【作者】 康峰；

【导师】 彭新光；

【作者基本信息】 太原理工大学 ， 计算机应用技术， 2007， 硕士

【摘要】 随着Internet和信息技术的迅速普及，网络信息安全已经成为人们日益关注的焦点问题。通常攻击者和病毒是利用系统的安全漏洞侵入目标系统的。因此，在漏洞被攻击者利用之前，主动地扫描和检测目标系统的安全漏洞，并根据检测数据对目标进行风险分析与评估是至关重要的，其已经成为目前网络安全研究的热点。传统的风险评估系统存在以下不足：扫描模块和评估模块不能在网络中移动，限制了评估的速度和范围。为解决这些不足，我们引入移动Agent技术。利用移动Agent技术来改进扫描方式和评估方式，同时降低传统系统对网络带宽的依赖程度，提高系统的服务能力和工作效率。本文首先介绍了系统漏洞的定义、产生原因，并详细分析了漏洞扫描实现的关键技术。在此基础上，本文还介绍了风险评估的标准、原则、分析方法和评估算法。然后对移动Agent的理论和技术进行了深入的研究，介绍了移动Agent的体系结构和关键技术，并对当前比较典型的移动Agent系统进行了分析和比较。其次，本文将移动Agent理论和风险评估技术相结合，设计并验证了一种移动Agent风险评估模型。该模型由漏洞扫描、结果处理和风险评估三层组成。它根据客户对评估规则的详细设置，利用移动Agent去扫描目标系统，得出系统漏洞，并根据漏洞情况得出目标系统的风险等级，从而为客户提供详细评估结论和安全建议。文中还详细介绍了模型中所采用的总控Agent、漏洞扫描Agent和风险评估Agent的功能及实现的关键技术。最后对该模型的优点及不足进行了分析和总结。在模型设计的基础上，本文还对移动Agent风险评估模型进行了验证。该实验系统搭建在移动Agent平台Aglet上。在实验过程中，系统对目标系统进行漏洞扫描，初步实现移动Agent风险评估模型。当客户登陆系统设置评估信息，发出评估请求时，由系统中的总控Agent在本地产生扫描调度Agent和扫描Agent，发送移动Agent到目标系统上执行漏洞扫描，获得目标系统的漏洞信息。然后评估Agent根据返回的漏洞信息，利用先前设计好的评估算法，得出目标系统的风险等级。最后将系统的漏洞信息、评估信息和安全建议返回给客户。文中介绍了系统的总体设计和各个子模块的功能，并对其中的关键技术进行了详细的分析。实验较好的体现了移动Agent在风险评估模型中所具有的节约网络带宽、减轻本地CPU负担及提高系统工作效率等优点。风险评估技术是我国新兴的研究领域，是网络安全中重要的组成部分。本文对移动Agent风险评估技术进行较为深入的研究，并取得了一些初步的研究成果，具有一定的参考价值。更多还原

【Abstract】 With the rapid development of Internet and communication technology, network information security has become the focus of people’s attention. Generally speaking, attackers and virus intrude into the target system by utilizing security vulnerabilities. Therefore, scanning and examining security vulnerabilities of target system actively, then analyzing and assessing risk of the target system according to the scan result are very necessary. And this technique has become the focus of network security research.The traditional risk assessment system has some disadvantages. Because the scanning module and assessing module could not move in the net, the velocity and area of assessment are confined. So Mobile Agent technique is imported to make up these disadvantages. Mobile Agent technique could improve the mode of scan and assess, reduce the traditional system’s dependence on the bandwidth of net, enhance the service ability and work efficiency of the system.Firstly, the definition and the cause of system vulnerabilities are studied, and some key technologies of network vulnerability scan are analyzed detailedly. Furthermore, some standards, principles, analysis methods and assessment arithmetics of the risk assessment are introduced. And then the theory and technology of Mobile Agent are studied, its architecture and key technique are introduced, and the analysis as well as comparison of typical Mobile Agent systems is also given out.Secondly, combining Mobile Agent theory and risk assessment technology, a kind of Mobile Agent risk assessment model has been brought forward. The model is composed of three layers: vulnerability scan layer, result management layer and risk assessment layer. In order to get the target system’s vulnerabilities, Mobile Agent is used to scan the system according to user’s particular setting of assessment rules. And then the risk grade of target system is given out for providing user particular assessment result and security advice. The function and key technique of Control Agent, Scan Agent and Assessment Agent in the model are also introduced detailedly in the thesis. At last adventages and disadventages of the Model is educed.On the base of model design, an experiment of Mobile Agent risk assessment model called MARAM also is designed. The experimental system is based on Mobile Agent platform Aglet. In the process of experiment, the target system is scanned according to facility condition, and the function of Mobile Agent risk assessment model is primarily implemented. When a user logs in the system for setting assessment information and sends out assessment requirement, the Control Agent will dispatch Scan Agent which is generated locally to target system to scan vulnerabilities and get vulnerabilities information. Then Assessment Agent can educe the risk grade of target system by utilizing assessment arithmetic according to vulnerabilities information. Finally vulnerabilities information, assessment information and security advice will be returned to the user. The global design of system and function of sub-system are given out, and key techniques of system are also analyzed in this paper. The experiment preferably educes the advantages of saving network bandwidth, lightening burden of local CPU and improving system efficiency by using Mobile Agent.Risk assessment technology is a fresh research field in our country, and is an important part of network security. The Mobile Agent risk assessment technology is studied, and some primary research fruits are achieved in this dissertation, that will be valuable and have a good prospect to some certain extend.更多还原