【摘要】：隨著計(jì)算機(jī)和網(wǎng)絡(luò)技術(shù)的快速發(fā)展,網(wǎng)絡(luò)安全問題日益突出。對(duì)網(wǎng)絡(luò)系統(tǒng)進(jìn)行安全風(fēng)險(xiǎn)評(píng)估,是一種獲取并掌握網(wǎng)絡(luò)信息系統(tǒng)目前及未來安全狀態(tài)的重要手段,對(duì)降低或者消除各種攻擊給網(wǎng)絡(luò)帶來的損失具有重要的現(xiàn)實(shí)意義�；谝�(guī)則或掃描工具的評(píng)估方法具有一定的局限性,一般只能對(duì)網(wǎng)絡(luò)進(jìn)行局部的評(píng)估,或者只能檢驗(yàn)網(wǎng)絡(luò)系統(tǒng)是否存在已知的弱點(diǎn),而要對(duì)網(wǎng)絡(luò)系統(tǒng)進(jìn)行全面的風(fēng)險(xiǎn)評(píng)估并且發(fā)現(xiàn)一些新的潛在的漏洞或滲透變遷造成的網(wǎng)絡(luò)風(fēng)險(xiǎn),就需要依靠基于模型的評(píng)估方法。目前,現(xiàn)有的基于模型的網(wǎng)絡(luò)安全風(fēng)險(xiǎn)量化評(píng)估方法普遍存在忽視網(wǎng)絡(luò)節(jié)點(diǎn)關(guān)聯(lián)性,計(jì)算效率低,無法適用于大規(guī)模網(wǎng)絡(luò)的評(píng)估,無法區(qū)分不同重要程度資產(chǎn)風(fēng)險(xiǎn)的差異性等問題。針對(duì)上述不足,本文從三個(gè)方面展開研究工作:研究了可刻畫網(wǎng)絡(luò)中每個(gè)節(jié)點(diǎn)風(fēng)險(xiǎn)狀態(tài)的基于隱馬爾可夫模型的評(píng)估方法;改進(jìn)了可以重點(diǎn)突出網(wǎng)絡(luò)攻防博弈中人為因素對(duì)網(wǎng)絡(luò)安全狀況影響的基于博弈理論的量化評(píng)估方法;綜合上述方法優(yōu)勢(shì),提出了一種優(yōu)化的基于馬爾可夫博弈模型的網(wǎng)絡(luò)安全風(fēng)險(xiǎn)評(píng)估方法。完成的具體工作如下:1.提出了節(jié)點(diǎn)相關(guān)的實(shí)時(shí)網(wǎng)絡(luò)安全風(fēng)險(xiǎn)量化評(píng)估方法。在基于隱馬爾可夫模型對(duì)網(wǎng)絡(luò)安全風(fēng)險(xiǎn)的量化評(píng)估過程中,通過引入網(wǎng)絡(luò)節(jié)點(diǎn)關(guān)聯(lián)性,解決了已有網(wǎng)絡(luò)安全風(fēng)險(xiǎn)量化評(píng)估方法中普遍忽視節(jié)點(diǎn)關(guān)聯(lián)性的問題;考慮了主機(jī)的相對(duì)重要性,以此刻畫不同重要程度的主機(jī)對(duì)網(wǎng)絡(luò)風(fēng)險(xiǎn)貢獻(xiàn)的差異性。仿真實(shí)驗(yàn)表明該方法更加契合網(wǎng)絡(luò)實(shí)際情況,提高了評(píng)估的準(zhǔn)確性。2.改進(jìn)了基于博弈模型的網(wǎng)絡(luò)風(fēng)險(xiǎn)量化評(píng)估方法。網(wǎng)絡(luò)風(fēng)險(xiǎn)存在的根本原因與人的利益驅(qū)動(dòng)有很大的關(guān)系,考慮到網(wǎng)絡(luò)攻防博弈中人為因素對(duì)網(wǎng)絡(luò)風(fēng)險(xiǎn)的影響,采用兩人零和博弈模型描述網(wǎng)絡(luò)攻防博弈過程,通過細(xì)化模型中的攻防策略,以較低的復(fù)雜度更為準(zhǔn)確地計(jì)算博弈雙方的收益;此外,對(duì)博弈雙方的獲利與代價(jià)指標(biāo)進(jìn)行了具體的分析與量化,為計(jì)算網(wǎng)絡(luò)風(fēng)險(xiǎn)值提供參考依據(jù);在網(wǎng)絡(luò)風(fēng)險(xiǎn)計(jì)算過程中,通過對(duì)不同節(jié)點(diǎn)進(jìn)行區(qū)分,突出了不同重要性節(jié)點(diǎn)的風(fēng)險(xiǎn)大小對(duì)網(wǎng)絡(luò)安全狀況影響的差異性。3.優(yōu)化了基于馬爾可夫博弈理論的風(fēng)險(xiǎn)評(píng)估方法。首先,將攻擊威脅和漏洞信息分別進(jìn)行歸類處理,減小了狀態(tài)空間,使得模型輸入規(guī)模大大降低,提高了對(duì)大規(guī)模網(wǎng)絡(luò)進(jìn)行評(píng)估的效率;其次,依據(jù)攻擊與漏洞嚴(yán)重程度的量化值給出了網(wǎng)絡(luò)風(fēng)險(xiǎn)狀況的量化評(píng)估,刻畫更加直觀且貼近風(fēng)險(xiǎn)產(chǎn)生根源;另外,考慮到資產(chǎn)之間風(fēng)險(xiǎn)狀況的相互影響,增加了相鄰節(jié)點(diǎn)對(duì)目標(biāo)節(jié)點(diǎn)造成的潛在損失的計(jì)算部分,提高了評(píng)估的準(zhǔn)確性。
[Abstract]:With the rapid development of computer and network technology, the problem of network security is becoming more and more prominent. The security risk assessment of network system is an important means to obtain and master the present and future security status of network information system. It is of great practical significance to reduce or eliminate the losses caused by various attacks on the network. The evaluation method based on rules or scanning tools has some limitations. Generally, it can only evaluate the network locally, or it can only check whether there are known weaknesses in the network system. In order to make a comprehensive risk assessment of the network system and find some new potential loopholes or the network risk caused by infiltration changes, we need to rely on the model-based evaluation method. At present, the existing network security risk quantitative evaluation methods based on the model generally ignore the network node correlation, and the computing efficiency is low, so it can not be applied to the large-scale network evaluation. It is impossible to distinguish the difference of asset risk in different important degree. In order to solve the above problems, this paper studies three aspects: the evaluation method based on hidden Markov model which can depict the risk state of each node in the network; This paper improves the quantitative evaluation method based on game theory, which can focus on the influence of artificial factors on network security in network attack and defense game, and synthesizes the advantages of the above methods. An optimized network security risk assessment method based on Markov game model is proposed. The specific work accomplished is as follows: 1: 1. A real-time network security risk quantitative evaluation method based on node correlation is proposed. In the process of quantitative evaluation of network security risk based on hidden Markov model, the problem of node correlation is solved by introducing network node correlation. The relative importance of host is considered to describe the difference of host's contribution to network risk. The simulation results show that the method is more consistent with the actual situation of the network and improves the accuracy of the evaluation. The network risk quantitative evaluation method based on game model is improved. The fundamental reason for the existence of network risk is closely related to people's interest drive. Considering the influence of human factors on network risk in network attack and defense game, the two-person zero-sum game model is used to describe the process of network attack and defense game. By refining the strategy of attack and defense in the model, the gains of both sides of the game can be calculated more accurately with lower complexity, in addition, the profit and cost indexes of both sides of the game are analyzed and quantified concretely. In the process of network risk calculation, the difference of the influence of different important nodes on network security status is highlighted by distinguishing different nodes. The risk assessment method based on Markov game theory is optimized. Firstly, the attack threat and vulnerability information are classified and processed separately, which reduces the state space, greatly reduces the input scale of the model, and improves the efficiency of evaluating the large-scale network. According to the quantitative value of attack and vulnerability severity, this paper gives a quantitative evaluation of network risk situation, depicts more intuitionistic and close to the source of risk, in addition, considering the mutual influence of risk condition between assets, The calculation part of the potential loss caused by the adjacent nodes to the target nodes is added, and the accuracy of the evaluation is improved.
【學(xué)位授予單位】：解放軍信息工程大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 劉剛;張宏;李千目;;基于博弈模型的網(wǎng)絡(luò)安全最優(yōu)攻防決策方法[J];南京理工大學(xué)學(xué)報(bào);2014年01期

2 葛�；�;肖達(dá);陳天平;楊義先;;基于動(dòng)態(tài)關(guān)聯(lián)分析的網(wǎng)絡(luò)安全風(fēng)險(xiǎn)評(píng)估方法[J];電子與信息學(xué)報(bào);2013年11期

3 楊宏宇;江華;;基于攻擊圖的多Agent網(wǎng)絡(luò)安全風(fēng)險(xiǎn)評(píng)估模型[J];計(jì)算機(jī)科學(xué);2013年02期

4 方明;徐開勇;楊天池;孟繁蔚;禹聰;;基于攻擊圖的分布式網(wǎng)絡(luò)風(fēng)險(xiǎn)評(píng)估方法[J];計(jì)算機(jī)科學(xué);2013年02期

5 劉剛;李千目;張宏;;信度向量正交投影分解的網(wǎng)絡(luò)安全風(fēng)險(xiǎn)評(píng)估方法[J];電子與信息學(xué)報(bào);2012年08期

6 張勇;譚小彬;崔孝林;奚宏生;;基于Markov博弈模型的網(wǎng)絡(luò)安全態(tài)勢(shì)感知方法[J];軟件學(xué)報(bào);2011年03期

7 王元卓;林闖;程學(xué)旗;方濱興;;基于隨機(jī)博弈模型的網(wǎng)絡(luò)攻防量化分析方法[J];計(jì)算機(jī)學(xué)報(bào);2010年09期

8 徐瑋晟;張保穩(wěn);李生紅;;網(wǎng)絡(luò)安全評(píng)估方法研究進(jìn)展[J];信息安全與通信保密;2009年10期

9 李偉明;雷杰;董靜;李之棠;;一種優(yōu)化的實(shí)時(shí)網(wǎng)絡(luò)安全風(fēng)險(xiǎn)量化方法[J];計(jì)算機(jī)學(xué)報(bào);2009年04期

10 姜偉;方濱興;田志宏;張宏莉;;基于攻防博弈模型的網(wǎng)絡(luò)安全測評(píng)和最優(yōu)主動(dòng)防御[J];計(jì)算機(jī)學(xué)報(bào);2009年04期

相關(guān)博士學(xué)位論文 前1條

1 陳鋒;基于多目標(biāo)攻擊圖的層次化網(wǎng)絡(luò)安全風(fēng)險(xiǎn)評(píng)估方法研究[D];國防科學(xué)技術(shù)大學(xué);2009年

，

本文編號(hào)：2182099