本文選題：漏洞危害評估　切入點：層次分析法　出處：《西北大學》2014年碩士論文

【摘要】：信息技術已經(jīng)廣泛應用于人們生活中的各個領域。但是近年來網(wǎng)絡安全事件頻發(fā),安全問題突出。安全問題已經(jīng)成為制約網(wǎng)絡健康發(fā)展的關鍵因素。研究表明,系統(tǒng)安全漏洞是信息安全風險的主要根源之一。漏洞的產生不可避免,而漏洞造成的危害又非常嚴重,因此,對漏洞及其相關分析技術的研究意義重大。安全漏洞的危害評估是安全漏洞研究的重要組成部分,確定漏洞的危害程度是安全漏洞分析和系統(tǒng)風險評估等的研究基礎,因此,對于漏洞危害等級評估的研究非常重要。 本文結合安全漏洞評估領域的研究成果和發(fā)展趨勢,針對如何全面分析與準確量化漏洞的危害程度這一問題展開研究,全文的主要工作如下： 1)介紹漏洞危害評估相關理論及評估技術發(fā)展狀況,對現(xiàn)有的CVSS、CVRS等評估方法的實現(xiàn)過程進行總結和分析。 2)漏洞危害評估要素的分析。為實現(xiàn)更加全面的評估,分析典型漏洞棧溢出漏洞的利用過程和利用技術。分析漏洞危害程度的影響要素并結合已有研究成果,最終選取可利用性和安全影響兩方面評估要素對漏洞危害進行評估,使得評估更加準確全面。 3)基于模糊理論的漏洞危害等級量化評估模型的建立。論述使用模糊理論對漏洞進行量化評估的實現(xiàn)過程。利用層次分析法為各指標分配權重,利用模糊綜合判斷法得到漏洞危害等級,提高評估的客觀性。利用評估實驗,將本文方法與類似方法進行比較,通過對實驗結果的分析,表明本文所使用方法是合理有效的。 4)評估系統(tǒng)的實現(xiàn)。在以上研究的基礎上,設計實現(xiàn)了一個漏洞評估系統(tǒng),實現(xiàn)自動化的漏洞危害等級評估。
[Abstract]:Information technology has been widely used in every field of people's life. However, in recent years, network security incidents occur frequently and security problems are prominent. Security issues have become the key factor restricting the healthy development of network. System security vulnerability is one of the main sources of information security risk. The research on vulnerability and its related analysis technology is of great significance. The hazard assessment of security vulnerability is an important part of security vulnerability research. Determining the harm degree of vulnerability is the basis of security vulnerability analysis and system risk assessment. It is very important to study the vulnerability level evaluation. Combined with the research results and development trends in the field of security vulnerability assessment, this paper focuses on how to comprehensively analyze and accurately quantify the vulnerability damage. The main work of this paper is as follows:. 1) introduce the relevant theory of vulnerability assessment and the development of evaluation technology, summarize and analyze the implementation process of existing CVSS / CVRS evaluation methods. 2) Analysis of vulnerability risk assessment elements. In order to achieve a more comprehensive assessment, this paper analyzes the utilization process and utilization technology of typical vulnerability stack spillover vulnerabilities, analyzes the influencing factors of vulnerability damage degree and combines the existing research results. Finally, the vulnerability assessment elements are selected in terms of availability and security impact, which makes the assessment more accurate and comprehensive. 3) the establishment of quantitative evaluation model of vulnerability damage grade based on fuzzy theory. The realization process of quantitative evaluation of vulnerability using fuzzy theory is discussed. The weight of each index is assigned by AHP. The fuzzy comprehensive judgment method is used to obtain the vulnerability damage grade and improve the objectivity of the evaluation. The evaluation experiment is used to compare this method with the similar method. The analysis of the experimental results shows that the method used in this paper is reasonable and effective. 4) the realization of the evaluation system. Based on the above research, a vulnerability assessment system is designed and implemented to realize the automatic vulnerability assessment.
【學位授予單位】：西北大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP393.08

【參考文獻】

相關期刊論文 前10條

1 楊宏宇;謝麗霞;朱丹;;漏洞嚴重性的灰色層次分析評估模型[J];電子科技大學學報;2010年05期

2 吳舒平;張玉清;;漏洞庫發(fā)展現(xiàn)狀的研究及啟示[J];計算機安全;2010年11期

3 張永錚;方濱興;遲悅;;計算機弱點數(shù)據(jù)庫綜述與評價[J];計算機科學;2006年08期

4 夏陽;陸余良;;計算機主機及網(wǎng)絡脆弱性量化評估研究[J];計算機科學;2007年10期

5 李毅超;劉丹;韓宏;盧顯良;;緩沖區(qū)溢出漏洞研究與進展[J];計算機科學;2008年01期

6 李鑫;李京春;鄭雪峰;張友春;王少杰;;一種基于層次分析法的信息系統(tǒng)漏洞量化評估方法[J];計算機科學;2012年07期

7 王秋艷;張玉清;;一種通用漏洞評級方法[J];計算機工程;2008年19期

8 肖云;彭進業(yè);王選宏;;基于屬性綜合評價系統(tǒng)的漏洞靜態(tài)嚴重性評估[J];計算機應用;2010年08期

9 張璽;黃曙光;夏陽;宋舜宏;;一種基于攻擊圖的漏洞風險評估方法[J];計算機應用研究;2010年01期

10 朱麗娜;張作昌;馮力;;層次化網(wǎng)絡安全威脅態(tài)勢評估技術研究[J];計算機應用研究;2011年11期

，

本文編號：1666561