【作者】 王赫；

【导师】 唐朔飞；

【作者基本信息】 哈尔滨工业大学 ， 计算机科学与技术， 2007， 硕士

【摘要】 伴随着网络的应用与发展,互联网中充斥着大量的安全事件。网络攻击的速度越来越快、规模越来越大、自动化程度也越来越高。对网络安全事件进行态势感知,了解安全事件在网络中的传播特性,将具有十分重要的意义。本文从网络安全事件的传播过程出发,对安全事件的传播态势进行分析,从中发掘出影响安全事件传播态势的三大要素:主机漏洞、安全事件的攻击特征和基础环境。主机漏洞的不同会影响该主机的感染概率,进而网络中不同的主机漏洞分布情况,便会对安全事件的传播产生影响;攻击方式的不同,会使安全事件具有不同的特性,表现在传播态势上也会有所不同;基础环境包括:拓扑结构、路由策略、网络带宽、网络延迟等,基础环境的改变亦会对传播态势有所影响,其中拓扑特性的不同对网络安全事件传播态势的影响,往往被人们所忽略,本文对其进行了较为深入的阐述,并从中提取出若干影响传播的描述拓扑结构的特征指标。在提取出影响传播态势的因素后,本文以蠕虫这一安全事件为例,利用NS-2模拟器,模拟在不同影响因素下蠕虫的发生过程,对不同因素的影响进行了验证分析。在综合考虑以上因素的基础上,本文最后提出了安全态势传播指数的这一特征指标参数,用以描述不同安全事件的传播态势,并给出了其形式化公式,并且对其在网络安全事件传播态势分析中的应用进行了探讨。更多还原

【Abstract】 With the development and application of the network, Internet is flooded with a large number of security incidents. Network attack has increasingly rapid pace and its scale become larger and larger. The degree of automation has also been growing. It would have great significance to know the situation awareness and understand network security incidents in the propagation characteristics.From the propagation process of network security incidents, we study the situation transmission and dig out three major factors from the impact of security incidents spread trend: the host vulnerability, the different attack mode of security incidents and the environmental characteristics. The host with different vulnerabilities will have different infected probability. Then the different distribution of network hosts with vulnerabilities will affect the spread of security incidents. Different modes of attacks will make security incidents have different characteristics and the performance in the spread will be different. Basic environment include topology, routing strategy, network bandwidth and network delay etc. The changes in the environment will also have an impact on the spread. The impact of topological characteristics is often overlooked by the people. This paper tries to carry more in-depth exposition about topological characteristics and extract several attributes to description the impact of them.This paper use wormer as an example of security incidents. After extracting the affect factors, we use NS-2 simulator to simulate the behavior of wormer to test and analyse the influence of different factors.Considering the above factors, this paper put forward a characteristic parameter to description the spread features which is called Security Situation Transmission Parameter. We give its formal formula and then discuss the application of the parameter in the analysis of the network security incidents situation transmission.更多还原