【作者】 欧阳满；

【导师】 罗群；

【作者基本信息】 北京邮电大学 ， 密码学， 2013， 硕士

【摘要】 随着信息高速公路的搭建及其高速发展,网络已经成为全球信息通信基础设施中不可或缺的主要组成部分,无论是军事、生活还是文化上,都起着重要的作用。由于计算机网络的开放性、共享性、实时性等特性,网络信息系统的风险也明显的暴露了出来,系统的设计缺陷以及漏洞被黑客加以不同程度的利用,造成了对网络系统的非正当攻击,致使数据信息的保密性、完整性、可用性、权限、不可否认性、可控性等特性受到了来自不同网络攻击的巨大威胁。在当今全球信息化的网络环境当中,Internet本身所具有的共享性和开放性很大程度上为黑客们寻找系统漏洞发起网络攻击开启了不少“后门”,提高网络系统的网络攻击防御能力,即抗攻击性能应该得到重视。对网络主机系统的抗攻击性能进行量化评估无疑成为风险对抗的一个重要手段和参考标准,鉴于此,本文在基于攻击损益的网络抗攻击性能评估指标体系的基础上提出了相应的计算模型,针对不同类型、不同层次的抗攻击性能指标做出定量和定性加定量组合分析的量化处理,使得网络系统的不同风险更直观更清晰的为用户、管理员所掌握,并且及时对这些风险进行修复和弥补,剔除网络风险因素,降低网络系统的损失程度,最重要的是对当前网络系统的安全性和防御能力有更加清楚的认识。最后,通过一个具体的网络攻击实例,采用所提出的计算模型,对整个攻击所体现出的网络主机系统的抗攻击性能做出一次完整的评价。更多还原

【Abstract】 With the structures and the rapid development of the information superhighway, internet has become an important part of the global information communication infrastructure and played an important role in military, life and culture. Because of the openness, sharing and real-time characteristics, the risk of network information system exposed. The system design defects and vulnerabilities are exploited in different degrees by the hackers to make unjustified attacks to the network system, resulting in a huge threat to the confidence, integrity, availability, privilege, non-repudiation and controllability of the information data from various network attacks.Given the above problems, a concept of "attack resistance" is suggested by this article, used to distinguish the basic network risk classification. With the excavation to the mainstream attacking database, the atomic risk classification came out, causing the result of index system for network risk assessment based on atomic risk, which can be divided into "host risk-property-assessment index-acquisition index". The whole index system has laid an important foundation for the risk assessment process to take a bottom-up evaluation process, calculating the upper index by the lower index and finally the quantitative value of the host risk.更多还原