摘要：

提出对异常事件进行分析、提取、评估和响应的机制。该机制通过采集网络流并分析其行为，挖掘出异常行为网络流，利用贝叶斯模型评估其对网络可用性的威胁，根据威胁等级自动生成不依赖设备实现的策略规则，采用XML技术将策略规则转换成不同厂商设备的策略配置命令并部署到具体设备中。整个机制具有持续的网络控制能力并支持跨平台工作。

关键词: 网络可信运行, 异常行为提取, 贝叶斯模型, 策略描述, 策略转换

Abstract: This paper provides a mechanism which depends on the ability of networking devices to analyze, detect, assess and response anomaly events in network operation. By collecting network traffic and classifying according to their behavior, a method is employed to mining the anomaly traffic behavior. The threat level to the network availability is computed by Bayesian model and the corresponding policies are generated to control this anomaly traffic automatically based on the result of threat evaluation. These policies are device-independent, and will be transformed to devices-dependent policy configuration commands by using XML techniques before they are deployed to a particular device. The mechanism given in this paper has capability to control network continuously and provides support to different networking equipments from different vendors.

Key words: trusted network operation, anomaly behavior extraction, Bayesian models, policy specification, policy transformation

中图分类号: 

• TP393.08