【摘要】：隨著計算機和網(wǎng)絡(luò)技術(shù)的快速發(fā)展,網(wǎng)絡(luò)安全問題日益突出。對網(wǎng)絡(luò)系統(tǒng)進(jìn)行安全風(fēng)險評估,是一種獲取并掌握網(wǎng)絡(luò)信息系統(tǒng)目前及未來安全狀態(tài)的重要手段,對降低或者消除各種攻擊給網(wǎng)絡(luò)帶來的損失具有重要的現(xiàn)實意義�；谝�(guī)則或掃描工具的評估方法具有一定的局限性,一般只能對網(wǎng)絡(luò)進(jìn)行局部的評估,或者只能檢驗網(wǎng)絡(luò)系統(tǒng)是否存在已知的弱點,而要對網(wǎng)絡(luò)系統(tǒng)進(jìn)行全面的風(fēng)險評估并且發(fā)現(xiàn)一些新的潛在的漏洞或滲透變遷造成的網(wǎng)絡(luò)風(fēng)險,就需要依靠基于模型的評估方法。目前,現(xiàn)有的基于模型的網(wǎng)絡(luò)安全風(fēng)險量化評估方法普遍存在忽視網(wǎng)絡(luò)節(jié)點關(guān)聯(lián)性,計算效率低,無法適用于大規(guī)模網(wǎng)絡(luò)的評估,無法區(qū)分不同重要程度資產(chǎn)風(fēng)險的差異性等問題。針對上述不足,本文從三個方面展開研究工作:研究了可刻畫網(wǎng)絡(luò)中每個節(jié)點風(fēng)險狀態(tài)的基于隱馬爾可夫模型的評估方法;改進(jìn)了可以重點突出網(wǎng)絡(luò)攻防博弈中人為因素對網(wǎng)絡(luò)安全狀況影響的基于博弈理論的量化評估方法;綜合上述方法優(yōu)勢,提出了一種優(yōu)化的基于馬爾可夫博弈模型的網(wǎng)絡(luò)安全風(fēng)險評估方法。完成的具體工作如下:1.提出了節(jié)點相關(guān)的實時網(wǎng)絡(luò)安全風(fēng)險量化評估方法。在基于隱馬爾可夫模型對網(wǎng)絡(luò)安全風(fēng)險的量化評估過程中,通過引入網(wǎng)絡(luò)節(jié)點關(guān)聯(lián)性,解決了已有網(wǎng)絡(luò)安全風(fēng)險量化評估方法中普遍忽視節(jié)點關(guān)聯(lián)性的問題;考慮了主機的相對重要性,以此刻畫不同重要程度的主機對網(wǎng)絡(luò)風(fēng)險貢獻(xiàn)的差異性。仿真實驗表明該方法更加契合網(wǎng)絡(luò)實際情況,提高了評估的準(zhǔn)確性。2.改進(jìn)了基于博弈模型的網(wǎng)絡(luò)風(fēng)險量化評估方法。網(wǎng)絡(luò)風(fēng)險存在的根本原因與人的利益驅(qū)動有很大的關(guān)系,考慮到網(wǎng)絡(luò)攻防博弈中人為因素對網(wǎng)絡(luò)風(fēng)險的影響,采用兩人零和博弈模型描述網(wǎng)絡(luò)攻防博弈過程,通過細(xì)化模型中的攻防策略,以較低的復(fù)雜度更為準(zhǔn)確地計算博弈雙方的收益;此外,對博弈雙方的獲利與代價指標(biāo)進(jìn)行了具體的分析與量化,為計算網(wǎng)絡(luò)風(fēng)險值提供參考依據(jù);在網(wǎng)絡(luò)風(fēng)險計算過程中,通過對不同節(jié)點進(jìn)行區(qū)分,突出了不同重要性節(jié)點的風(fēng)險大小對網(wǎng)絡(luò)安全狀況影響的差異性。3.優(yōu)化了基于馬爾可夫博弈理論的風(fēng)險評估方法。首先,將攻擊威脅和漏洞信息分別進(jìn)行歸類處理,減小了狀態(tài)空間,使得模型輸入規(guī)模大大降低,提高了對大規(guī)模網(wǎng)絡(luò)進(jìn)行評估的效率;其次,依據(jù)攻擊與漏洞嚴(yán)重程度的量化值給出了網(wǎng)絡(luò)風(fēng)險狀況的量化評估,刻畫更加直觀且貼近風(fēng)險產(chǎn)生根源;另外,考慮到資產(chǎn)之間風(fēng)險狀況的相互影響,增加了相鄰節(jié)點對目標(biāo)節(jié)點造成的潛在損失的計算部分,提高了評估的準(zhǔn)確性。
[Abstract]:With the rapid development of computer and network technology, the problem of network security is becoming more and more prominent. The security risk assessment of network system is an important means to obtain and master the present and future security status of network information system. It is of great practical significance to reduce or eliminate the losses caused by various attacks on the network. The evaluation method based on rules or scanning tools has some limitations. Generally, it can only evaluate the network locally, or it can only check whether there are known weaknesses in the network system. In order to make a comprehensive risk assessment of the network system and find some new potential loopholes or the network risk caused by infiltration changes, we need to rely on the model-based evaluation method. At present, the existing network security risk quantitative evaluation methods based on the model generally ignore the network node correlation, and the computing efficiency is low, so it can not be applied to the large-scale network evaluation. It is impossible to distinguish the difference of asset risk in different important degree. In order to solve the above problems, this paper studies three aspects: the evaluation method based on hidden Markov model which can depict the risk state of each node in the network; This paper improves the quantitative evaluation method based on game theory, which can focus on the influence of artificial factors on network security in network attack and defense game, and synthesizes the advantages of the above methods. An optimized network security risk assessment method based on Markov game model is proposed. The specific work accomplished is as follows: 1: 1. A real-time network security risk quantitative evaluation method based on node correlation is proposed. In the process of quantitative evaluation of network security risk based on hidden Markov model, the problem of node correlation is solved by introducing network node correlation. The relative importance of host is considered to describe the difference of host's contribution to network risk. The simulation results show that the method is more consistent with the actual situation of the network and improves the accuracy of the evaluation. The network risk quantitative evaluation method based on game model is improved. The fundamental reason for the existence of network risk is closely related to people's interest drive. Considering the influence of human factors on network risk in network attack and defense game, the two-person zero-sum game model is used to describe the process of network attack and defense game. By refining the strategy of attack and defense in the model, the gains of both sides of the game can be calculated more accurately with lower complexity, in addition, the profit and cost indexes of both sides of the game are analyzed and quantified concretely. In the process of network risk calculation, the difference of the influence of different important nodes on network security status is highlighted by distinguishing different nodes. The risk assessment method based on Markov game theory is optimized. Firstly, the attack threat and vulnerability information are classified and processed separately, which reduces the state space, greatly reduces the input scale of the model, and improves the efficiency of evaluating the large-scale network. According to the quantitative value of attack and vulnerability severity, this paper gives a quantitative evaluation of network risk situation, depicts more intuitionistic and close to the source of risk, in addition, considering the mutual influence of risk condition between assets, The calculation part of the potential loss caused by the adjacent nodes to the target nodes is added, and the accuracy of the evaluation is improved.
【學(xué)位授予單位】：解放軍信息工程大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 劉剛;張宏;李千目;;基于博弈模型的網(wǎng)絡(luò)安全最優(yōu)攻防決策方法[J];南京理工大學(xué)學(xué)報;2014年01期

2 葛�；�;肖達(dá);陳天平;楊義先;;基于動態(tài)關(guān)聯(lián)分析的網(wǎng)絡(luò)安全風(fēng)險評估方法[J];電子與信息學(xué)報;2013年11期

3 楊宏宇;江華;;基于攻擊圖的多Agent網(wǎng)絡(luò)安全風(fēng)險評估模型[J];計算機科學(xué);2013年02期

4 方明;徐開勇;楊天池;孟繁蔚;禹聰;;基于攻擊圖的分布式網(wǎng)絡(luò)風(fēng)險評估方法[J];計算機科學(xué);2013年02期

5 劉剛;李千目;張宏;;信度向量正交投影分解的網(wǎng)絡(luò)安全風(fēng)險評估方法[J];電子與信息學(xué)報;2012年08期

6 張勇;譚小彬;崔孝林;奚宏生;;基于Markov博弈模型的網(wǎng)絡(luò)安全態(tài)勢感知方法[J];軟件學(xué)報;2011年03期

7 王元卓;林闖;程學(xué)旗;方濱興;;基于隨機博弈模型的網(wǎng)絡(luò)攻防量化分析方法[J];計算機學(xué)報;2010年09期

8 徐瑋晟;張保穩(wěn);李生紅;;網(wǎng)絡(luò)安全評估方法研究進(jìn)展[J];信息安全與通信保密;2009年10期

9 李偉明;雷杰;董靜;李之棠;;一種優(yōu)化的實時網(wǎng)絡(luò)安全風(fēng)險量化方法[J];計算機學(xué)報;2009年04期

10 姜偉;方濱興;田志宏;張宏莉;;基于攻防博弈模型的網(wǎng)絡(luò)安全測評和最優(yōu)主動防御[J];計算機學(xué)報;2009年04期

相關(guān)博士學(xué)位論文 前1條

1 陳鋒;基于多目標(biāo)攻擊圖的層次化網(wǎng)絡(luò)安全風(fēng)險評估方法研究[D];國防科學(xué)技術(shù)大學(xué);2009年

，

本文編號：2182099