| 基于扩散分析的网络安全威胁态势评估 |
| |
| 引用本文: | 李志东,杨武,王巍,苘大鹏.基于扩散分析的网络安全威胁态势评估[J].吉林大学学报(信息科学版),2012,42(1):145-149. |
| |
| 作者姓名: | 李志东 杨武 王巍 苘大鹏 |
| |
| 作者单位: | 哈尔滨工程大学 信息安全研究中心,哈尔滨 150001 |
| |
| 基金项目: | "863"国家高技术研究发展计划项目(2007AA01Z473);国家242信息安全计划项目(2007B17);哈尔滨工程大学研究基金项目(HEUFT09011). |
| |
| 摘 要: | 针对多数态势评估方法欠缺对授权与依赖关系的考虑、无法反映间接威胁、评估结果对动态防御的指导作用不大的问题,提出了一种以威胁扩散分析为基础、以攻击意图揣测为延伸的评估方法。首先评估了攻击施加的直接威胁,及其沿着依赖关系扩散引发的间接威胁。然后探讨了多攻击并发时的非线性叠加效应。最后使用覆盖法和聚类法揣测攻击意图。实验表明,该方法能更透彻、更精准地揭示安全状况,较好地指导动态防御。
|
| 关 键 词: | 计算机应用 网络安全 威胁态势评估 扩散分析 攻击意图 |
| 收稿时间: | 2010-07-12 |
Network security threat situation evaluation based on spread analysis |
| |
| Institution: | Information Security Research Center, Harbin Engineering University, Harbin 150001, China |
| |
| Abstract: | Most situation evaluation methods lack the consideration for authorization and dependency relationship, unable to reflect indirect threats, so the assessment results guide dynamic defense poorly. Regarding these problems, an evaluation method was proposed, which takes threat spread analysis as its basis, and attack intention guess as its extension. First, the direct and indirect threats were evaluated; the direct threats originate from attacks, and the indirect threats were caused by the spread of direct threats along the dependency relationships. Then, the nonlinear overlapping effects under multiple concurrent attacks were discussed. Finally, the covering and clustering method was used to guess attack intensions. Experiment shows that the proposed method can reveal security situation more thoroughly and accurately, and can guide dynamic defense preferably. |
| |
| Keywords: | computer application network security threat situation evaluation spread analysis attack intention |
|
| 点击此处可从《吉林大学学报(信息科学版)》浏览原始摘要信息 |
| 点击此处可从《吉林大学学报(信息科学版)》下载免费的PDF全文 |
|
