网络化系统安全态势评估的研究

针对当前网络安全评估系统不能提供有用态势信息的缺陷,利用入侵检测系统的日志库,结合服务、主机自身的重要性及网络系统的组织结构,提出了采用自下而上、先局部后整体评估策略的层次化安全态势定量评估模型及其相应计算方法.该方法在攻击频率及攻击严重性的统计分析基础之上,利用服务和主机自身的重要性因子进行加权,计算网络系统内服务、主机以及整个网络系统的风险指数,进而评估分析安全态势.通过使用HoneyNet数据进行实验测试表明,该模型能够准确评估服务、主机和网络系统3个层次的安全态势,给管理员提供直观的安全态势曲线.

Study on Evaluation for Security Situation of Networked Systems

Aiming at the deficiency that is unable to provide useful security situation information encountered in the current security evaluation systems, a hierarchical and quantitative model, which is used to evaluate security situation of networked systems, and its corresponding computation method are proposed based on the importance of service, host, and the structure of the network system. This model adopts the evaluation policy from bottom to top and from local to global, calculates the risk indexes of service, host and whole network system by weighting the importance of service and host based on the analysis of attack frequency and its severity, and further evaluates their security situation. Experiments on the HoneyNet dataset show that this system can evaluate the security situation in three levels: service, host and local area network system. It provides system administrators with system intuitive security situation curve and releases them from the exhausting task of alert analysis.