基于移動互聯網的安全風險評估系統(tǒng)設計及實現
發(fā)布時間:2018-07-26 12:54
【摘要】:隨著移動通信和互聯網技術發(fā)展,移動互聯網已經廣泛存在于人們的日常生活,未來將更多地融合到個人和企業(yè)的生活生產中,因此對移動互聯網進行安全風險評估成為必要。然而,互聯網在迅速發(fā)展的同時也帶來了越來越多的安全問題,移動終端問題日益凸顯,移動網絡安全在繼承了傳統(tǒng)網絡的安全問題之上又產生了新的安全問題,移動業(yè)務平臺自身的脆弱性也帶來了越來越多的安全問題。這些安全問題的爆發(fā)可能會給移動互聯網用戶帶來巨大的損失。因此,識別和規(guī)避移動互聯網風險,成為了當下安全風險評估領域嚴峻的課題。 目前,對于移動互聯網安全風險評估業(yè)界還缺乏針對性的合理的風險評估標準和針對性的量化評估方法,還不能夠全面且準確地對移動互聯網進行安全風險評估。因此,本文對移動互聯網進行了深入的分析‘,并將移動互聯網劃分為終端、管道和業(yè)務三個模塊,同時提出了基于風險域劃分的移動互聯網風險評估模型,采用符合性分析、基于層次分析法的資產賦值評估方法,量化了各風險點和風險域,得到整體風險分布;谠撛u估模型和評估方法,本文開發(fā)了移動互聯網風險評估系統(tǒng),涵蓋了移動互聯網風險評估的整個流程,并以某移動網絡單元的評估實踐為例,對模型和系統(tǒng)進行了可行性驗證。本文主要工作如下: 一、對移動互聯網架構進行調研分析,將移動互聯網劃分為終端、管道和業(yè)務三個模塊,并研究三個模塊目前面臨的主要安全威脅。同時調研了目前移動互聯網風險評估現狀,提出從終端域、管道域和業(yè)務域對移動互聯網進行風險評估的基本思想,確定了風險域劃分和結合層次分析法的風險量化的評估方法。 二、基于以上對移動互聯網的劃分,構建移動互聯網評估模型。通過相關標準梳理移動互聯網終端域的風險點,并通過符合性檢查量化和權重賦值的方法對終端域的風險值進行量化。對管道域和業(yè)務域采用風險量化方法分別對資產、威脅和脆弱性進行識別,通過層次分析法得到其安全風險值。最終依據上述結果加權后得到整個移動互聯網整體域的風險值。 三、結合以上評估模型和評估方法,本文設計并搭建了移動互聯網風險評估系統(tǒng)。系統(tǒng)主要包含風險評估業(yè)務模塊、知識庫模塊和系統(tǒng)管理模塊,可對移動互聯網風險評估提供全程支撐。系統(tǒng)持錄入符合性量化風險點、及基于資產的風險計算和整體風險評價等功能。 四、通過某運營商的移動流媒體平臺作為對象,開展移動互聯網風險評估工作。用實踐結果證明評估模型和評估系統(tǒng)的可行性。
[Abstract]:With the development of mobile communication and Internet technology, mobile Internet has been widely used in people's daily life, and will be more integrated into the daily life of individuals and enterprises in the future. Therefore, it is necessary to evaluate the security risk of mobile Internet. However, the rapid development of the Internet also brings more and more security problems. The problem of mobile terminal becomes increasingly prominent. The security of mobile network not only inherits the security problems of traditional networks, but also brings about new security problems. The vulnerability of mobile service platform also brings more and more security problems. These security problems may bring huge losses to mobile Internet users. Therefore, the identification and avoidance of mobile Internet risks has become a serious issue in the field of security risk assessment. At present, the industry of mobile Internet security risk assessment is still lack of targeted and reasonable risk assessment standards and targeted quantitative assessment methods, and can not comprehensively and accurately carry out security risk assessment of mobile Internet. Therefore, this paper has carried on the thorough analysis to the mobile Internet, and divides the mobile Internet into the terminal, the pipeline and the service three modules, at the same time has proposed the mobile Internet risk assessment model based on the risk domain partition, adopts the conformity analysis. The evaluation method of asset assignment based on Analytic hierarchy process (AHP) quantifies each risk point and risk region and obtains the overall risk distribution. Based on the evaluation model and evaluation method, a mobile Internet risk assessment system is developed in this paper, which covers the whole process of mobile Internet risk assessment, and takes the evaluation practice of a mobile network unit as an example. The feasibility of the model and system is verified. The main work of this paper is as follows: first, the mobile Internet architecture is investigated and analyzed. The mobile Internet is divided into three modules: terminal, pipeline and business, and the main security threats faced by the three modules are studied. At the same time, the present situation of mobile Internet risk assessment is investigated, and the basic idea of mobile Internet risk assessment from terminal domain, pipeline domain and business domain is put forward. The risk domain division and the risk quantification evaluation method combined with AHP are determined. Second, based on the above division of mobile Internet, a mobile Internet evaluation model is constructed. The risk points of mobile Internet terminal domain are combed by relevant standards, and the risk value of terminal domain is quantified by means of conformity checking quantization and weight assignment. The risk quantification method is used to identify the assets, threats and vulnerabilities in pipeline domain and business domain respectively, and the security risk value is obtained by analytic hierarchy process (AHP). Finally, the risk value of the whole mobile Internet domain is obtained according to the above results. Thirdly, this paper designs and builds a mobile internet risk assessment system based on the above evaluation models and methods. The system mainly includes risk assessment business module, knowledge base module and system management module, which can provide full support for mobile Internet risk assessment. The system holds the functions of quantifying risk points of conformity, asset-based risk calculation and overall risk evaluation. Fourthly, through the mobile streaming media platform of a certain operator as the object, carry out the mobile Internet risk assessment work. The feasibility of the evaluation model and the evaluation system is proved by practical results.
【學位授予單位】:北京郵電大學
【學位級別】:碩士
【學位授予年份】:2014
【分類號】:TP393.01;TN929.5
本文編號:2146079
[Abstract]:With the development of mobile communication and Internet technology, mobile Internet has been widely used in people's daily life, and will be more integrated into the daily life of individuals and enterprises in the future. Therefore, it is necessary to evaluate the security risk of mobile Internet. However, the rapid development of the Internet also brings more and more security problems. The problem of mobile terminal becomes increasingly prominent. The security of mobile network not only inherits the security problems of traditional networks, but also brings about new security problems. The vulnerability of mobile service platform also brings more and more security problems. These security problems may bring huge losses to mobile Internet users. Therefore, the identification and avoidance of mobile Internet risks has become a serious issue in the field of security risk assessment. At present, the industry of mobile Internet security risk assessment is still lack of targeted and reasonable risk assessment standards and targeted quantitative assessment methods, and can not comprehensively and accurately carry out security risk assessment of mobile Internet. Therefore, this paper has carried on the thorough analysis to the mobile Internet, and divides the mobile Internet into the terminal, the pipeline and the service three modules, at the same time has proposed the mobile Internet risk assessment model based on the risk domain partition, adopts the conformity analysis. The evaluation method of asset assignment based on Analytic hierarchy process (AHP) quantifies each risk point and risk region and obtains the overall risk distribution. Based on the evaluation model and evaluation method, a mobile Internet risk assessment system is developed in this paper, which covers the whole process of mobile Internet risk assessment, and takes the evaluation practice of a mobile network unit as an example. The feasibility of the model and system is verified. The main work of this paper is as follows: first, the mobile Internet architecture is investigated and analyzed. The mobile Internet is divided into three modules: terminal, pipeline and business, and the main security threats faced by the three modules are studied. At the same time, the present situation of mobile Internet risk assessment is investigated, and the basic idea of mobile Internet risk assessment from terminal domain, pipeline domain and business domain is put forward. The risk domain division and the risk quantification evaluation method combined with AHP are determined. Second, based on the above division of mobile Internet, a mobile Internet evaluation model is constructed. The risk points of mobile Internet terminal domain are combed by relevant standards, and the risk value of terminal domain is quantified by means of conformity checking quantization and weight assignment. The risk quantification method is used to identify the assets, threats and vulnerabilities in pipeline domain and business domain respectively, and the security risk value is obtained by analytic hierarchy process (AHP). Finally, the risk value of the whole mobile Internet domain is obtained according to the above results. Thirdly, this paper designs and builds a mobile internet risk assessment system based on the above evaluation models and methods. The system mainly includes risk assessment business module, knowledge base module and system management module, which can provide full support for mobile Internet risk assessment. The system holds the functions of quantifying risk points of conformity, asset-based risk calculation and overall risk evaluation. Fourthly, through the mobile streaming media platform of a certain operator as the object, carry out the mobile Internet risk assessment work. The feasibility of the evaluation model and the evaluation system is proved by practical results.
【學位授予單位】:北京郵電大學
【學位級別】:碩士
【學位授予年份】:2014
【分類號】:TP393.01;TN929.5
【參考文獻】
相關期刊論文 前10條
1 張仕成;;基于Google Android平臺的應用程序開發(fā)與研究[J];電腦知識與技術;2009年28期
2 廖建新;移動智能網技術的研發(fā)現狀及未來發(fā)展[J];電子學報;2003年11期
3 班曉芳;佟鑫;;移動互聯網安全威脅分析[J];電信技術;2012年07期
4 唐杰;逯全芳;文紅;;基于AHP移動終端系統(tǒng)的安全風險評估[J];信息安全與技術;2013年03期
5 岳榮;李洪;;探討移動互聯網安全風險及端到端的業(yè)務安全評估[J];電信科學;2013年08期
6 黃志偉;付航;;解析移動通信安全機制,構建下一代可信網絡[J];電信工程技術與標準化;2009年07期
7 宋小倩;周東升;;基于Android平臺的應用開發(fā)研究[J];軟件導刊;2011年02期
8 王禎學,戴宗坤,肖龍,王標;信息系統(tǒng)風險評估的數學方法[J];四川大學學報(自然科學版);2004年05期
9 王濱;劉剛;;動態(tài)口令認證方案的研究與改進[J];計算機工程與設計;2007年12期
10 紀元;蔣玉明;胡大裟;陳蓉;;基于免疫的網絡安全風險評估模型[J];計算機工程與設計;2011年02期
,本文編號:2146079
本文鏈接:http://www.sikaile.net/guanlilunwen/ydhl/2146079.html
最近更新
教材專著
