Conflict detection system and method for computer network defense (CND) policy

A computer network and conflict detection technology, applied in the direction of platform integrity maintenance, to achieve good scalability and improve versatility

Inactive Publication Date: 2013-04-17
BEIHANG UNIV
View PDF3 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] First of all, many researchers have done a lot of research on the problem of policy rule conflict analysis, and have made a lot of achievements, but it must be pointed out that most of these works are aimed at solving specific policy management problems, or res

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Conflict detection system and method for computer network defense (CND) policy
  • Conflict detection system and method for computer network defense (CND) policy
  • Conflict detection system and method for computer network defense (CND) policy

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] like figure 1 As shown, in the present invention, the computer network defense policy conflict detection system is composed of a file reading and result display module, a policy preprocessing module, a policy semantic modeling module and a policy conflict detection module.

[0030] The whole system implementation process is as follows:

[0031] (1) First give the CNDPSL language model

[0032] CNDPSL language is oriented to Computer Network Defense Policy Model (Computer Network Defense Policy Model, CNDPM), figure 2 It is the structural diagram of the model, which can describe the protection, detection and response strategies in a unified way. The CNDPSL language is a declarative language that abstracts the behavior of network defense control, and has good flexibility, scalability and adaptability.

[0033] The defense strategy described by the CNDPSL language is a black box related to organization, role, view and activity. According to the definition of the componen...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a conflict detection system and method for a computer network defense (CND) policy. According to the method, a CND policy description file is read and parsed by using a morphology parser and a grammar parser; an initial policy body is artificially constructed by using a body modeling tool, only comprises concepts for policy tuples in a CND policy and the relationship among the concepts, and does not include policy examples and the relationship among the policy examples; a local policy body including the policy examples is generated according to the initial policy body and a loaded and parsed policy ordered set, a semantic inclusion relationship among the tuples is then obtained according to the semantic mapping of the policy tuples in a defense policy information base, and a CND policy semantic model is constructed based on the semantic inclusion relationship; a relational diagram for all the tuples of the policy is constructed and traversed, and the relationship among the policy tuples is obtained through analysis; and through the measure of tuple comparison, the policy conflict analysis is completed, and the objects, types and reasons for conflict generation are finally provided by algorithms in the form of conflict reports. According to the system and the method, conflicts can be more effectively detected, security problems, such as unauthorized access and the like, are prevented from easily occurring, and the security of a computer network system is greatly improved.

Description

technical field [0001] The invention relates to a conflict detection system and a detection method for computer network defense strategies, belonging to the technical field of computer network security, and relates to the problem of strategy configuration in computer network defense, and the idea of ​​conflict detection is changed from firewall rules and other network security devices. The low-level description extends to the high-level description of the CND strategy. Background technique [0002] In recent years, with the continuous development of computer technology, the network is characterized by large-scale distribution, and the number of strategies and strategy configuration personnel that need to be configured in the system will increase, and the difficulty of maintaining network defense strategies will gradually increase. , conflicts can easily occur in the process of policy configuration, which affects the security of the entire system. Policies are translated int...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56
Inventor 夏春和罗杨魏昭李亚卓梁晓艳
Owner BEIHANG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products