網(wǎng)絡(luò)安全評(píng)估理論及其關(guān)鍵技術(shù)研究
發(fā)布時(shí)間:2018-07-26 13:38
【摘要】:在互聯(lián)網(wǎng)迅速發(fā)展的同時(shí),各種新型的網(wǎng)絡(luò)攻擊手段也在不斷涌現(xiàn),導(dǎo)致網(wǎng)絡(luò)信息安全問(wèn)題變得十分突出。因此,面對(duì)各種網(wǎng)絡(luò)威脅,必須采取有效措施來(lái)保證網(wǎng)絡(luò)系統(tǒng)的正常運(yùn)行。但是,傳統(tǒng)的被動(dòng)型安全防御技術(shù)已無(wú)法滿足人們的需要,于是國(guó)內(nèi)外學(xué)者紛紛致力于研究主動(dòng)的網(wǎng)絡(luò)安全分析與評(píng)估方法,其目的是主動(dòng)分析網(wǎng)絡(luò)中存在的安全隱患,并根據(jù)分析結(jié)果采取適當(dāng)措施來(lái)降低網(wǎng)絡(luò)的安全風(fēng)險(xiǎn),而如何準(zhǔn)確高效地對(duì)網(wǎng)絡(luò)安全性進(jìn)行評(píng)估就顯得尤為重要,已成為當(dāng)前網(wǎng)絡(luò)安全領(lǐng)域的一個(gè)研究熱點(diǎn)。本文以計(jì)算機(jī)網(wǎng)絡(luò)安全性為核心,采用Petri網(wǎng)、博弈論、隨機(jī)過(guò)程、模糊數(shù)學(xué)等理論,對(duì)網(wǎng)絡(luò)安全評(píng)估中涉及的評(píng)估模型構(gòu)建以及安全評(píng)估方法等關(guān)鍵技術(shù)進(jìn)行了深入的研究。本文的主要工作包括以下四個(gè)方面:首先,研究了網(wǎng)絡(luò)攻擊行為的建模技術(shù)。針對(duì)現(xiàn)有模型大多欠缺對(duì)并發(fā)性和協(xié)作性攻擊過(guò)程描述能力的問(wèn)題,提出一種基于廣義隨機(jī)著色Petri網(wǎng)(Generalized Stochastic Colored Petri Net,GSCPN)的網(wǎng)絡(luò)安全評(píng)估模型(GSCPN based Network Security Assessment Model,GSCPN-NSAM)。該模型適于描述并發(fā)性和協(xié)作性攻擊,可利用著色Petri網(wǎng)的顏色集來(lái)表示攻擊相關(guān)屬性,同時(shí)可以基于隨機(jī)Petri網(wǎng)對(duì)系統(tǒng)的性能進(jìn)行評(píng)估。給出了評(píng)估模型的相關(guān)性質(zhì)、建立算法以及模型的正確性驗(yàn)證方法,并且對(duì)模型的復(fù)雜度進(jìn)行了度量?紤]到實(shí)際環(huán)境中網(wǎng)絡(luò)規(guī)模過(guò)大容易導(dǎo)致模型節(jié)點(diǎn)數(shù)過(guò)多的問(wèn)題,在模型的構(gòu)建過(guò)程中引入了層次化思想,通過(guò)性能等價(jià)化簡(jiǎn)來(lái)降低模型的復(fù)雜度。其次,研究了網(wǎng)絡(luò)脆弱性的分析方法。針對(duì)傳統(tǒng)網(wǎng)絡(luò)脆弱性分析方法的不足,重點(diǎn)研究了基于GSCPN-NSAM模型的網(wǎng)絡(luò)脆弱性分析方法。首先,提出一種基于GSCPN-NSAM模型的最佳攻擊路徑分析方法,該方法通過(guò)計(jì)算每條攻擊路徑的時(shí)間代價(jià)來(lái)預(yù)測(cè)最佳攻擊路徑,能夠避免現(xiàn)有方法中計(jì)算攻擊成功概率容易出現(xiàn)的問(wèn)題,其分析結(jié)果可以指導(dǎo)網(wǎng)絡(luò)管理人員在安全風(fēng)險(xiǎn)最大的路徑上加強(qiáng)防御;其次,提出一種基于GSCPN-NSAM模型的網(wǎng)絡(luò)安全加固措施制定方法,該方法引入主機(jī)節(jié)點(diǎn)利用率指數(shù)和主機(jī)節(jié)點(diǎn)關(guān)鍵度等概念,通過(guò)計(jì)算主機(jī)節(jié)點(diǎn)的關(guān)鍵度對(duì)網(wǎng)絡(luò)中需要修補(bǔ)的脆弱節(jié)點(diǎn)進(jìn)行排序,在此基礎(chǔ)上根據(jù)最大節(jié)點(diǎn)關(guān)鍵度優(yōu)先的原則逐步對(duì)目標(biāo)網(wǎng)絡(luò)進(jìn)行安全加固,從而提高了網(wǎng)絡(luò)整體的安全性。再次,研究了網(wǎng)絡(luò)安全風(fēng)險(xiǎn)的評(píng)估方法。指出現(xiàn)有風(fēng)險(xiǎn)評(píng)估方法中存在模糊因素不便統(tǒng)計(jì),以及不適用于對(duì)經(jīng)驗(yàn)知識(shí)進(jìn)行建模與推理的問(wèn)題。為解決這一問(wèn)題,本文提出一種基于模糊Petri網(wǎng)的網(wǎng)絡(luò)安全風(fēng)險(xiǎn)評(píng)估方法。建立了網(wǎng)絡(luò)安全風(fēng)險(xiǎn)評(píng)估指標(biāo)體系,并根據(jù)該指標(biāo)體系構(gòu)建模糊Petri網(wǎng)模型。給出了一種基于模糊Petri網(wǎng)的系統(tǒng)風(fēng)險(xiǎn)模糊推理算法,該算法運(yùn)用矩陣運(yùn)算進(jìn)行推理,充分地利用了模糊Petri網(wǎng)的并行處理能力,同時(shí)結(jié)合層次分析法,定性與定量分析相結(jié)合地評(píng)估網(wǎng)絡(luò)系統(tǒng)的安全風(fēng)險(xiǎn)。與傳統(tǒng)的風(fēng)險(xiǎn)綜合評(píng)估方法相比,本文提出的方法在評(píng)估過(guò)程中還加入了對(duì)風(fēng)險(xiǎn)因素事件可信度的分析,從而使評(píng)估結(jié)果更加準(zhǔn)確和客觀。最后,從攻防博弈的角度研究了網(wǎng)絡(luò)安全最優(yōu)防御策略的選取問(wèn)題。針對(duì)網(wǎng)絡(luò)攻防雙方在攻防博弈分析中無(wú)法對(duì)雙方的損益情況做出準(zhǔn)確判斷的問(wèn)題,將三角模糊數(shù)的概念引入到博弈模型,提出一種基于三角模糊矩陣博弈的最優(yōu)防御策略選取方法。給出了基于三角模糊矩陣的博弈算法,該算法通過(guò)求解三角模糊矩陣博弈的納什均衡,可以幫助防御者預(yù)測(cè)可能的攻擊行為,以及選取最優(yōu)的防御策略。此外,利用重復(fù)博弈理論對(duì)攻防雙方存在的長(zhǎng)期對(duì)抗關(guān)系進(jìn)行了分析。實(shí)例分析表明,引入三角模糊概念更加符合實(shí)際情況,提高了分析結(jié)果的準(zhǔn)確性和有效性。
[Abstract]:With the rapid development of the Internet, a variety of new network attack means are constantly emerging, causing the problem of network information security to become very prominent. Therefore, in the face of various network threats, effective measures must be taken to ensure the normal operation of the network system. However, the traditional passive security defense technology has been unable to meet the needs of people. As a result, scholars at home and abroad have devoted themselves to the study of active network security analysis and evaluation methods. The purpose is to analyze the security risks existing in the network actively, and to take appropriate measures to reduce the security risk of the network according to the results of the analysis, and how to evaluate the security of the network accurately and efficiently is particularly important. At the core of the network security, this paper takes the computer network security as the core, uses Petri net, game theory, random process, fuzzy mathematics and so on, and studies the key technologies such as the evaluation model construction and the security evaluation method involved in the network security assessment. The main work of this paper includes the following The four aspects: first, the modeling technology of network attack behavior is studied. Aiming at the problem that most of the existing models are lacking in the description ability of concurrency and cooperative attack process, a network security assessment model based on Generalized Stochastic Colored Petri Net (GSCPN) is proposed (GSCPN based Network Security). Assessment Model, GSCPN-NSAM). The model is suitable for describing concurrency and cooperative attacks. The color set of the colored Petri net can be used to represent the related attributes of the attack. At the same time, the performance of the system can be evaluated based on the random Petri net. The related properties of the evaluation model, the building algorithm and the correctness verification method of the model are given, and The complexity of the model is measured. Considering the problem that the network size is too large and the number of model nodes is too large in the actual environment, the hierarchical idea is introduced in the process of building the model, and the complexity of the model is reduced by the simplification of the performance equivalence. Secondly, the analysis method of network vulnerability is studied. The deficiency of the method of sex analysis is focused on the method of network vulnerability analysis based on GSCPN-NSAM model. First, an optimal attack path analysis method based on GSCPN-NSAM model is proposed. This method can predict the best attack path by calculating the time cost of each attack path, and can avoid the success of the calculation attack in the existing method. The analysis results can guide the network managers to strengthen the defense in the path of maximum security risk. Secondly, a method based on the GSCPN-NSAM model is proposed for the establishment of network security reinforcement measures. The method introduces the concept of the host node utilization index and the key degree of the main machine node, and calculates the host nodes. The key degree is to sort the vulnerable nodes which need to be repaired in the network. On this basis, the security of the target network is strengthened gradually according to the principle of maximum node key degree priority, thus improving the security of the network as a whole. Again, the evaluation method of the network security risk is studied. In order to solve this problem, this paper presents a network security risk assessment method based on fuzzy Petri net, establishes a network security risk assessment index system, and constructs a fuzzy Petri net model based on the index system. A fuzzy P based on fuzzy P is given. The fuzzy inference algorithm of system risk in ETRI network, which uses matrix operation to reasoning, makes full use of the parallel processing ability of fuzzy Petri net, and combines the analytic hierarchy process and qualitative and quantitative analysis to evaluate the security risk of the network system. Compared with the traditional comprehensive assessment method of wind risk, the method proposed in this paper is in the end. In the course of the evaluation, the reliability of the risk factors is also analyzed, so that the evaluation results are more accurate and objective. Finally, the selection of the optimal defense strategy for network security is studied from the angle of attack and defense game. The concept of triangular fuzzy number is introduced into the game model, and an optimal defense strategy selection method based on triangular fuzzy matrix game is proposed. A game algorithm based on triangular fuzzy matrix is given. By solving the Nash equilibrium of triangular fuzzy matrix game, the algorithm can help the defender to predict the possible attack behavior, and the selection of the algorithm. In addition, the repeated game theory is used to analyze the long-term confrontation relationship between the two parties in the attack and defense. The example analysis shows that the introduction of the concept of triangular fuzzy is more consistent with the actual situation, and improves the accuracy and effectiveness of the analysis results.
【學(xué)位授予單位】:解放軍信息工程大學(xué)
【學(xué)位級(jí)別】:博士
【學(xué)位授予年份】:2014
【分類號(hào)】:TP393.08
本文編號(hào):2146185
[Abstract]:With the rapid development of the Internet, a variety of new network attack means are constantly emerging, causing the problem of network information security to become very prominent. Therefore, in the face of various network threats, effective measures must be taken to ensure the normal operation of the network system. However, the traditional passive security defense technology has been unable to meet the needs of people. As a result, scholars at home and abroad have devoted themselves to the study of active network security analysis and evaluation methods. The purpose is to analyze the security risks existing in the network actively, and to take appropriate measures to reduce the security risk of the network according to the results of the analysis, and how to evaluate the security of the network accurately and efficiently is particularly important. At the core of the network security, this paper takes the computer network security as the core, uses Petri net, game theory, random process, fuzzy mathematics and so on, and studies the key technologies such as the evaluation model construction and the security evaluation method involved in the network security assessment. The main work of this paper includes the following The four aspects: first, the modeling technology of network attack behavior is studied. Aiming at the problem that most of the existing models are lacking in the description ability of concurrency and cooperative attack process, a network security assessment model based on Generalized Stochastic Colored Petri Net (GSCPN) is proposed (GSCPN based Network Security). Assessment Model, GSCPN-NSAM). The model is suitable for describing concurrency and cooperative attacks. The color set of the colored Petri net can be used to represent the related attributes of the attack. At the same time, the performance of the system can be evaluated based on the random Petri net. The related properties of the evaluation model, the building algorithm and the correctness verification method of the model are given, and The complexity of the model is measured. Considering the problem that the network size is too large and the number of model nodes is too large in the actual environment, the hierarchical idea is introduced in the process of building the model, and the complexity of the model is reduced by the simplification of the performance equivalence. Secondly, the analysis method of network vulnerability is studied. The deficiency of the method of sex analysis is focused on the method of network vulnerability analysis based on GSCPN-NSAM model. First, an optimal attack path analysis method based on GSCPN-NSAM model is proposed. This method can predict the best attack path by calculating the time cost of each attack path, and can avoid the success of the calculation attack in the existing method. The analysis results can guide the network managers to strengthen the defense in the path of maximum security risk. Secondly, a method based on the GSCPN-NSAM model is proposed for the establishment of network security reinforcement measures. The method introduces the concept of the host node utilization index and the key degree of the main machine node, and calculates the host nodes. The key degree is to sort the vulnerable nodes which need to be repaired in the network. On this basis, the security of the target network is strengthened gradually according to the principle of maximum node key degree priority, thus improving the security of the network as a whole. Again, the evaluation method of the network security risk is studied. In order to solve this problem, this paper presents a network security risk assessment method based on fuzzy Petri net, establishes a network security risk assessment index system, and constructs a fuzzy Petri net model based on the index system. A fuzzy P based on fuzzy P is given. The fuzzy inference algorithm of system risk in ETRI network, which uses matrix operation to reasoning, makes full use of the parallel processing ability of fuzzy Petri net, and combines the analytic hierarchy process and qualitative and quantitative analysis to evaluate the security risk of the network system. Compared with the traditional comprehensive assessment method of wind risk, the method proposed in this paper is in the end. In the course of the evaluation, the reliability of the risk factors is also analyzed, so that the evaluation results are more accurate and objective. Finally, the selection of the optimal defense strategy for network security is studied from the angle of attack and defense game. The concept of triangular fuzzy number is introduced into the game model, and an optimal defense strategy selection method based on triangular fuzzy matrix game is proposed. A game algorithm based on triangular fuzzy matrix is given. By solving the Nash equilibrium of triangular fuzzy matrix game, the algorithm can help the defender to predict the possible attack behavior, and the selection of the algorithm. In addition, the repeated game theory is used to analyze the long-term confrontation relationship between the two parties in the attack and defense. The example analysis shows that the introduction of the concept of triangular fuzzy is more consistent with the actual situation, and improves the accuracy and effectiveness of the analysis results.
【學(xué)位授予單位】:解放軍信息工程大學(xué)
【學(xué)位級(jí)別】:博士
【學(xué)位授予年份】:2014
【分類號(hào)】:TP393.08
【參考文獻(xiàn)】
相關(guān)期刊論文 前10條
1 吳迪;連一峰;陳愷;劉玉嶺;;一種基于攻擊圖的安全威脅識(shí)別和分析方法[J];計(jì)算機(jī)學(xué)報(bào);2012年09期
2 吳迪;馮登國(guó);連一峰;陳愷;;一種給定脆弱性環(huán)境下的安全措施效用評(píng)估模型[J];軟件學(xué)報(bào);2012年07期
3 王會(huì)梅;鮮明;王國(guó)玉;;基于擴(kuò)展網(wǎng)絡(luò)攻擊圖的網(wǎng)絡(luò)攻擊策略生成算法[J];電子與信息學(xué)報(bào);2011年12期
4 陳亞睿;田立勤;楊揚(yáng);;云計(jì)算環(huán)境下基于動(dòng)態(tài)博弈論的用戶行為模型與分析[J];電子學(xué)報(bào);2011年08期
5 陳鋒;劉德輝;張怡;蘇金樹(shù);;基于威脅傳播模型的層次化網(wǎng)絡(luò)安全評(píng)估方法[J];計(jì)算機(jī)研究與發(fā)展;2011年06期
6 王元卓;林闖;程學(xué)旗;方濱興;;基于隨機(jī)博弈模型的網(wǎng)絡(luò)攻防量化分析方法[J];計(jì)算機(jī)學(xué)報(bào);2010年09期
7 付鈺;吳曉平;葉清;彭熙;;基于模糊集與熵權(quán)理論的信息系統(tǒng)安全風(fēng)險(xiǎn)評(píng)估研究[J];電子學(xué)報(bào);2010年07期
8 吳詩(shī)輝;楊建軍;郭乃林;;三角模糊矩陣博弈的最優(yōu)策略研究[J];系統(tǒng)工程與電子技術(shù);2009年05期
9 苘大鵬;周淵;楊武;楊永田;;用于評(píng)估網(wǎng)絡(luò)整體安全性的攻擊圖生成方法[J];通信學(xué)報(bào);2009年03期
10 劉密霞;張秋余;鄒曉;余冬梅;;基于擴(kuò)展CPN的多源數(shù)據(jù)報(bào)警相關(guān)性[J];吉林大學(xué)學(xué)報(bào)(工學(xué)版);2009年02期
,本文編號(hào):2146185
本文鏈接:http://www.sikaile.net/guanlilunwen/ydhl/2146185.html
最近更新
教材專著
