【摘要】：該文針對(duì)入侵檢測系統(tǒng)(IDS)實(shí)時(shí)報(bào)警具有關(guān)聯(lián)性的特點(diǎn),對(duì)一定時(shí)間間隔內(nèi)的報(bào)警事件進(jìn)行動(dòng)態(tài)關(guān)聯(lián)分析,在此基礎(chǔ)上提出一種實(shí)時(shí)的風(fēng)險(xiǎn)評(píng)估方法。首先,考慮到安防措施強(qiáng)度與節(jié)點(diǎn)漏洞對(duì)攻擊執(zhí)行結(jié)果的影響,提出了攻擊成功率算法;其次,提出攻擊威脅度算法,較好地區(qū)分了多步關(guān)聯(lián)性攻擊行為連續(xù)發(fā)生與多個(gè)孤立攻擊行為單獨(dú)發(fā)生之間的威脅度差異;最后利用各節(jié)點(diǎn)風(fēng)險(xiǎn)態(tài)勢(shì)值加權(quán)計(jì)算系統(tǒng)整體的風(fēng)險(xiǎn)態(tài)勢(shì)值,從而獲得系統(tǒng)實(shí)時(shí)的風(fēng)險(xiǎn)態(tài)勢(shì)曲線圖。為了驗(yàn)證所提方法的有效性,搭建了攻擊測試平臺(tái),實(shí)驗(yàn)結(jié)果表明該方法是科學(xué)的、有效的,能夠提高評(píng)估結(jié)果準(zhǔn)確度,為安全管理員及時(shí)改進(jìn)安防策略提供了重要依據(jù)。
[Abstract]:In this paper, according to the characteristics of (IDS) real-time alarm in intrusion detection system, the dynamic correlation analysis of alarm events in a certain time interval is carried out, and a real-time risk assessment method is proposed. First of all, considering the influence of the strength of security measures and node vulnerabilities on the execution results of the attack, an attack success rate algorithm is proposed. Secondly, an attack threat degree algorithm is proposed to distinguish the threat degree between the continuous occurrence of multi-step relational attacks and the individual occurrence of multiple isolated attacks. Finally, the risk potential value of the whole system is weighted by using the risk potential value of each node, and the real-time risk situation curve of the system is obtained. In order to verify the effectiveness of the proposed method, an attack test platform is built. The experimental results show that the method is scientific and effective, can improve the accuracy of the evaluation results, and provides an important basis for security managers to improve the security strategy in time.
【作者單位】： 北京郵電大學(xué)信息安全中心;空軍工程大學(xué)信息與導(dǎo)航學(xué)院;
【基金】：國家自然科學(xué)基金(61003285,61202082) 北京郵電大學(xué)青年科研創(chuàng)新計(jì)劃專項(xiàng)人才培育項(xiàng)目(2012RC0218)資助課題
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前5條

1 劉剛;李千目;張宏;;信度向量正交投影分解的網(wǎng)絡(luò)安全風(fēng)險(xiǎn)評(píng)估方法[J];電子與信息學(xué)報(bào);2012年08期

2 陳鋒;劉德輝;張怡;蘇金樹;;基于威脅傳播模型的層次化網(wǎng)絡(luò)安全評(píng)估方法[J];計(jì)算機(jī)研究與發(fā)展;2011年06期

3 李斌;謝豐;陳鐘;;一種面向業(yè)務(wù)的風(fēng)險(xiǎn)評(píng)估模型[J];計(jì)算機(jī)研究與發(fā)展;2011年09期

4 劉志杰;王崇駿;;一個(gè)基于復(fù)合攻擊路徑圖的報(bào)警關(guān)聯(lián)算法[J];南京大學(xué)學(xué)報(bào)(自然科學(xué)版);2010年01期

5 陳秀真;鄭慶華;管曉宏;林晨光;;層次化網(wǎng)絡(luò)安全威脅態(tài)勢(shì)量化評(píng)估方法[J];軟件學(xué)報(bào);2006年04期

【共引文獻(xiàn)】

相關(guān)期刊論文 前10條

1 諸葛濤;;校園網(wǎng)網(wǎng)絡(luò)事件源定位技術(shù)研究[J];信息安全與技術(shù);2011年Z1期

2 李寶s，

本文編號(hào)：2496411