【作者】 赵成丽；

【导师】 刘衍珩；

【作者基本信息】 吉林大学 ， 计算机应用技术， 2013， 博士

【摘要】 随着社会发展的日趋网络化和信息化，网络信息系统在政府、国防、工业及商业等各个部门都扮演着举足轻重的角色。然而面对网络大规模化和信息系统内外环境的复杂化，以及网络攻击和破坏行为的多样化，网络攻击和入侵已经不可避免，防不胜防。任何系统都不能保证是绝对安全的，因此，传统的安全防御和检测技术已经不能满足网络信息系统发展的实际需求，现阶段人们更关注的是系统在遭到破坏以后能否继续向用户提供满意的服务，这就是网络信息系统的可生存性。网络信息系统可生存性研究主要包括可生存性的评估、预测分析和可生存性的增强技术三个重要领域，其中可生存性评估技术就是使用各种方法对目标系统进行简化并建立合适的模型以便进行定性及定量的生存性分析。可生存评估目的在于及时地获得运行中的各关键任务的生存态势，以便对其进行恰当应急响应，并为实施相适应的增强策略和技术提供了科学的依据和判定准则。而可生存预测技术主要是根据之前的历史数据建立有效的数学预测模型，以便更好的了解未来的生存性走势，提前采取防范措施，保证系统关键服务的正常运行。由于网络信息系统的可生存性研究历史不长，大部分工作都是研究者按照自己的理解和思路给出的评估框架，并未形成统一、公认的标准，并且很多的研究都聚焦在理论的评估分析中，距离可真正进行实际应用还存在较大的差距。本文对网络信息系统可生存性的量化评估和预测工作进行了深入的探讨，主要涉及以下几个方面的研究。提出了一种3R1A层次化量化评估模型。作为可生存的网络信息系统必须要满足3R1A四种特性。在分析了可生存的网络信息系统的可抵抗性、可识别性、可恢复性和自适应性这4种关键属性含义的基础上，建立了一种基于3R1A层次化结构模型。首先提出了基于权限的属性攻击图算法来描述攻击情景。其中可抵抗性可进一步通过攻击情景的危害度和攻击情景的阻抗率进行刻画；可识别性可以借助攻击情景识别率和识别时间进行描述；可恢复性可以采用恢复程度、恢复时间以及恢复率进行阐述；而自适应性则可以通过自适应周期和演化延迟进行描述。在详细的解释了各个指标的含义之后，建立了这些指标的数学计算模型。最后归纳出计算系统可生存性的统一数学模型，以便有效地进行系统可生存性能的对比分析。提出了一种面向主机和关键服务的基于攻击树的生存性量化评估模型。在研究了漏洞对网络信息系统的影响，分析了国内外基于攻击图进行安全评估的优缺点之后，扩展了从系统目标出发，以获得系统最高权限为目的系统生存性评估算法。对每个主机借助于漏洞利用和特权提升的方法生成一棵攻击树，逆向的深度优先遍历一棵树而产生独立的漏洞利用场景集合。通过漏洞利用场景描述各个关键服务的可生存态势，继而通过对整个目标系统产生的漏洞利用场景集合进行有效分析，最终得到整个系统的生存性量化评估方法。同时算法中给出了影响系统的主要因素的计算方法，实例分析表明了该算法时间上的优越性和生存性评估模型的有效性。提出了一种基于灰色格贴近度和改进的TOPSIS相结合的生存性量化评估模型。在该模型中，首先使用传统的AHP方法分别确定了系统关键服务集和指标集的权重，避免了由经验直接给出权重的主观性。在分析关键服务的可生存状况时，使用灰色关联度分别计算出关键服务与最优解和最劣解的关联程度，然后通过灰色格贴近度确定每个关键服务综合的可生存状况，最后通过可生存函数量化出网络信息系统整体的可生存结果。通过一个实例详细阐述了该方法的计算步骤，并通过两次实验对比验证了该方法的合理性和有效性。最后，提出了基于残差修正的GM(1,1)和ARMA(p,q)组合预测的可生存计算模型。在该模型中首先使用灰色的GM(1,1)对原始序列建立预测模型，为了提高预测的精度，对尾段残差再次建立GM(1,1)预测模型，并通过残差模型修正了原有的GM(1,1)预测模型，并得到此模型的平均绝对误差百分比。然后，又使用ARMA(p,q)系列模型对原始序列进行建模，通过候选模型的参数对比，最终选取了MA(2)作为适合的预测模型，并同样得到该模型的平均绝对误差百分比。最后通过基于残差修正的GM(1,1)模型和MA(2)模型建立了组合预测模型，并通过各种参数对比，验证了组合预测模型的有效性和准确性。综上所述，本文主要针对网络信息系统可生存性的量化评估分析和预测模型进行了深入研究，从三种不同的角度探讨了具体的可生存评估模型和计算方法，从组合预测的角度探讨了系统可生存预测技术。从3R1A的角度，详细描述了每个关键属性的可度量指标，并建立了完善的层次模型，为日后具体实施可生存的量化分析提供了有力保障。使用逆向深度优先攻击树模型能够较快地完成搜索，并通过漏洞利用场景的实现难易度和对系统的影响严重性定量分析出系统整体的可生存状况。使用灰色格贴近度和TOPSIS结合的方法，能够充分展示出关键服务的可生存性，也间接表明了整个系统的可生存状况。最后通过较为新颖的组合模型预测出未来的可生存性能。本文的研究结果有一定的理论意义和应用价值，为网络信息系统可生存性的研究提供了借鉴和参考。更多还原

【Abstract】 With the social development of an increasing network and information, networkinformation system plays an important role in various departments such as government,defense, industry and commerce. However, it is inevitable and hard to detect all kinds ofattacks and intrusions as a result of large-scale network, complex internal and externalenvironment of information system, as well as the diversification of network attacks andvandalism. Any system cannot guarantee that it is perfectly safe. Therefore, the traditionalsecurity defenses and detection technology cannot meet the actual needs of the networkinformation systems and at this stage people are more concerned about whether the systemcan continue to provide users with satisfying service after the destruction, which is thesurvivability of the network information system.The survivable study of network information system includes three important areas: thesurvivability assessment, forecast and survival enhancement technology. Assessment is to usevarious methods to simplify and establish a favorable model on the target system forqualitative and quantitative survival analysis. The purpose of the survivability assessment istimely to access the survival situation of critical mission, in order to take appropriateemergency measures and it provides a scientific basis and criteria for the implementation ofcompatible enhanced strategies and technologies. Forecasting techniques may establish aneffective mathematical prediction model based on historical data so as to better understand thefuture trend of survivability and take precautionary measures in advance to ensure the normaloperation of the system critical services.As the survivable history of network information system is not long, most of the work isto present assessment framework by the researchers according to their own understanding and ideas and it does not form a unified, accepted standards. Furthermore, many studies havefocused on the theory assessment analysis and there is a big gap to a real practical application.This paper discusses the quantitative survivable assessment and forecast of the networkinformation system in details, which is composed of the following aspects.A quantitative assessment method based on3R1A characteristics is provided. Resistance,recognition, recovery and adaptation are the four key attributes of the survivable networkinformation systems. After analyzing the meanings of these four attributes, a hierarchicalstructure model set up. Moreover, resistance can be further divided into the damage degree ofattack scenarios and the impedance rate of the attack scenarios; recognition can be describedby use of the recognition rate and the recognition time of the attack scenario; Recovery can beelaborated to make use of the recovery degree, recovery time and recovery rate; Adaptationcan be portrayed through the adaptive cycle and the adaptive evolution delay. Hereafter, thecalculation methods of these indicators are established, and a unified computing mathematicalmodel of the system survivability is concluded.A critical service-oriented quantitative evaluation of survivability is presented based onthe attack scenario. After studying on the impact of vulnerabilities on the network informationsystem and analyzing the advantages and disadvantages of security assessment based onattack graph at home and abroad, a survival assessment process for critical services isconducted by the attack tree. An attack tree is generated for each key service on the basis ofthe privilege escalation, and a separate set of intrusion scenario is produced by the reversedepth-first traversal. Firstly, the survival trend for key services is described by intrusionscenarios. Then, effective analysis is made up with the intrusion scenario collection of theentire forest. Ultimately, get quantitative evaluation method of the entire system’s survivability.The analysis and comparison of an instance show the superiority of space and correctness ofthe algorithm.Combining grey grid closeness and Improved TOPSIS can evaluate the survivability ofthe network information system. The first is to use the traditional AHP method to determinethe system and the weights of critical set of services and the index set, which avoids thesubjectivity of experience which gives the weight directly. When analyze the survivability ofkey services, grey correlation degree is used to calculate the degree of association between thekey services and the optimal solution and the worst solution, and then use the grey gridcloseness to determine the degree of each critical service integrated survivability. Finally, through survival function is used to quantify the overall survival results of the networkinformation system. Elaborate an example of the method of calculation steps, and comparingtwo experiments verifies the rationality and effectiveness of the method.Finally, a combination forecasting model is proposed based on residual amendmentGM(1,1) and ARMA(p,q). In this model, the first is to use the grey GM(1,1) model toestablish the original series prediction. In order to improve the prediction accuracy, the use ofresiduals on the tail section re-establishes GM(1,1) prediction model, and through the residualmodel amends the original GM(1,1) prediction model and meanwhile the prediction modelobtains mean absolute percentage error. Then, we use the ARMA(p,q) models to build theoriginal sequence by comparing the candidate model parameters, and ultimately select theMA(2) as appropriate for the prediction model. The model also gives the mean absolutepercentage error. Finally, combination forecasting model is established based on residualmodified GM(1,1) model and the MA(2) model, and By comparing various parameters, weverify the effectiveness of combined forecasting model and accuracy.In summary, this paper deeply studies the quantitative assessment and forecast of thenetwork information system’s survivability. It explores the specific survival evaluation modeland calculation method from three different angles and a combination forecast model. Fromthe3R1A point of view, it describes the metrics of each of the key attributes, and theestablishment of a sound-level model in detail, which provides a strong guarantee to thespecific implementation of the survival of the quantitative analysis for the future. Reversedepth-first attack tree model can be faster to complete the search, and through quantitativeanalysis of the attack-scenario difficulty shows integrated survival conditions. The use ofcombining grey grid closeness with TOPSIS method can fully demonstrate the survivability ofthe critical services which expresses the living conditions of the entire system indirectly.Finally, a novel combined model is proposed to predict the future survival performance.Thisarticle’s findings have some theoretical significance and it can provide a useful reference forthe survivability of the network information system.更多还原