUTER SECURITY EVENTS MONITORING SYSTEM | |
CN103501302B (en) | Method and system for automatically extracting worm features | |
Roschke et al. | Using vulnerability information and attack graphs for intrusion detection | |
CN103455754B (en) | A kind of malicious searches keyword recognition methods based on regular expression | |
CN114372519A (en) | Model training method, API request filtering method, device and storage medium | |
CN107493275A (en) | The extracted in self-adaptive and analysis method and system of heterogeneous network security log information | |
Teoh et al. | Analyst intuition inspired neural network based cyber security anomaly detection | |
RU180789U1 (en) | DEVICE OF INFORMATION SECURITY AUDIT IN AUTOMATED SYSTEMS |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20151223 Termination date: 20180128 |