【作者】 苘大鹏；

【导师】 杨永田；

【作者基本信息】 哈尔滨工程大学 ， 计算机应用技术， 2009， 博士

【摘要】 近年来，Internet技术迅速发展，计算机网络在政治、经济、军事、社会生活等各个领域发挥着日益重要的作用。然而，在网络技术给人们的生活、工作带来无尽便利的同时，计算机网络开放性、互联性的特点，也使得网络攻击行为变得更为普遍，网络安全问题已经引起人们的广泛关注。在实际的网络环境中，安全风险是必然存在的，为了保证网络的正常运行，必须主动识别和分析网络中存在的安全隐患，并根据分析结果采取适当的措施来降低安全风险。因此，如何对网络安全性做出准确的评估显得尤为重要，已经成为网络安全领域的研究热点之一。本文从技术角度出发，对网络系统安全性评估中涉及的脆弱性评估和攻击威胁评估等关键技术进行了深入研究，主要包括以下四个方面：首先，对网络脆弱性的建模方法展开研究。针对分析单一目标安全性和网络整体安全性的两种需求，提出了基于深度优先的攻击图生成方法DFAGG和基于广度优先的攻击图生成方法BFAGG。DFAGG方法在给定攻击目标的情况下，按照深度优先的策略搜索网络弱点间存在的关联性，并以此为根据构造能够到达目标状态的攻击路径。BFAGG算法则采用广度优先的策略搜索攻击者所能到达的全部网络安全状态。在上述两种方法中还引入了限制攻击步骤数和攻击路径成功概率的优化策略，并通过数学计算和实验模拟等方法分析了优化策略对攻击图分析结果准确性产生的影响。其次，研究了网络脆弱性的分析方法。通过引入状态节点吸引力系数等概念，给出了攻击图中状态节点可达性和弱点可达性的计算方法。在此基础上，提出了一种基于弱点关联和安全需求的网络脆弱性量化评估方法。该方法首先利用攻击图计算各个弱点的可达性。然后，计算各弱点对主机保密性、完整性和可用性的影响。最后，根据主机的安全需求评估主机和网络的安全性。本文还提出了一种量化的网络安全性增强策略的制定方法。该方法首先计算攻击者到达各种网络状态后对网络安全性的影响，然后求得各种安全要素对网络安全性的影响，最后根据最大影响度优先的原则删除安全要素。再次，研究了网络攻击威胁的评估方法。提出了一种基于隐马尔可夫模型的网络威胁评估方法。建立了一个用于实时评估主机威胁状况的隐马尔可夫模型。改进了Baum-Welch训练算法中状态转移概率分布的计算公式，使用改进后的训练算法估计模型参数。利用模型计算主机在各个时刻处于受攻击状态的概率，并结合主机资产价值、攻击事件的严重程度评估主机和网络的威胁指数。通过对实时威胁指数的二次处理来获得主机和网络的威胁态势曲线，从中了解威胁态势的变化规律。最后，针对大规模、多管理域的网络环境，设计并实现了一个分布式的网络安全评估系统DNSES。DNSES系统由管理器、分析器和信息采集器组成，三类部件之间的关系是层次式的。为了融合分析多个管理域的评估结果，通过目录服务器为不同管理域下的分析器建立协作关系。系统引入了前面章节研究的关键技术，能够对目标网络存在的脆弱性和面临的攻击威胁进行分析，并通过逻辑推理技术融合上述分析结果，从而实现对目标网络安全性的综合评估。更多还原

【Abstract】 With the fast development of Internet technologies recently, computer networks have played an increasingly important role in the fields of politics, economy, military, and social life. Although network technologies bring endless convenience for people’s life and work, the openness and interconnection of networks make network attacks become more universal, and network security problems have attracted wide attention. Risk always exists in the real network environment.In order to ensure normal operation of networks, hidden troubles in networks must be identified and analyzed, and proper measures must be adopted to decrease the risk according to analysis results. Therefore, how to accurately evaluate the security of a network becomes an important problem, and it has been one of the research focuses in the field of network security. From technical perspective, the key technologies of vulnerability and attack threat assessment involved in network security evaluation are researched deeply in this paper. It mainly includes:Firstly, we carry out research on modeling methods for network vulnerability. In order to analyze the security of single target and the overall security of networks, a depth-first attack graph generation method (DFAGG) and a breadth-first attack graph generation method (BFAGG) are proposed. Given that the attack target is determined, DFAGG algorithm searches the correlation of network vulnerabilities based on depth-first, and constructs attack graphs according to the correlation. BFAGG algorithm searches all the network states at which attackers can arrive on the basis of breadth-first. Strategies of limiting the number of attack steps and success probability of attack paths are adopted in both methods. The effects of optimization strategies on the accuracy of evaluation results are analyzed by mathematical calculation and experiments. Secondly, we study analysis methods for network vulnerability. Based on introducing the definition of state node attraction coefficient, a method to calculate the reachability of state nodes and vulnerabilities in attack graphs is presented. On this ground, a quantitative assessment method for network security based on the vulnerability correlation and security requirements is proposed. The proposed method calculates the vulnerability reachability by using attack graphs at first. Then, the effects of vulnerabilities on availability, confidentiality and integrity of hosts are calculated. The security of hosts and network are assessed based on the security requirements at last. In addition, a quantitative method to make strategies for the enhancement of network security is proposed. The method calculates the effects of arrived network states on network security firstly. Then, the effects of security elements on network security are calculated. The security elements are removed based on maximum influence degree in the end.Thirdly, we study assessment methods for network threat. A method for real-time assessing network threat based on Hidden Markov Model (HMM) is proposed. The algorithms for calculating threat indices of hosts and networks are presented. Baum-Welch algorithm is used to estimate model parameters for improving the automation of evaluation process. The model is used to calculate the probability that hosts are in attacked states, and threat indexes are assessed with probability, hosts values and importance of attack events. Threat situation curves of hosts and networks are got by a secondary treatment method of threat indices. The law of threat situation’s variation is found by the curves.Finally, for the network environments of large-scale and multiple administrative domains, a distributed network security evaluation system (DNSES) is designed and implemented. The system consists of three parts: manager, analyzer, and information collector. The three parts is of hierarchical relation. In order to fuse the assessment results of multiple administrative domains, the cooperative relation between analyzers in the different administrative domains is constructed by a directory server. The system introduces key technologies depicted in former chapters. It can analyze the vulnerability and the threat of target networks, and synthetically evaluate the security of network by logic reasoning technologies.更多还原