In order to solve the problem of which the existing defense policy description languages can only describe some aspects of defense, such as protection or detection, but cannot express relationship among actions and to cope with large-scale network attack, we proposed an approach for description of computer network defense scheme and its simulation verification. A computer network defense-oriented scheme description language (CNDSDL) was designed to describe actions of protection (i.e., access control, encryption communication, backup), detection (i.e., intrusion detection, vulnerability detection), analysis (i.e., log auditing), response (i.e., system rebooting, shutdown), recovery (i.e., rebuild, patch making), and relationship among actions (i.e., sequence-and, sequence-or, concurrent-and, concurrent-or, and xor). The Extend Backus-Naur Form (EBNF) of CNDSDL was provided. At last, we provided an implementation mechanism of CNDSDL. A task deadlock detection algorithm was given for the defense scheme. The simulation was completed in simulation platform of GTNetS. Three simulation experiments verified the description capability and effectiveness of CNDSDL. The results of the experiments show that the defense scheme described by CNDSDL can be transformed to detailed technique rules and realize the defense effect of expression.
Read full abstract