计算机应用 ›› 2010, Vol. 30 ›› Issue (06): 1475-1479.

• 信息安全 • 上一篇    下一篇

网络安全组件间协同响应机制研究

杨宏宇1,李学菲2   

  1. 1. 中国民航大学
    2.
  • 收稿日期:2009-12-02 修回日期:2010-01-20 发布日期:2010-06-01 出版日期:2010-06-01
  • 通讯作者: 杨宏宇
  • 基金资助:
    国家自然科学基金资助项目;国家863计划重点课题;中央高校基本科研业务费专项项目;中国民航科技基金项目;天津市科技支撑计划重点项目

Research on collaborative response mechanism of network security components

  • Received:2009-12-02 Revised:2010-01-20 Online:2010-06-01 Published:2010-06-01
  • Contact: YANG Hong-yu

摘要: 为解决由于组件间缺乏协同机制而无法充分发挥网络安全系统整体优势的问题,提出了一种基于策略的协同响应机制。基于策略驱动模型设计安全组件间的协同响应过程,通过对入侵检测消息交换格式(IDMEF)的扩展实现协同消息,采用块可扩展交换协议(BEEP)框架实现用于组件通信的入侵检测交换协议(IDXP),编程实现协同模块实施协同操作。运用该机制对网络安全组件的协同响应进行评估实验,获得各个阶段的时间开销。实验结果表明该机制能有效地实现网络安全组件的协同响应。

关键词: 网络安全组件, 协同响应机制, 策略, IDMEF, IDXP

Abstract: To solve the problem that the network security systems cannot play overall advantages due to the lack of coordination mechanism among components, a policy-based collaborative response mechanism was proposed. The process of collaborative response was designed with the policy-driven model. The Intrusion Detection Message Exchange Format (IDMEF) was expanded to be the collaborative message format. A Blocks Extensible Exchange Protocol (BEEP)-based Intrusion Detection Exchange Protocol (IDXP) was implemented to communicate among security components. The collaboration module was programmed to implement the collaborative operations. An evaluation experiment on the collaborative response of security components was performed with this mechanism, and the time costs of each process were obtained. The experimental results demonstrate that the mechanism can implement the collaborative response of security components effectively.

Key words: network security components, collaborative response mechanism, policy, IDXP, IDMEF