For Libraries For Publication Open Access Downloads About Us Contact Us
Paper Titles
PWIG - Interactive Paradigm of Direct Touch Interaction
p.1722
Attribute-Based Authentication Protocol of the Internet of Things
p.1726
A SDN-Controlled ECMP QoS Solution for Data Networks
p.1730
A Multi-Factors Identity Authentication Scheme in Classified Environment
p.1734
A Computer Network Defense-Oriented Scheme Description Language
p.1739
Exploration and Construction of Smart Library Based on RFID Technology
p.1743
Qos Constraints-Based Energy-Efficient Model for IP Networks
p.1747
Parallel Algorithm for DC Resistivity Method Based on CUDA-Enabled GPU
p.1752
Research on the Network Topology and Reliability of the Communication System in Smart Substations
p.1757

A Computer Network Defense-Oriented Scheme Description Language

Article Preview

Abstract:

Existing defense policy description language can describe some aspects of defense only, such as protection or detection but cannot express relationship among actions. Thus, it cannot accomplish a joint defense goal with the linkage of all kinds of defense mechanism for large-scale, distributed network attacking, such as Botnet. To solve this problem, we proposed a computer network defense-oriented scheme description language (CNDSDL), which can describe protection, detection, analysis, response, and recover actions as well as relationship among actions. These relations include sequence-and, sequence-or, concurrent-and, concurrent-or, and xor. It provides a unified coupling language description for linkage defense of different security devices. At last, we realized the simulation of schemes which are described by CNDSDL. The experiments results show that CNDSDL can be transformed to detailed technique rules and realize the defense effect of expression.

You might also be interested in these eBooks
Advanced Information and Computer Technology in Engineering and Manufacturing, Environmental Engineering View Preview

Info:

Periodical:

Advanced Materials Research (Volumes 765-767)

Pages:

1739-1742

DOI:

https://doi.org/10.4028/www.scientific.net/AMR.765-767.1739

Citation:

Cite this paper

Online since:

September 2013

Authors:

Wei Zhao, Chun He Xia, Yang Luo, Xiao Chen Liu, Wei Kang Wu

Keywords:

Linkage Defense, Scheme Description Language, Security Devices, Simulation

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

© 2013 Trans Tech Publications Ltd. All Rights Reserved

Share:

Citation:

References

[1] Q. Ni, E. Bertino: xfACL: an extensible functional language for access control. Proceeding of the 16th ACM Symposium on Access Control Models and Technologies, New York, USA, 2011: 61-72.

DOI: 10.1145/1998441.1998451

Google Scholar

[2] M. D Amicoa, G. Sermeb, M.S. Idreesa, A.S. de. Oliveirab,Y. Roudiera: HiPoLDS: A Hierarchical Security Policy Language for Distributed Systems. Information Security Technical Report, 2013, 17(3), 81-92.

DOI: 10.1016/j.istr.2012.10.002

Google Scholar

[3] J. Poroora, B. Jayaramanb: C2L: A Formal Policy Language for Secure Cloud Configurations. Procedia Computer Science, 2012, 10, 499-506.

DOI: 10.1016/j.procs.2012.06.064

Google Scholar

[4] P.W.L. Fong, I. Siahaan: Relationship-based access control policies and their policy languages. Proceedings of The ACM Symposium on Access Control Models and Technologies, New York, USA, 2011: 51-60.

DOI: 10.1145/1998441.1998450

Google Scholar

[5] B. Zhang, E. A. Shaer, R. Jagadeesan, et. al: Specifications of a high-level conflict-free firewall policy language for multi-domain networks. Proceedings of the 12th ACM symposium on Access control models and technologies, New York, USA, 2007: 185-194.

DOI: 10.1145/1266840.1266871

Google Scholar

[6] Information on http: /docs. oasis-open. org/xacml/3. 0/xacml-3. 0-core-spec-cd-1-en. html.

Google Scholar

[7] B. Khosravifar, J. Bentahar: An experience improving intrusion detection systems false alarm ratio by using honeypot. 22nd International Conference on Advanced Information Networking and Applications, Okinawa, Japan, 2008: 997-1004.

DOI: 10.1109/aina.2008.44

Google Scholar

[8] B. Khosravifar, M. Gomrokchi, J. Bentahar: A multi-agent-based approach to improve intrusion detection systems false alarm ratio by Using Honeypot. Proceedings of the 2009 International Conference on Advanced Information Networking and Applications Workshops, Washington, USA, 2009: 97-102.

DOI: 10.1109/waina.2009.103

Google Scholar

[9] S. Hammouda, L. Maalej and Z. Trabelsi: Towards optimized TCP/IP covert channels detection, IDS and firewall integration. 2nd International Conference on New Technologies, Mobility and Security, Tangier, Marrocco, 2008: 1-5.

DOI: 10.1109/ntms.2008.ecp.101

Google Scholar

© 2025 Trans Tech Publications Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies. For open access content, terms of the Creative Commons licensing CC-BY are applied.
Scientific.Net is a registered trademark of Trans Tech Publications Ltd.