【摘要】：隨著移動(dòng)通信和互聯(lián)網(wǎng)技術(shù)發(fā)展,移動(dòng)互聯(lián)網(wǎng)已經(jīng)廣泛存在于人們的日常生活,未來(lái)將更多地融合到個(gè)人和企業(yè)的生活生產(chǎn)中,因此對(duì)移動(dòng)互聯(lián)網(wǎng)進(jìn)行安全風(fēng)險(xiǎn)評(píng)估成為必要。然而,互聯(lián)網(wǎng)在迅速發(fā)展的同時(shí)也帶來(lái)了越來(lái)越多的安全問(wèn)題,移動(dòng)終端問(wèn)題日益凸顯,移動(dòng)網(wǎng)絡(luò)安全在繼承了傳統(tǒng)網(wǎng)絡(luò)的安全問(wèn)題之上又產(chǎn)生了新的安全問(wèn)題,移動(dòng)業(yè)務(wù)平臺(tái)自身的脆弱性也帶來(lái)了越來(lái)越多的安全問(wèn)題。這些安全問(wèn)題的爆發(fā)可能會(huì)給移動(dòng)互聯(lián)網(wǎng)用戶帶來(lái)巨大的損失。因此,識(shí)別和規(guī)避移動(dòng)互聯(lián)網(wǎng)風(fēng)險(xiǎn),成為了當(dāng)下安全風(fēng)險(xiǎn)評(píng)估領(lǐng)域嚴(yán)峻的課題。 目前,對(duì)于移動(dòng)互聯(lián)網(wǎng)安全風(fēng)險(xiǎn)評(píng)估業(yè)界還缺乏針對(duì)性的合理的風(fēng)險(xiǎn)評(píng)估標(biāo)準(zhǔn)和針對(duì)性的量化評(píng)估方法,還不能夠全面且準(zhǔn)確地對(duì)移動(dòng)互聯(lián)網(wǎng)進(jìn)行安全風(fēng)險(xiǎn)評(píng)估。因此,本文對(duì)移動(dòng)互聯(lián)網(wǎng)進(jìn)行了深入的分析‘,并將移動(dòng)互聯(lián)網(wǎng)劃分為終端、管道和業(yè)務(wù)三個(gè)模塊,同時(shí)提出了基于風(fēng)險(xiǎn)域劃分的移動(dòng)互聯(lián)網(wǎng)風(fēng)險(xiǎn)評(píng)估模型,采用符合性分析、基于層次分析法的資產(chǎn)賦值評(píng)估方法,量化了各風(fēng)險(xiǎn)點(diǎn)和風(fēng)險(xiǎn)域,得到整體風(fēng)險(xiǎn)分布�；谠撛u(píng)估模型和評(píng)估方法,本文開(kāi)發(fā)了移動(dòng)互聯(lián)網(wǎng)風(fēng)險(xiǎn)評(píng)估系統(tǒng),涵蓋了移動(dòng)互聯(lián)網(wǎng)風(fēng)險(xiǎn)評(píng)估的整個(gè)流程,并以某移動(dòng)網(wǎng)絡(luò)單元的評(píng)估實(shí)踐為例,對(duì)模型和系統(tǒng)進(jìn)行了可行性驗(yàn)證。本文主要工作如下： 一、對(duì)移動(dòng)互聯(lián)網(wǎng)架構(gòu)進(jìn)行調(diào)研分析,將移動(dòng)互聯(lián)網(wǎng)劃分為終端、管道和業(yè)務(wù)三個(gè)模塊,并研究三個(gè)模塊目前面臨的主要安全威脅。同時(shí)調(diào)研了目前移動(dòng)互聯(lián)網(wǎng)風(fēng)險(xiǎn)評(píng)估現(xiàn)狀,提出從終端域、管道域和業(yè)務(wù)域?qū)σ苿?dòng)互聯(lián)網(wǎng)進(jìn)行風(fēng)險(xiǎn)評(píng)估的基本思想,確定了風(fēng)險(xiǎn)域劃分和結(jié)合層次分析法的風(fēng)險(xiǎn)量化的評(píng)估方法。 二、基于以上對(duì)移動(dòng)互聯(lián)網(wǎng)的劃分,構(gòu)建移動(dòng)互聯(lián)網(wǎng)評(píng)估模型。通過(guò)相關(guān)標(biāo)準(zhǔn)梳理移動(dòng)互聯(lián)網(wǎng)終端域的風(fēng)險(xiǎn)點(diǎn),并通過(guò)符合性檢查量化和權(quán)重賦值的方法對(duì)終端域的風(fēng)險(xiǎn)值進(jìn)行量化。對(duì)管道域和業(yè)務(wù)域采用風(fēng)險(xiǎn)量化方法分別對(duì)資產(chǎn)、威脅和脆弱性進(jìn)行識(shí)別,通過(guò)層次分析法得到其安全風(fēng)險(xiǎn)值。最終依據(jù)上述結(jié)果加權(quán)后得到整個(gè)移動(dòng)互聯(lián)網(wǎng)整體域的風(fēng)險(xiǎn)值。 三、結(jié)合以上評(píng)估模型和評(píng)估方法,本文設(shè)計(jì)并搭建了移動(dòng)互聯(lián)網(wǎng)風(fēng)險(xiǎn)評(píng)估系統(tǒng)。系統(tǒng)主要包含風(fēng)險(xiǎn)評(píng)估業(yè)務(wù)模塊、知識(shí)庫(kù)模塊和系統(tǒng)管理模塊,可對(duì)移動(dòng)互聯(lián)網(wǎng)風(fēng)險(xiǎn)評(píng)估提供全程支撐。系統(tǒng)持錄入符合性量化風(fēng)險(xiǎn)點(diǎn)、及基于資產(chǎn)的風(fēng)險(xiǎn)計(jì)算和整體風(fēng)險(xiǎn)評(píng)價(jià)等功能。 四、通過(guò)某運(yùn)營(yíng)商的移動(dòng)流媒體平臺(tái)作為對(duì)象,開(kāi)展移動(dòng)互聯(lián)網(wǎng)風(fēng)險(xiǎn)評(píng)估工作。用實(shí)踐結(jié)果證明評(píng)估模型和評(píng)估系統(tǒng)的可行性。
[Abstract]:With the development of mobile communication and Internet technology, mobile Internet has been widely used in people's daily life, and will be more integrated into the daily life of individuals and enterprises in the future. Therefore, it is necessary to evaluate the security risk of mobile Internet. However, the rapid development of the Internet also brings more and more security problems. The problem of mobile terminal becomes increasingly prominent. The security of mobile network not only inherits the security problems of traditional networks, but also brings about new security problems. The vulnerability of mobile service platform also brings more and more security problems. These security problems may bring huge losses to mobile Internet users. Therefore, the identification and avoidance of mobile Internet risks has become a serious issue in the field of security risk assessment. At present, the industry of mobile Internet security risk assessment is still lack of targeted and reasonable risk assessment standards and targeted quantitative assessment methods, and can not comprehensively and accurately carry out security risk assessment of mobile Internet. Therefore, this paper has carried on the thorough analysis to the mobile Internet, and divides the mobile Internet into the terminal, the pipeline and the service three modules, at the same time has proposed the mobile Internet risk assessment model based on the risk domain partition, adopts the conformity analysis. The evaluation method of asset assignment based on Analytic hierarchy process (AHP) quantifies each risk point and risk region and obtains the overall risk distribution. Based on the evaluation model and evaluation method, a mobile Internet risk assessment system is developed in this paper, which covers the whole process of mobile Internet risk assessment, and takes the evaluation practice of a mobile network unit as an example. The feasibility of the model and system is verified. The main work of this paper is as follows: first, the mobile Internet architecture is investigated and analyzed. The mobile Internet is divided into three modules: terminal, pipeline and business, and the main security threats faced by the three modules are studied. At the same time, the present situation of mobile Internet risk assessment is investigated, and the basic idea of mobile Internet risk assessment from terminal domain, pipeline domain and business domain is put forward. The risk domain division and the risk quantification evaluation method combined with AHP are determined. Second, based on the above division of mobile Internet, a mobile Internet evaluation model is constructed. The risk points of mobile Internet terminal domain are combed by relevant standards, and the risk value of terminal domain is quantified by means of conformity checking quantization and weight assignment. The risk quantification method is used to identify the assets, threats and vulnerabilities in pipeline domain and business domain respectively, and the security risk value is obtained by analytic hierarchy process (AHP). Finally, the risk value of the whole mobile Internet domain is obtained according to the above results. Thirdly, this paper designs and builds a mobile internet risk assessment system based on the above evaluation models and methods. The system mainly includes risk assessment business module, knowledge base module and system management module, which can provide full support for mobile Internet risk assessment. The system holds the functions of quantifying risk points of conformity, asset-based risk calculation and overall risk evaluation. Fourthly, through the mobile streaming media platform of a certain operator as the object, carry out the mobile Internet risk assessment work. The feasibility of the evaluation model and the evaluation system is proved by practical results.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類(lèi)號(hào)】：TP393.01;TN929.5

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 張仕成;;基于Google Android平臺(tái)的應(yīng)用程序開(kāi)發(fā)與研究[J];電腦知識(shí)與技術(shù);2009年28期

2 廖建新;移動(dòng)智能網(wǎng)技術(shù)的研發(fā)現(xiàn)狀及未來(lái)發(fā)展[J];電子學(xué)報(bào);2003年11期

3 班曉芳;佟鑫;;移動(dòng)互聯(lián)網(wǎng)安全威脅分析[J];電信技術(shù);2012年07期

4 唐杰;逯全芳;文紅;;基于AHP移動(dòng)終端系統(tǒng)的安全風(fēng)險(xiǎn)評(píng)估[J];信息安全與技術(shù);2013年03期

5 岳榮;李洪;;探討移動(dòng)互聯(lián)網(wǎng)安全風(fēng)險(xiǎn)及端到端的業(yè)務(wù)安全評(píng)估[J];電信科學(xué);2013年08期

6 黃志偉;付航;;解析移動(dòng)通信安全機(jī)制,構(gòu)建下一代可信網(wǎng)絡(luò)[J];電信工程技術(shù)與標(biāo)準(zhǔn)化;2009年07期

7 宋小倩;周東升;;基于Android平臺(tái)的應(yīng)用開(kāi)發(fā)研究[J];軟件導(dǎo)刊;2011年02期

8 王禎學(xué),戴宗坤,肖龍,王標(biāo);信息系統(tǒng)風(fēng)險(xiǎn)評(píng)估的數(shù)學(xué)方法[J];四川大學(xué)學(xué)報(bào)(自然科學(xué)版);2004年05期

9 王濱;劉剛;;動(dòng)態(tài)口令認(rèn)證方案的研究與改進(jìn)[J];計(jì)算機(jī)工程與設(shè)計(jì);2007年12期

10 紀(jì)元;蔣玉明;胡大裟;陳蓉;;基于免疫的網(wǎng)絡(luò)安全風(fēng)險(xiǎn)評(píng)估模型[J];計(jì)算機(jī)工程與設(shè)計(jì);2011年02期

，

本文編號(hào)：2146079