基于粗糙集的網(wǎng)絡(luò)安全態(tài)勢感知方法研究
發(fā)布時間:2019-06-21 13:37
【摘要】:隨著計算機網(wǎng)絡(luò)的迅速發(fā)展,網(wǎng)絡(luò)本身存在的薄弱環(huán)節(jié)、各種網(wǎng)絡(luò)攻擊方式層出不窮以及種類繁多的自動化攻擊工具涌現(xiàn),當前各種網(wǎng)絡(luò)入侵呈現(xiàn)上升勢頭,網(wǎng)絡(luò)安全事件頻發(fā)。網(wǎng)絡(luò)安全態(tài)勢感知技術(shù)面對大規(guī)模網(wǎng)絡(luò)環(huán)境承擔著重要任務,它將網(wǎng)絡(luò)安全的監(jiān)測提高到一個較高的層次。網(wǎng)絡(luò)安全態(tài)勢感知作為信息時代的熱門方向,在加快災難反應速度,提升反抗能力,降低危害損失等地方起到關(guān)鍵作用。網(wǎng)絡(luò)安全態(tài)勢感知系統(tǒng)可以進行如下劃分,即獲取安全信息階段、理解態(tài)勢階段、評估態(tài)勢階段、可視化展示以及趨勢展望階段等。本文的目的是研究網(wǎng)絡(luò)安全態(tài)勢感知系統(tǒng),通過高速高效的網(wǎng)絡(luò)掃描系統(tǒng),利用粗糙集中的屬性約簡等有效地削減冗余屬性,對安全要素進行客觀地確定,通過對掃描得到的結(jié)果分析建立感知評估模型,進而提高網(wǎng)絡(luò)安全評估的客觀性和準確性。網(wǎng)絡(luò)安全管理員利用基于粗糙集的網(wǎng)絡(luò)安全評估模型能夠?qū)ο到y(tǒng)的威脅性予以及時發(fā)現(xiàn),并且采取相應措施,最終實現(xiàn)網(wǎng)絡(luò)系統(tǒng)的可持續(xù)性發(fā)展。本文的主要工作,首先是針對隨機化掃描任務地址塊,分布式端口掃描以及不維護連接狀態(tài)的快速掃描,響應數(shù)據(jù)包的校驗,指紋堆棧技術(shù)識別和漏洞關(guān)聯(lián)等技術(shù)的研究。該高速高效的區(qū)域性網(wǎng)絡(luò)掃描系統(tǒng)可以勝任區(qū)域性乃至全球性的網(wǎng)絡(luò)掃描任務,該系統(tǒng)采用分布式的架構(gòu),能夠根據(jù)掃描任務需求生成掃描策略,掃描任務通過下放到多終端實現(xiàn),接著獲得服務版本與漏洞,獲取安全配置,對態(tài)勢進行客觀分級評估。接著本文考慮在不完備系統(tǒng)下使用粗糙集的方法對網(wǎng)絡(luò)要素進行理解和評估,建立不完備信息系統(tǒng)下的基于粗糙集的網(wǎng)絡(luò)安全態(tài)勢感知模型,通過對屬性的約簡以及對屬性值量化分級,得到安全態(tài)勢值以實現(xiàn)評估。
[Abstract]:With the rapid development of computer network, there are weak links in the network itself, a variety of network attack methods emerge in endlessly and a wide variety of automatic attack tools emerge. At present, all kinds of network intrusion show an upward trend, and network security events occur frequently. Network security situational awareness technology plays an important role in the face of large-scale network environment, which improves the monitoring of network security to a higher level. As a hot direction in the information age, network security situational awareness plays a key role in speeding up disaster response, improving resistance ability, reducing harm loss and so on. The network security situational awareness system can be divided into the following stages: obtaining security information stage, understanding situation stage, evaluating situation stage, visual display and trend prospect stage and so on. The purpose of this paper is to study the network security situational awareness system, through the high-speed and efficient network scanning system, the use of rough set attribute reduction and other effective reduction of redundant attributes, the objective determination of security elements, through the analysis of the scanning results to establish a perception evaluation model, so as to improve the objectivity and accuracy of network security assessment. The network security administrator can detect the threat of the system in time by using the network security assessment model based on rough set, and take corresponding measures to realize the sustainable development of the network system. The main work of this paper is as follows: firstly, the research on randomization scanning task address block, distributed port scanning and fast scanning without maintaining connection state, response packet verification, fingerprint stack technology identification and vulnerability association and so on. The high-speed and efficient regional network scanning system can be competent for regional and even global network scanning tasks. the system adopts distributed architecture and can generate scanning strategy according to the requirements of scanning tasks. Scanning tasks can be realized by devolving to multiple terminals, then service versions and vulnerabilities are obtained, security configuration is obtained, and the situation is evaluated objectively. Then, this paper considers the method of rough set to understand and evaluate the network elements in incomplete system, and establishes the network security situation awareness model based on rough set in incomplete information system. Through the reduction of attributes and the quantitative classification of attribute values, the security situation value is obtained to realize the evaluation.
【學位授予單位】:蘭州大學
【學位級別】:碩士
【學位授予年份】:2015
【分類號】:TP393.08
本文編號:2504117
[Abstract]:With the rapid development of computer network, there are weak links in the network itself, a variety of network attack methods emerge in endlessly and a wide variety of automatic attack tools emerge. At present, all kinds of network intrusion show an upward trend, and network security events occur frequently. Network security situational awareness technology plays an important role in the face of large-scale network environment, which improves the monitoring of network security to a higher level. As a hot direction in the information age, network security situational awareness plays a key role in speeding up disaster response, improving resistance ability, reducing harm loss and so on. The network security situational awareness system can be divided into the following stages: obtaining security information stage, understanding situation stage, evaluating situation stage, visual display and trend prospect stage and so on. The purpose of this paper is to study the network security situational awareness system, through the high-speed and efficient network scanning system, the use of rough set attribute reduction and other effective reduction of redundant attributes, the objective determination of security elements, through the analysis of the scanning results to establish a perception evaluation model, so as to improve the objectivity and accuracy of network security assessment. The network security administrator can detect the threat of the system in time by using the network security assessment model based on rough set, and take corresponding measures to realize the sustainable development of the network system. The main work of this paper is as follows: firstly, the research on randomization scanning task address block, distributed port scanning and fast scanning without maintaining connection state, response packet verification, fingerprint stack technology identification and vulnerability association and so on. The high-speed and efficient regional network scanning system can be competent for regional and even global network scanning tasks. the system adopts distributed architecture and can generate scanning strategy according to the requirements of scanning tasks. Scanning tasks can be realized by devolving to multiple terminals, then service versions and vulnerabilities are obtained, security configuration is obtained, and the situation is evaluated objectively. Then, this paper considers the method of rough set to understand and evaluate the network elements in incomplete system, and establishes the network security situation awareness model based on rough set in incomplete information system. Through the reduction of attributes and the quantitative classification of attribute values, the security situation value is obtained to realize the evaluation.
【學位授予單位】:蘭州大學
【學位級別】:碩士
【學位授予年份】:2015
【分類號】:TP393.08
【參考文獻】
相關(guān)期刊論文 前7條
1 徐從富,耿衛(wèi)東,潘云鶴;面向數(shù)據(jù)融合的DS方法綜述[J];電子學報;2001年03期
2 葛琳;季新生;江濤;;電信網(wǎng)信息內(nèi)容安全事件態(tài)勢感知模型研究[J];電信科學;2014年02期
3 王春雷;方蘭;王東霞;戴一奇;;基于知識發(fā)現(xiàn)的網(wǎng)絡(luò)安全態(tài)勢感知系統(tǒng)[J];計算機科學;2012年07期
4 李偉明;雷杰;董靜;李之棠;;一種優(yōu)化的實時網(wǎng)絡(luò)安全風險量化方法[J];計算機學報;2009年04期
5 席榮榮;云曉春;金舒原;張永錚;;網(wǎng)絡(luò)安全態(tài)勢感知研究綜述[J];計算機應用;2012年01期
6 李碩;戴欣;周渝霞;;網(wǎng)絡(luò)安全態(tài)勢感知研究進展[J];計算機應用研究;2010年09期
7 方研;殷肖川;孫益博;;基于隱馬爾可夫模型的網(wǎng)絡(luò)安全態(tài)勢評估[J];計算機應用與軟件;2013年12期
,本文編號:2504117
本文鏈接:http://sikaile.net/guanlilunwen/ydhl/2504117.html
最近更新
教材專著
