【摘要】：在信息時(shí)代,信息生活深入人心,信息安全問(wèn)題也層出不窮,發(fā)現(xiàn)并及時(shí)解決信息生活存在的安全問(wèn)題是一個(gè)經(jīng)常且永久的話(huà)題。網(wǎng)絡(luò)安全態(tài)勢(shì)感知是發(fā)現(xiàn)網(wǎng)絡(luò)生活安全問(wèn)題的方法之一,而網(wǎng)絡(luò)安全態(tài)勢(shì)評(píng)估作為態(tài)勢(shì)感知的重點(diǎn),網(wǎng)絡(luò)安全問(wèn)題的變化無(wú)常也要求評(píng)估方法應(yīng)與時(shí)俱進(jìn),動(dòng)態(tài)地發(fā)現(xiàn)網(wǎng)絡(luò)安全事件并進(jìn)行安全態(tài)勢(shì)評(píng)估。生物免疫系統(tǒng)具有自適應(yīng)性、自學(xué)習(xí)性、實(shí)時(shí)性等特點(diǎn),生物體內(nèi)的抗體能夠識(shí)別并區(qū)分外來(lái)物質(zhì)是否對(duì)生物體有害。當(dāng)識(shí)別到有害抗原時(shí),抗體的免疫濃度立即上升。免疫濃度的高低反映了生物體遭受入侵的程度,并且抗體在不斷演化的過(guò)程中能夠?qū)σ阎臀粗《具M(jìn)行識(shí)別。因此,本文將生物免疫原理應(yīng)用于網(wǎng)絡(luò)安全態(tài)勢(shì)評(píng)估中,深入研究免疫濃度的網(wǎng)絡(luò)安全態(tài)勢(shì)評(píng)估方法,免疫濃度直接反映了網(wǎng)絡(luò)的安全性態(tài)勢(shì)。將正常網(wǎng)絡(luò)行為抽象為自體、非法網(wǎng)絡(luò)行為特征抽象為抗體,通過(guò)構(gòu)建抗體演化模型,使得評(píng)估方法能夠?qū)崟r(shí)、動(dòng)態(tài)地評(píng)估已知和未知非法網(wǎng)絡(luò)行為對(duì)網(wǎng)絡(luò)造成的影響。論文所做的工作主要為:首先,介紹了國(guó)內(nèi)外將免疫學(xué)應(yīng)用于安全領(lǐng)域以及網(wǎng)絡(luò)安全態(tài)勢(shì)評(píng)估的相關(guān)研究,對(duì)比分析了當(dāng)前的態(tài)勢(shì)評(píng)估方法,認(rèn)為免疫學(xué)原理應(yīng)用于態(tài)勢(shì)評(píng)估中是可行的,并且能夠?qū)崟r(shí)、動(dòng)態(tài)地反映網(wǎng)絡(luò)的安全態(tài)勢(shì)。其次,在構(gòu)建安全態(tài)勢(shì)的二級(jí)指標(biāo)體系基礎(chǔ)上,結(jié)合生物免疫學(xué)原理,提出了基于免疫濃度的三層網(wǎng)絡(luò)安全態(tài)勢(shì)評(píng)估模型。針對(duì)模型,給出了網(wǎng)絡(luò)安全態(tài)勢(shì)定量計(jì)算方法,并詳細(xì)分析研究了抗體演化模型以及免疫濃度定量計(jì)算方法,給出了免疫濃度的級(jí)別劃分。最后,按照免疫濃度的網(wǎng)絡(luò)安全態(tài)勢(shì)模型給出了一種評(píng)估方案的詳細(xì)設(shè)計(jì),搭建了實(shí)驗(yàn)測(cè)試網(wǎng)絡(luò)環(huán)境以及評(píng)估系統(tǒng),實(shí)現(xiàn)了從數(shù)據(jù)采集、評(píng)估計(jì)算到態(tài)勢(shì)呈現(xiàn)的過(guò)程。實(shí)驗(yàn)測(cè)試結(jié)果表明,基于免疫濃度的網(wǎng)絡(luò)安全態(tài)勢(shì)評(píng)估方法能夠?qū)σ阎臀粗欠ňW(wǎng)絡(luò)行為進(jìn)行實(shí)時(shí)、動(dòng)態(tài)的評(píng)估。
[Abstract]:In the information age, information life is deeply rooted in people's hearts, and information security problems emerge one after another. It is a constant and permanent topic to discover and solve the security problems of information life in time. Network security situational awareness is one of the methods to discover network life security problems, and network security situation assessment as the focus of situation awareness, the volatile network security issues also require the assessment method to keep pace with the times. Dynamically discover network security incidents and conduct security situation assessment. Biological immune system has the characteristics of self-adaptability, self-learning, real-time and so on. Antibodies in organism can recognize and distinguish whether foreign substances are harmful to organisms or not. When a harmful antigen is recognized, the immune concentration of the antibody increases immediately. The level of immune concentration reflects the degree of invasion of organisms and the ability of antibodies to recognize known and unknown viruses in the evolving process. Therefore, this paper applies the biological immune principle to the network security situation assessment, and deeply studies the network security situation assessment method of immune concentration. The immune concentration directly reflects the network security situation. The normal network behavior is abstracted as self-body, and the illegal network behavior characteristic is abstracted as antibody. By constructing an antibody evolution model, the evaluation method can dynamically evaluate the impact of known and unknown illegal network behavior on the network in real-time and dynamically. The main work of this paper is as follows: firstly, this paper introduces the related research on the application of immunology in the field of security and network security situation assessment at home and abroad, and compares and analyzes the current situation assessment methods. It is considered that the application of immunological principle in situation assessment is feasible, and it can reflect the security situation of network in real time and dynamically. Secondly, a three-layer network security situation assessment model based on immune concentration is proposed based on the construction of a two-level index system of security situation and the principle of bio-immunology. According to the model, the quantitative calculation method of network security situation is given. The evolution model of antibody and the quantitative calculation method of immune concentration are analyzed and studied in detail, and the classification of immune concentration is given. Finally, according to the network security situation model of immune concentration, this paper gives a detailed design of the evaluation scheme, builds the network environment and the evaluation system of the experimental test, and realizes the process from the data collection, evaluation calculation to the presentation of the situation. The experimental results show that the network security situation assessment method based on immune concentration can evaluate the known and unknown illegal network behavior in real-time and dynamically.
【學(xué)位授予單位】：西安郵電大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類(lèi)號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 馬龍;孫江輝;杜程;;基于流量分析的網(wǎng)絡(luò)態(tài)勢(shì)感知系統(tǒng)研究[J];信息技術(shù);2016年08期

2 湯永利;李偉杰;于金霞;閆璽璽;;基于改進(jìn)D-S證據(jù)理論的網(wǎng)絡(luò)安全態(tài)勢(shì)評(píng)估方法[J];南京理工大學(xué)學(xué)報(bào);2015年04期

3 程瑤;;基于AHP判斷矩陣特征值計(jì)算的內(nèi)部控制評(píng)價(jià)體系[J];河南師范大學(xué)學(xué)報(bào)(自然科學(xué)版);2015年01期

4 胡東星;;基于人工智能的信息網(wǎng)絡(luò)安全態(tài)勢(shì)感知技術(shù)[J];信息通信;2012年06期

5 姚書(shū)科;;網(wǎng)絡(luò)安全態(tài)勢(shì)要素指標(biāo)體系研究[J];電子設(shè)計(jì)工程;2012年12期

6 張鵬濤;王維;譚營(yíng);;基于帶有懲罰因子的陰性選擇算法的惡意程序檢測(cè)模型[J];中國(guó)科學(xué):信息科學(xué);2011年07期

7 蘇志軍;康麗娟;金誠(chéng)志;;Linux環(huán)境下syslog日志系統(tǒng)研究[J];福建電腦;2010年04期

8 劉念;劉孫俊;劉勇;趙輝;;一種基于免疫的網(wǎng)絡(luò)安全態(tài)勢(shì)感知方法[J];計(jì)算機(jī)科學(xué);2010年01期

9 李濤;;基于免疫的計(jì)算機(jī)病毒動(dòng)態(tài)檢測(cè)模型[J];中國(guó)科學(xué)（F輯:信息科學(xué)）;2009年04期

10 韋勇;連一峰;;基于日志審計(jì)與性能修正算法的網(wǎng)絡(luò)安全態(tài)勢(shì)評(píng)估模型[J];計(jì)算機(jī)學(xué)報(bào);2009年04期

，

本文編號(hào)：2436612