網(wǎng)絡安全評估理論及其關(guān)鍵技術(shù)研究
發(fā)布時間:2018-07-26 13:38
【摘要】:在互聯(lián)網(wǎng)迅速發(fā)展的同時,各種新型的網(wǎng)絡攻擊手段也在不斷涌現(xiàn),導致網(wǎng)絡信息安全問題變得十分突出。因此,面對各種網(wǎng)絡威脅,必須采取有效措施來保證網(wǎng)絡系統(tǒng)的正常運行。但是,傳統(tǒng)的被動型安全防御技術(shù)已無法滿足人們的需要,于是國內(nèi)外學者紛紛致力于研究主動的網(wǎng)絡安全分析與評估方法,其目的是主動分析網(wǎng)絡中存在的安全隱患,并根據(jù)分析結(jié)果采取適當措施來降低網(wǎng)絡的安全風險,而如何準確高效地對網(wǎng)絡安全性進行評估就顯得尤為重要,已成為當前網(wǎng)絡安全領(lǐng)域的一個研究熱點。本文以計算機網(wǎng)絡安全性為核心,采用Petri網(wǎng)、博弈論、隨機過程、模糊數(shù)學等理論,對網(wǎng)絡安全評估中涉及的評估模型構(gòu)建以及安全評估方法等關(guān)鍵技術(shù)進行了深入的研究。本文的主要工作包括以下四個方面:首先,研究了網(wǎng)絡攻擊行為的建模技術(shù)。針對現(xiàn)有模型大多欠缺對并發(fā)性和協(xié)作性攻擊過程描述能力的問題,提出一種基于廣義隨機著色Petri網(wǎng)(Generalized Stochastic Colored Petri Net,GSCPN)的網(wǎng)絡安全評估模型(GSCPN based Network Security Assessment Model,GSCPN-NSAM)。該模型適于描述并發(fā)性和協(xié)作性攻擊,可利用著色Petri網(wǎng)的顏色集來表示攻擊相關(guān)屬性,同時可以基于隨機Petri網(wǎng)對系統(tǒng)的性能進行評估。給出了評估模型的相關(guān)性質(zhì)、建立算法以及模型的正確性驗證方法,并且對模型的復雜度進行了度量。考慮到實際環(huán)境中網(wǎng)絡規(guī)模過大容易導致模型節(jié)點數(shù)過多的問題,在模型的構(gòu)建過程中引入了層次化思想,通過性能等價化簡來降低模型的復雜度。其次,研究了網(wǎng)絡脆弱性的分析方法。針對傳統(tǒng)網(wǎng)絡脆弱性分析方法的不足,重點研究了基于GSCPN-NSAM模型的網(wǎng)絡脆弱性分析方法。首先,提出一種基于GSCPN-NSAM模型的最佳攻擊路徑分析方法,該方法通過計算每條攻擊路徑的時間代價來預測最佳攻擊路徑,能夠避免現(xiàn)有方法中計算攻擊成功概率容易出現(xiàn)的問題,其分析結(jié)果可以指導網(wǎng)絡管理人員在安全風險最大的路徑上加強防御;其次,提出一種基于GSCPN-NSAM模型的網(wǎng)絡安全加固措施制定方法,該方法引入主機節(jié)點利用率指數(shù)和主機節(jié)點關(guān)鍵度等概念,通過計算主機節(jié)點的關(guān)鍵度對網(wǎng)絡中需要修補的脆弱節(jié)點進行排序,在此基礎上根據(jù)最大節(jié)點關(guān)鍵度優(yōu)先的原則逐步對目標網(wǎng)絡進行安全加固,從而提高了網(wǎng)絡整體的安全性。再次,研究了網(wǎng)絡安全風險的評估方法。指出現(xiàn)有風險評估方法中存在模糊因素不便統(tǒng)計,以及不適用于對經(jīng)驗知識進行建模與推理的問題。為解決這一問題,本文提出一種基于模糊Petri網(wǎng)的網(wǎng)絡安全風險評估方法。建立了網(wǎng)絡安全風險評估指標體系,并根據(jù)該指標體系構(gòu)建模糊Petri網(wǎng)模型。給出了一種基于模糊Petri網(wǎng)的系統(tǒng)風險模糊推理算法,該算法運用矩陣運算進行推理,充分地利用了模糊Petri網(wǎng)的并行處理能力,同時結(jié)合層次分析法,定性與定量分析相結(jié)合地評估網(wǎng)絡系統(tǒng)的安全風險。與傳統(tǒng)的風險綜合評估方法相比,本文提出的方法在評估過程中還加入了對風險因素事件可信度的分析,從而使評估結(jié)果更加準確和客觀。最后,從攻防博弈的角度研究了網(wǎng)絡安全最優(yōu)防御策略的選取問題。針對網(wǎng)絡攻防雙方在攻防博弈分析中無法對雙方的損益情況做出準確判斷的問題,將三角模糊數(shù)的概念引入到博弈模型,提出一種基于三角模糊矩陣博弈的最優(yōu)防御策略選取方法。給出了基于三角模糊矩陣的博弈算法,該算法通過求解三角模糊矩陣博弈的納什均衡,可以幫助防御者預測可能的攻擊行為,以及選取最優(yōu)的防御策略。此外,利用重復博弈理論對攻防雙方存在的長期對抗關(guān)系進行了分析。實例分析表明,引入三角模糊概念更加符合實際情況,提高了分析結(jié)果的準確性和有效性。
[Abstract]:With the rapid development of the Internet, a variety of new network attack means are constantly emerging, causing the problem of network information security to become very prominent. Therefore, in the face of various network threats, effective measures must be taken to ensure the normal operation of the network system. However, the traditional passive security defense technology has been unable to meet the needs of people. As a result, scholars at home and abroad have devoted themselves to the study of active network security analysis and evaluation methods. The purpose is to analyze the security risks existing in the network actively, and to take appropriate measures to reduce the security risk of the network according to the results of the analysis, and how to evaluate the security of the network accurately and efficiently is particularly important. At the core of the network security, this paper takes the computer network security as the core, uses Petri net, game theory, random process, fuzzy mathematics and so on, and studies the key technologies such as the evaluation model construction and the security evaluation method involved in the network security assessment. The main work of this paper includes the following The four aspects: first, the modeling technology of network attack behavior is studied. Aiming at the problem that most of the existing models are lacking in the description ability of concurrency and cooperative attack process, a network security assessment model based on Generalized Stochastic Colored Petri Net (GSCPN) is proposed (GSCPN based Network Security). Assessment Model, GSCPN-NSAM). The model is suitable for describing concurrency and cooperative attacks. The color set of the colored Petri net can be used to represent the related attributes of the attack. At the same time, the performance of the system can be evaluated based on the random Petri net. The related properties of the evaluation model, the building algorithm and the correctness verification method of the model are given, and The complexity of the model is measured. Considering the problem that the network size is too large and the number of model nodes is too large in the actual environment, the hierarchical idea is introduced in the process of building the model, and the complexity of the model is reduced by the simplification of the performance equivalence. Secondly, the analysis method of network vulnerability is studied. The deficiency of the method of sex analysis is focused on the method of network vulnerability analysis based on GSCPN-NSAM model. First, an optimal attack path analysis method based on GSCPN-NSAM model is proposed. This method can predict the best attack path by calculating the time cost of each attack path, and can avoid the success of the calculation attack in the existing method. The analysis results can guide the network managers to strengthen the defense in the path of maximum security risk. Secondly, a method based on the GSCPN-NSAM model is proposed for the establishment of network security reinforcement measures. The method introduces the concept of the host node utilization index and the key degree of the main machine node, and calculates the host nodes. The key degree is to sort the vulnerable nodes which need to be repaired in the network. On this basis, the security of the target network is strengthened gradually according to the principle of maximum node key degree priority, thus improving the security of the network as a whole. Again, the evaluation method of the network security risk is studied. In order to solve this problem, this paper presents a network security risk assessment method based on fuzzy Petri net, establishes a network security risk assessment index system, and constructs a fuzzy Petri net model based on the index system. A fuzzy P based on fuzzy P is given. The fuzzy inference algorithm of system risk in ETRI network, which uses matrix operation to reasoning, makes full use of the parallel processing ability of fuzzy Petri net, and combines the analytic hierarchy process and qualitative and quantitative analysis to evaluate the security risk of the network system. Compared with the traditional comprehensive assessment method of wind risk, the method proposed in this paper is in the end. In the course of the evaluation, the reliability of the risk factors is also analyzed, so that the evaluation results are more accurate and objective. Finally, the selection of the optimal defense strategy for network security is studied from the angle of attack and defense game. The concept of triangular fuzzy number is introduced into the game model, and an optimal defense strategy selection method based on triangular fuzzy matrix game is proposed. A game algorithm based on triangular fuzzy matrix is given. By solving the Nash equilibrium of triangular fuzzy matrix game, the algorithm can help the defender to predict the possible attack behavior, and the selection of the algorithm. In addition, the repeated game theory is used to analyze the long-term confrontation relationship between the two parties in the attack and defense. The example analysis shows that the introduction of the concept of triangular fuzzy is more consistent with the actual situation, and improves the accuracy and effectiveness of the analysis results.
【學位授予單位】:解放軍信息工程大學
【學位級別】:博士
【學位授予年份】:2014
【分類號】:TP393.08
本文編號:2146185
[Abstract]:With the rapid development of the Internet, a variety of new network attack means are constantly emerging, causing the problem of network information security to become very prominent. Therefore, in the face of various network threats, effective measures must be taken to ensure the normal operation of the network system. However, the traditional passive security defense technology has been unable to meet the needs of people. As a result, scholars at home and abroad have devoted themselves to the study of active network security analysis and evaluation methods. The purpose is to analyze the security risks existing in the network actively, and to take appropriate measures to reduce the security risk of the network according to the results of the analysis, and how to evaluate the security of the network accurately and efficiently is particularly important. At the core of the network security, this paper takes the computer network security as the core, uses Petri net, game theory, random process, fuzzy mathematics and so on, and studies the key technologies such as the evaluation model construction and the security evaluation method involved in the network security assessment. The main work of this paper includes the following The four aspects: first, the modeling technology of network attack behavior is studied. Aiming at the problem that most of the existing models are lacking in the description ability of concurrency and cooperative attack process, a network security assessment model based on Generalized Stochastic Colored Petri Net (GSCPN) is proposed (GSCPN based Network Security). Assessment Model, GSCPN-NSAM). The model is suitable for describing concurrency and cooperative attacks. The color set of the colored Petri net can be used to represent the related attributes of the attack. At the same time, the performance of the system can be evaluated based on the random Petri net. The related properties of the evaluation model, the building algorithm and the correctness verification method of the model are given, and The complexity of the model is measured. Considering the problem that the network size is too large and the number of model nodes is too large in the actual environment, the hierarchical idea is introduced in the process of building the model, and the complexity of the model is reduced by the simplification of the performance equivalence. Secondly, the analysis method of network vulnerability is studied. The deficiency of the method of sex analysis is focused on the method of network vulnerability analysis based on GSCPN-NSAM model. First, an optimal attack path analysis method based on GSCPN-NSAM model is proposed. This method can predict the best attack path by calculating the time cost of each attack path, and can avoid the success of the calculation attack in the existing method. The analysis results can guide the network managers to strengthen the defense in the path of maximum security risk. Secondly, a method based on the GSCPN-NSAM model is proposed for the establishment of network security reinforcement measures. The method introduces the concept of the host node utilization index and the key degree of the main machine node, and calculates the host nodes. The key degree is to sort the vulnerable nodes which need to be repaired in the network. On this basis, the security of the target network is strengthened gradually according to the principle of maximum node key degree priority, thus improving the security of the network as a whole. Again, the evaluation method of the network security risk is studied. In order to solve this problem, this paper presents a network security risk assessment method based on fuzzy Petri net, establishes a network security risk assessment index system, and constructs a fuzzy Petri net model based on the index system. A fuzzy P based on fuzzy P is given. The fuzzy inference algorithm of system risk in ETRI network, which uses matrix operation to reasoning, makes full use of the parallel processing ability of fuzzy Petri net, and combines the analytic hierarchy process and qualitative and quantitative analysis to evaluate the security risk of the network system. Compared with the traditional comprehensive assessment method of wind risk, the method proposed in this paper is in the end. In the course of the evaluation, the reliability of the risk factors is also analyzed, so that the evaluation results are more accurate and objective. Finally, the selection of the optimal defense strategy for network security is studied from the angle of attack and defense game. The concept of triangular fuzzy number is introduced into the game model, and an optimal defense strategy selection method based on triangular fuzzy matrix game is proposed. A game algorithm based on triangular fuzzy matrix is given. By solving the Nash equilibrium of triangular fuzzy matrix game, the algorithm can help the defender to predict the possible attack behavior, and the selection of the algorithm. In addition, the repeated game theory is used to analyze the long-term confrontation relationship between the two parties in the attack and defense. The example analysis shows that the introduction of the concept of triangular fuzzy is more consistent with the actual situation, and improves the accuracy and effectiveness of the analysis results.
【學位授予單位】:解放軍信息工程大學
【學位級別】:博士
【學位授予年份】:2014
【分類號】:TP393.08
【參考文獻】
相關(guān)期刊論文 前10條
1 吳迪;連一峰;陳愷;劉玉嶺;;一種基于攻擊圖的安全威脅識別和分析方法[J];計算機學報;2012年09期
2 吳迪;馮登國;連一峰;陳愷;;一種給定脆弱性環(huán)境下的安全措施效用評估模型[J];軟件學報;2012年07期
3 王會梅;鮮明;王國玉;;基于擴展網(wǎng)絡攻擊圖的網(wǎng)絡攻擊策略生成算法[J];電子與信息學報;2011年12期
4 陳亞睿;田立勤;楊揚;;云計算環(huán)境下基于動態(tài)博弈論的用戶行為模型與分析[J];電子學報;2011年08期
5 陳鋒;劉德輝;張怡;蘇金樹;;基于威脅傳播模型的層次化網(wǎng)絡安全評估方法[J];計算機研究與發(fā)展;2011年06期
6 王元卓;林闖;程學旗;方濱興;;基于隨機博弈模型的網(wǎng)絡攻防量化分析方法[J];計算機學報;2010年09期
7 付鈺;吳曉平;葉清;彭熙;;基于模糊集與熵權(quán)理論的信息系統(tǒng)安全風險評估研究[J];電子學報;2010年07期
8 吳詩輝;楊建軍;郭乃林;;三角模糊矩陣博弈的最優(yōu)策略研究[J];系統(tǒng)工程與電子技術(shù);2009年05期
9 苘大鵬;周淵;楊武;楊永田;;用于評估網(wǎng)絡整體安全性的攻擊圖生成方法[J];通信學報;2009年03期
10 劉密霞;張秋余;鄒曉;余冬梅;;基于擴展CPN的多源數(shù)據(jù)報警相關(guān)性[J];吉林大學學報(工學版);2009年02期
,本文編號:2146185
本文鏈接:http://sikaile.net/guanlilunwen/ydhl/2146185.html
最近更新
教材專著
