基于网络拓扑的安全态势控制技术-计算机科学与技术专业论文.docxVIP

哈尔滨工业大学工学硕士学位论文 哈尔滨工业大学工学硕士学位论文 - - II - Abstract With the application of Internet in various fields, network security is attracting more and more attention all over the world. The computer viruss spread and hackers’nonlicet inbreak to network caused the leakage of important information, even breakdown of the network, which leads to great economic losses to the countries and companies and even threats to national and regional security. Only the first half of 2004, in China, Mydoom worm and several of the major worms using RPC and LSASS gaps attacked nearly 2 million hosts. Several countries have already launched early emergency response control system and intrusion detection technology and deployed in a number of key economic, political, Military networks. These systems play an important role in protecting the informatinons security of networks, the early detection of the invasion and control of the spread of virus. At present China has not yet implemented any large-scale network intrusion detection and security control system. In order to protect our information systems and adapt to the demands of information warfare, we must vigorously develop network security situation analysis and control technology, study how to effectively deny the spread of network security incidents, and make appropriate alarm, responsing and control strategies, which is very necessary for network systems to enhance their emergency response capability to mitigate harms from network attacks and to improve the counterattack capability. This dissertation implemented an abnormity events comprehensive analysis subsystem in the large-scale network security incidents comprehensive early warning system based on the network security events alarm information, network topology measurement information, IP addresses information, propagation path and so on. We focus on the quantification of the level of threat to the security situation,generation of control strategies and deployment of control com