【作者】 王桢珍；

【导师】 武小悦；

【作者基本信息】 国防科学技术大学 ， 控制科学与工程， 2009， 博士

【摘要】 随着计算机技术的发展,网络规模不断扩大,实现信息安全保障也越来越复杂和困难。信息安全风险评估能够识别和度量网络系统所面临的安全风险,并进一步指导网络系统的安全改进工作。因此,开展网络系统信息安全风险评估理论及其关键技术研究具有重要的理论意义和实用价值。已有的风险评估方法存在将网络系统信息安全风险分析与评估同具体的系统环境和业务背景相割裂的情况,缺乏对风险形成过程的准确、高效、自动化建模,量化评估方法难以解决风险的不确定性问题,使得评估结果无法全面表现系统信息安全状况,难以有效支持安全改进措施的选择。针对上述问题,本文进行了信息安全风险过程建模与评估方法的研究,并对其中的关键问题进行了深入研究。全文的主要研究工作和创新点如下:(一)提出了一种信息安全风险过程建模与评估框架为了准确、全面和动态地评估网络系统的信息安全风险,提出了信息安全风险过程建模与评估方法框架。该框架以规划渗透图模型(PEG)和信息安全风险概率计算模型(PEG-BN)为核心,从安全防御者的角度出发,采用“白盒”式的风险识别方法,利用规划渗透图模型形象刻画信息安全风险形成的动态过程,利用信息安全风险概率计算模型定量计算信息安全风险概率,并进一步量化评估系统风险,其具体执行流程由13个具体过程构成,可为风险评估的实施提供一套规范的程序。(二)提出了一种基于智能规划的信息安全风险过程建模方法为高效地自动化构建PEG模型,将智能规划的思想引入信息安全风险过程建模领域,提出了基于智能规划的信息安全风险过程建模方法PISRPMA。PISRPMA方法将网络系统风险过程建模看作脆弱性利用在目标网络中的规划问题,采用规划域定义语言PDDL规范描述并使用高效的规划求解方法获取网络系统的信息安全风险过程。该方法对信息安全风险过程科学建模,将脆弱性利用描述为风险领域、目标网络描述为风险问题,对风险过程建模问题的描述清晰直观,易于理解。高效的风险过程建模算法可扩展性强,适用于大规模网络系统的风险过程建模。规划渗透图模型PEG图形化展现网络系统的信息安全风险演化过程,既利于安全管理者理解和分析网络系统的安全风险状况,又为后续的信息安全风险量化评估及安全改进工作提供基础。实验表明,本文提出的PISRPAM方法能规范且直观地进行风险形成过程的形式化描述,具有可行性和较高的计算效率。(三)将风险概率因素引入PEG模型,构建了基于贝叶斯网络的信息安全风险概率计算模型PEG-BN为全面、动态地量化评估信息安全风险,提出了一种基于贝叶斯网络的信息安全风险概率计算模型PEG-BN:即在PEG模型中引入风险的概率因素,并将其转化为可计算风险概率的贝叶斯网络模型。首先分析了贝叶斯网络模型在信息安全风险概率计算问题中的适用性。其次采用贝叶斯方法两阶段构建PEG-BN模型:(1)基于PEG模型的结构确定了PEG-BN的模型结构;(2)在PEG模型结构特点基础上结合专家知识确定PEG-BN的模型参数的先验分布;(3)借助贝叶斯网络模型的参数学习能力不断更新PEG-BN模型的网络参数以确保建立的PEG-BN符合系统客观实际,且针对完整的实验数据和存在缺失的实验数据分别讨论模型参数的更新方法,保证PEG-BN模型可以真实反应系统实际风险状况,不断提高后续评估结果的可信度。(四)实现了基于PEG-BN的网络系统信息安全风险量化计算系统信息安全风险量化计算的两个基本要素是安全事件的发生概率及可能造成的损失。PEG-BN模型能基于现有知识进行多角度的信息安全风险概率预测和实时计算,并对系统安全风险实施灵敏度分析,为优化安全措施提供有力的信息支持。结合风险概率计算及风险发生可能造成的损失,进行网络系统各安全目标的风险量化评估,并对系统风险状况进行全面描述。(五)为验证本文所提出的相关方法和理论,论文以基于智能规划的信息安全风险过程建模与评估方法为指导,构建了信息安全风险评估系统ISRAS,并以某科研所的管理信息系统为例,应用ISRAS系统对其进行安全风险评估,以此进一步验证了基于智能规划的信息安全风险过程建模与评估方法的可行性和有效性。更多还原

【Abstract】 With the continued expansion of the scale of the computer network, the security protection has become more and more complex and difficult to achieve. Information security risk assessment can identify vulnerabilities and evaluate risk of network information security. Therefore, studies on the theories and key technologies of risk assessment for information security have great theoretical significance and practical values.However, there are some common problems in existing network system information security risk assessment method. For example, these methods often separate the risk analysis and assessment of information security from the concrete organization environment and business background; or lack the scalable modeling and accurate formalization of the risk process; or evaluation result can not reflect the risk state of information security, neither can give valuable advice to security improvement. To solve these problems, this thesis researches on network information security risk process modeling and assessment method, lucubrates the pivotal question of this research. The main contents and fruits of this thesis are outlined as follows:(1) A method of the information security risk assessment is presentedTo evaluate information security risk accurately, dynamically and comprehensivly, a method of the information security risk assessment is presented. The method measures information security in a defender view, adopts "white box" type risk identification method, models the risk process with PEG model, and evaluates risk frequency with PEG-BN model. ISRAM provides a suit of normative practical procedure composed by 13 processes to implements risk assessment on information system.(2) An AI planning based method of information security risk process modeling is presentedAn AI planning based method named PISRPMA is proposed to model the risk process of information Security with large scale automatically. PISRPMA describes the network as risk domain and rule of vulnerability-use as risk problem in planning domain definition language PDDL, searches out all exploitation paths by correlative advanced planning algorithms, and builds a planning Exploitation graph to model the risk process with Graphviz toolkit. The result of this PISRPMA is PEG which not only describes the risk process but also give basis of PEG-BN model construction and security improvement decision. Experiment shows this method has the features of formalization and scalability,and is a good solution for risk process modeling for large scale network.(3) With the probability feature of risk combined in PEG model, a PEG-BN model of calculating information security risk probability based on BN is proposedCalculating network security risk probability is the core work of quantization appraising works. This thesis brought up the risk calculated Model PEG-BN. At first, we analysis the features of information security and the BN model, draws a conclusion that BN model suit the risk calculating problem well. Then probability data are combined with the PEG model and PEG-BN model is constructed: (1) The model graph structure is determined by PEG; (2) The local conditional probability distributions are computed by Bayesian method which takes expertise knowledge as prior probability distribution; (3) The model parameters are updated with training data by Bayesian Networks learning, which containes the full data situation and part data situation also. The analysis of the example shows the model could evaluate the information security risk successfully.(4) A method of calculating information security risk events frequency based on PEG-BN is presentedTwo basic elements of calculating information security risk are risk events frequency and influence of risk events. Based on known data, PEG-BN can forecast and real-time evaluate not only information risk events frequency but also information risk, make sensitivity ananlysis of all elements in risk process, reflect the network information risk all-around.(5) An information security risk assessment system named ISRAS based on ISRAM is designed and developed. And a real network system is used to illustrate key methodologies presented in this thesis.更多还原