Volume 9 Number 2 (Feb. 2014)
Home > Archive > 2014 > Volume 9 Number 2 (Feb. 2014) >
JCP 2014 Vol.9(2): 388-395 ISSN: 1796-203X
doi: 10.4304/jcp.9.2.388-395

An Approach for Description of Computer Network Defense Scheme and Its Simulation Verification

Zhao Wei, Chunhe Xia, Yang Luo, Xiaochen Liu, and Weikang Wu
Beijing Key Laboratory of Network Technology, School of Computer Science and Engineering, Beihang University, Beijing, China

Abstract—In order to solve the problem of which the existing defense policy description languages can only describe some aspects of defense, such as protection or detection, but cannot express relationship among actions and to cope with large-scale network attack, we proposed an approach for description of computer network defense scheme and its simulation verification. A computer network defense-oriented scheme description language (CNDSDL) was designed to describe actions of protection (i.e., access control, encryption communication, backup), detection (i.e., intrusion detection, vulnerability detection), analysis (i.e., log auditing), response (i.e., system rebooting, shutdown), recovery (i.e., rebuild, patch making), and relationship among actions (i.e., sequence-and, sequence-or, concurrentand, concurrent-or, and xor). The Extend Backus-Naur Form (EBNF) of CNDSDL was provided. At last, we provided an implementation mechanism of CNDSDL. A task deadlock detection algorithm was given for the defense scheme. The simulation was completed in simulation platform of GTNetS. Three simulation experiments verified the description capability and effectiveness of CNDSDL. The results of the experiments show that the defense scheme described by CNDSDL can be transformed to detailed technique rules and realize the defense effect of expression.

Index Terms—defense, deadlock detection, EBNF, scheme description language, simulation verification

[PDF]

Cite: Zhao Wei, Chunhe Xia, Yang Luo, Xiaochen Liu, and Weikang Wu, "An Approach for Description of Computer Network Defense Scheme and Its Simulation Verification," Journal of Computers vol. 9, no. 2, pp. 388-395, 2014.

General Information

ISSN: 1796-203X
Abbreviated Title: J.Comput.
Frequency: Bimonthly
Editor-in-Chief: Prof. Liansheng Tan
Executive Editor: Ms. Nina Lee
Abstracting/ Indexing: DBLP, EBSCO,  ProQuest, INSPEC, ULRICH's Periodicals Directory, WorldCat,etc
E-mail: jcp@iap.org
  • Nov 14, 2019 News!

    Vol 14, No 11 has been published with online version   [Click]

  • Mar 20, 2020 News!

    Vol 15, No 2 has been published with online version   [Click]

  • Dec 16, 2019 News!

    Vol 14, No 12 has been published with online version   [Click]

  • Sep 16, 2019 News!

    Vol 14, No 9 has been published with online version   [Click]

  • Aug 16, 2019 News!

    Vol 14, No 8 has been published with online version   [Click]

  • Read more>>