【作者】 李强；

【导师】 郭义喜； 张弘；

【作者基本信息】 解放军信息工程大学 ， 军事装备学， 2010， 硕士

【摘要】 信息安全度量是信息安全相关质量的量化和客观描述,反映系统在特定运行环境下的安全程度,是衡量信息系统或产品安全状态和运行能力的工具。安全产品的安全度量是改进安全管理过程,保证产品安全服务质量的必要手段,是信息安全度量研究的难点。论文探讨了IDS运行安全的度量开发技术与实践问题。首先,在对现有信息安全度量理论与实践的研究基础上,总结了安全度量的基本问题,给出了安全度量原理,明确了度量开发、度量执行以及度量结果评价三个阶段的度量过程。其次,从分析IDS运行安全因素入手,给出了IDS运行安全要素,针对度量开发这一基础性的问题,给出了开发模型,提出了基于故障树分析的IDS安全控制措施的确定方法,并分析了IDS安全控制措施类型和IDS运行安全的度量信息需求。然后,阐述了度量指标及其测量方法的开发与设计,对于知识库特性,提出一种通过以CVE为中介比较IDS知识库和安全策略的符合性的方法来度量;对于检测能力,采用基于信息熵理论的方法来综合分析入侵率、误报率以及漏报率对检测能力的影响;对于安全机制,通过分析其提供的保护质量来度量;对于安全加固,通过基于漏洞扫描的渗透测试方法来度量,同时结合园区网实际环境进行了初步验证。最后,针对安全度量过程中的数据处理和管理需求,描述了基于数据库系统的度量辅助系统的设计和实现。更多还原

【Abstract】 Information Security Metrics is a quantitative and objective description of the Information Security related quality. It represents the security level of a system operation in specific environment, is a tool to assess the security of a system and the capability of a product. The Security Management Measurement of Security Product is a necessary mean to improve security management process and its quality of service. The Security Management Measurement of Security Product is a nodus in the research on Information Security Metrics.This dissertation discussed the measurement development and practice problem of IDS operations security. Firstly, based on the research of the concept and the practice issues of Information Security Metrics, summarized the fundamental problem of security metrics and proposed the security metrics theory, and defined to three procedures of metrics: measures development, measurement implement and measurement outcome evaluation. Then, through researching from IDS operations security propose the element of IDS operations security. Contrapose this fundamental problem of metrics development,a model of metrics development is given. In measures development process, the Fault Tree Analysis method is used for confirm IDS security countermeasures.Analysed the types of IDS security countermeasures and metrics information requirement of IDS operations security.And then,introduced the emploder and designing of metric indicators and its measurement methods. As to the character of repository,a CVE based measurement method is designed for measuring policy compliance and an Information-Theoretic. As to detection capability,base on the information entropy method synthetically analysis the impact of detection capability through intrusion rate、False-Positive rate and False-Negative rate.As to Security Mechanisms,measured by analysising the protect quality.As to security reinforcement,measured based on penetration test method of vulnerability scan,and initially verificated in the real campus network entironment.Finally, a database based measurement assistant system is designed in the need of data processing and management in the measurement process.更多还原