摘要
传统的网络安全措施,如加密认证、防火墙和入侵检测系统等,虽然在保护信息的保密性、完整性、可用性和控制访问方面有一定的效果,但在协同和预警方面依然存在不足。文章提出了1个基于multi-agents的网络安全防卫系统,该系统由协同预警定位系统、协同审计系统、安全隔离系统、事故恢复系统等多个模块构成,模块之间由多个多级分层agents来负责通信任务。系统控制中心的agent server负责控制和协调整个安全体系,制定全网统一的安全控制策略。在该系统中,整个网络被划分成不同级别的分区,建立不同级别的协同预警定位系统,各分区既相互协作,又能够独立自治,通过协作的方式共同维护着整个网络的安全。在IPv6环境下测试的结果表明,该系统可以高效进行预警,IDS的捕获率约为95%、漏报率小于6%、误报率小于7%。
Traditional network security measures,such as encryption and authentication,firewalls and intrusion detection systems,are effective in the protection of information confidentiality,integrity,usability,and control access,but are still deficient in cooperative defense and early warning.We present a network security defense system using multi-agents which consists of a cooperative early warning and orientation module,a cooperative auditing module,a security isolation module,and an accident recovery module etc.Multi-level hierarchical agents are responsible for communication tasks between modules,and the agent server in the control center is responsible for unified control and cooperation of the security of the entire network.The entire network is divided into different levels of partition,and different levels of the collaborative early warning and orientation system are established.Each partition is self-governing,and through mutual cooperation the partitions jointly maintain the security of the whole network.Test results on IPv6 environment show that this system is effective in early warning,and the capture rate of the intrusion detection systems reaches 95%,the missed alarm rate is decreased to 6%,and the false alarm rate is decreased to 7%.
出处
《西北工业大学学报》
EI
CAS
CSCD
北大核心
2010年第6期952-957,共6页
Journal of Northwestern Polytechnical University
基金
国家科技重大专项课题(2008ZX03006)
国家863高科技研究发展计划(2003AA142060)资助
