【作者】 韦勇；

【导师】 冯登国；

【作者基本信息】 中国科学技术大学 ， 信息安全， 2009， 博士

【摘要】 随着计算机技术和通信技术的迅速发展,用户需求不断增加,计算机网络的应用越来越广泛,其规模也越来越庞大;但另一方面网络安全事件层出不穷,传统的单一防御设备或检测设备已经无法满足安全需求,计算机网络面临着严峻的信息安全形势。网络安全态势评估技术能够综合各种安全要素,从整体上动态反映网络安全状况,并对其发展趋势进行预测和预警。因此,网络安全态势评估模型及关键技术已经成为目前网络安全领域的研究热点。论文在对现有的网络安全态势评估方法和技术进行调研分析的基础上,提出了一种基于期望威胁与性能修正算法的网络安全态势评估模型。首先给出了期望威胁和性能修正等网络安全核心元素及相关概念的定义,并进行了形式化表示,在此基础上提出了网络安全态势评估模型及其框架;然后给出了网络安全态势量化评估算法,利用期望状态图、信息融合、日志审计这三种分别适用于不同场景的方法计算网络节点期望威胁,通过性能修正算法修正期望威胁得到节点安全态势,再利用节点权重经过综合计算得到网络安全态势,并绘制网络安全态势曲线图:接下来给出了网络安全态势预测算法,采用多种预测模型对网络安全态势进行预测,并绘制态势预测曲线图;最后,论文给出了网络安全态势评估系统的设计方案和实现框架,并且通过四个实例网络的安全态势评估分析,对所提出的评估模型、量化评估算法和预测算法进行了验证。网络安全态势评估模型能够帮助网络安全管理人员从整体上掌握网络一段时间内的综合安全状况和未来发展趋势,为管理员采取相应防护措施,提高网络安全性提供参考依据。更多还原

【Abstract】 With the rapid development of computer technology and communication technology,users’ demands have continuously increased,the application of computer network is more and more popular and its scale is larger and larger.On the other hand,due to the massive network security events,the traditional security defence systems or detection systems are unable to meet the security requirements and computer network is facing a serious situation of information security.Network security situational awareness technology can fuse multi security elements, dynamically reflect the network security situational as a whole and predict its development trend for early warning.As a result,network security situational awareness model and the key technology has become a hot area of network security research.Based on the analysis of existing methods and technology,this dissertation proposes a network security situational awareness model based on expectant threat and performance correction.First of all,it defines core factors of network security, which including expectant threat and performance correction,gives the related definitions and the formal specifications,and proposes the network security situational awareness model and its framework.After that,it gives the quantitative algorithm of network security situational awareness,computes nodes expectant threat using three methods-expectant state graph,information fusion and log audit which fit different situations,gets nodes security situational by performance correction algorithm,finally computes network security situational by general computing using nodes weights,and draws the network security situational graph. Then it gives the predicting algorithm of network security situational awareness, predicts the future threat by several predicting models,and draws the predicting network security situational graph.At last,this dissertation gives the framework of design and realization of network security situational awareness system,and validates the quantitative algorithm and the predicting algorithm of the network security situational awareness model by analysis of four examples.Network security situational awareness model can help administrators to know the security situational of network as a whole for a period of time and its development trend in the future,which will give good reference for the making of security defence policy to improve network security.更多还原