發(fā)布時(shí)間：2018-06-15 16:22

  本文選題：網(wǎng)絡(luò)安全 + 風(fēng)險(xiǎn)評(píng)估�。� 參考：《西北大學(xué)》2016年博士論文

【摘要】：隨著物聯(lián)網(wǎng)、云計(jì)算和移動(dòng)互聯(lián)網(wǎng)等新技術(shù)快速發(fā)展,網(wǎng)絡(luò)安全出現(xiàn)了覆蓋范圍廣、復(fù)雜度高的新特性,使得如何進(jìn)一步提升我國(guó)網(wǎng)絡(luò)的安全性成為一個(gè)亟待解決的問(wèn)題,并已上升到國(guó)家戰(zhàn)略高度。從未來(lái)發(fā)展趨勢(shì)看,陸、海、空、天每一個(gè)領(lǐng)域都將與網(wǎng)絡(luò)連在一起,從而形成網(wǎng)絡(luò)空間與現(xiàn)實(shí)國(guó)家安全的高度統(tǒng)一。網(wǎng)絡(luò)安全風(fēng)險(xiǎn)評(píng)估是保障網(wǎng)絡(luò)安全的基礎(chǔ)和前提,已被列為我國(guó)網(wǎng)絡(luò)安全保障工作的重點(diǎn)任務(wù)之一。研究網(wǎng)絡(luò)安全風(fēng)險(xiǎn)評(píng)估方法對(duì)提升我國(guó)網(wǎng)絡(luò)安全保障具有重要的現(xiàn)實(shí)意義和廣闊的應(yīng)用前景。傳統(tǒng)的網(wǎng)絡(luò)安全風(fēng)險(xiǎn)評(píng)估方法大多是靜態(tài)地對(duì)安全風(fēng)險(xiǎn)進(jìn)行初步評(píng)估,很少考慮當(dāng)前網(wǎng)絡(luò)正在遭受的攻擊事件、補(bǔ)丁修復(fù)等級(jí)、代碼可利用性等因素對(duì)安全風(fēng)險(xiǎn)的動(dòng)態(tài)影響。為此,本文從主機(jī)和網(wǎng)絡(luò)兩個(gè)維度深入研究動(dòng)態(tài)視角下的網(wǎng)絡(luò)安全風(fēng)險(xiǎn)評(píng)估,提出了一個(gè)新的網(wǎng)絡(luò)安全多維動(dòng)態(tài)風(fēng)險(xiǎn)評(píng)估框架NSMDRA,包含風(fēng)險(xiǎn)識(shí)別、風(fēng)險(xiǎn)評(píng)估和風(fēng)險(xiǎn)管理3個(gè)評(píng)估階段以及9個(gè)評(píng)估步驟。深入、系統(tǒng)地研究該框架所涉及的各項(xiàng)關(guān)鍵技術(shù),主要包括以下四個(gè)方面：(1)提出兩種基于深度學(xué)習(xí)的風(fēng)險(xiǎn)識(shí)別模型針對(duì)當(dāng)前IDS面臨海量數(shù)據(jù)檢測(cè)速度過(guò)低的問(wèn)題,提出一種基于自編碼網(wǎng)絡(luò)的支持向量機(jī)入侵檢測(cè)模型AN-SVM。首先采用多層無(wú)監(jiān)督的限制玻爾茲曼機(jī)RBM將高維、非線性的原始數(shù)據(jù)映射至低維空間,建立高維空間和低維空間的雙向映射自編碼網(wǎng)絡(luò)結(jié)構(gòu)；然后運(yùn)用基于BP算法的自編碼網(wǎng)絡(luò)權(quán)值微調(diào)算法重構(gòu)低維空間數(shù)據(jù)的最優(yōu)高維表示；進(jìn)而采用SVM分類算法對(duì)所獲得的原始數(shù)據(jù)相應(yīng)最優(yōu)低維表示進(jìn)行入侵識(shí)別。實(shí)驗(yàn)驗(yàn)證該模型可降低入侵檢測(cè)模型中分類的訓(xùn)練時(shí)間和測(cè)試時(shí)間。針對(duì)傳統(tǒng)淺層機(jī)器學(xué)習(xí)方法無(wú)法有效解決海量入侵?jǐn)?shù)據(jù)的分類問(wèn)題,提出一種基于深度信念網(wǎng)絡(luò)的入侵檢測(cè)模型DBNIDM。首先運(yùn)用對(duì)比分歧算法自底向上逐層訓(xùn)練每一個(gè)RBM網(wǎng)絡(luò),將大量高維、非線性的無(wú)標(biāo)簽數(shù)據(jù)映射為最優(yōu)的低維表示；然后利用BP算法自頂向下有監(jiān)督地對(duì)RBM網(wǎng)絡(luò)輸出的低維表示進(jìn)行分類。與傳統(tǒng)的淺層學(xué)習(xí)方法相比,該模型提高了對(duì)高維、非線性空間的海量入侵?jǐn)?shù)據(jù)的分類準(zhǔn)確率。(2)提出一種基于漏洞類型聚類的層次化漏洞修復(fù)模型首先,針對(duì)CVSS方法未考慮補(bǔ)丁修復(fù)等級(jí)和代碼可利用性對(duì)漏洞危害評(píng)估的動(dòng)態(tài)影響,提出一種漏洞危害性動(dòng)態(tài)綜合量化評(píng)分方法VDSS,對(duì)漏洞危害性進(jìn)行準(zhǔn)確評(píng)估,為如何選擇漏洞修復(fù)策略提供更精確的依據(jù)；然后提出一種基于PSO-Kmeans的漏洞信息聚類方法：運(yùn)用PSO算法獲取全局聚類中心,利用K-means算法對(duì)漏洞信息進(jìn)行聚類,再計(jì)算每種漏洞類型的威脅因子；最后,針對(duì)傳統(tǒng)漏洞修復(fù)策略存在難以確定同一危害等級(jí)漏洞修復(fù)優(yōu)先次序的問(wèn)題,對(duì)目標(biāo)主機(jī)漏洞進(jìn)行層次化劃分,提出一種基于漏洞類型的層次化漏洞修復(fù)方法。實(shí)驗(yàn)表明該模型可為用戶提供細(xì)粒度的漏洞修復(fù)策略。(3)提出一種基于貝葉斯攻擊圖的動(dòng)態(tài)風(fēng)險(xiǎn)評(píng)估模型現(xiàn)有攻擊圖模型未充分考慮網(wǎng)絡(luò)實(shí)時(shí)攻擊事件對(duì)每個(gè)屬性節(jié)點(diǎn)置信度的動(dòng)態(tài)影響,為此提出一種基于貝葉斯攻擊圖的動(dòng)態(tài)風(fēng)險(xiǎn)評(píng)估模型DRABAG。該模型運(yùn)用貝葉斯信念網(wǎng)絡(luò)建立用于描述攻擊行為中多步原子攻擊間因果關(guān)系的概率攻擊圖,其中采用通用漏洞評(píng)分系統(tǒng)指標(biāo)計(jì)算漏洞利用成功概率,并利用局部條件概率分布表評(píng)估屬性節(jié)點(diǎn)的靜態(tài)安全風(fēng)險(xiǎn)；進(jìn)而結(jié)合入侵檢測(cè)系統(tǒng)觀測(cè)到的實(shí)時(shí)攻擊事件,運(yùn)用貝葉斯推理方法對(duì)單步攻擊行為的后驗(yàn)概率進(jìn)行動(dòng)態(tài)更新。實(shí)驗(yàn)表明該模型可更準(zhǔn)確、有效地評(píng)估目標(biāo)網(wǎng)絡(luò)的安全性和推測(cè)出最大累積概率攻擊路徑,為最優(yōu)安全防護(hù)策略的選擇提供依據(jù)。(4)提出一種基于貝葉斯攻擊圖的最優(yōu)安全防護(hù)策略選擇模型針對(duì)如何運(yùn)用優(yōu)化算法有效地選擇最優(yōu)安全防護(hù)策略的問(wèn)題,提出一種基于貝葉斯攻擊圖的最優(yōu)安全防護(hù)策略選擇模型HMS-BAG。根據(jù)動(dòng)態(tài)風(fēng)險(xiǎn)評(píng)估結(jié)果,定義面向防護(hù)策略的貝葉斯攻擊圖和四種防護(hù)操作,并計(jì)算實(shí)施防護(hù)措施后的概率;然后構(gòu)建防護(hù)成本和攻擊收益的經(jīng)濟(jì)學(xué)指標(biāo)及指標(biāo)量化方法；運(yùn)用成本—收益分析方法對(duì)防護(hù)策略選擇問(wèn)題進(jìn)行形式化描述,提出基于粒子群的最優(yōu)安全防護(hù)策略選擇算法,并將所選擇的最優(yōu)防護(hù)策略實(shí)施于最大累積概率攻擊路徑。實(shí)驗(yàn)表明通過(guò)HMS-BAG模型選擇的最優(yōu)防護(hù)策略可在限定防護(hù)成本條件下最有效地降低網(wǎng)絡(luò)安全風(fēng)險(xiǎn)。
[Abstract]:With the rapid development of new technologies such as the Internet of things, cloud computing and mobile Internet, network security has a new feature of wide coverage and high complexity, which makes it an urgent problem to further improve the security of China's network, and has risen to the national strategy. From the future development trend, land, sea, air, and every day The field will be connected with the network, thus forming a high unity between the network space and the reality of the national security. The risk assessment of the network security is the basis and prerequisite for the security of the network. It has been listed as one of the key tasks of the network security work in our country. The research on the evaluation method of network security risk has a great effect on improving the security of our network. The traditional network security risk assessment methods are mostly static assessment of security risk, rarely considering the current network attack events, patch repair level, code availability and other factors on the dynamic impact of security risk. For this reason, this paper from the host and network The two dimensions deeply study the risk assessment of network security under the dynamic perspective, and put forward a new multi-dimensional dynamic risk assessment framework for network security NSMDRA, including risk identification, risk assessment and risk management 3 evaluation stages and 9 evaluation steps. The next four aspects are as follows: (1) two kinds of risk identification models based on depth learning are proposed. In view of the problem that the current IDS is facing a low speed of massive data detection, a support vector machine intrusion detection model based on self coding network (AN-SVM.) is proposed, first of which the multi-layer unsupervised limited Bose machine RBM is used for the high dimension, nonlinear original data. It is mapped to low dimensional space to establish a bidirectional mapping self coded network structure with high dimension space and low dimension space, and then reconstructs the optimal high dimension representation of low dimensional spatial data by using the weight tuning algorithm of self coded network based on BP algorithm, and then uses the SVM classification algorithm to make intrusion recognition of the corresponding optimal low dimension representation of the original data. The experiment proves that the model can reduce the training time and time of classification in the intrusion detection model. The traditional shallow machine learning method can not effectively solve the classification problem of massive intrusion data. An intrusion detection model, DBNIDM., based on the depth belief network, is first trained by the bottom by layer training of the contrast algorithm. Every RBM network maps a large number of high-dimensional, nonlinear unlabeled data to the optimal low dimension representation, and then uses BP algorithm to categorize the low dimensional representation of the output of RBM network from top to bottom. Compared with the traditional shallow learning method, the model improves the classification of massive intrusion data in high dimension and nonlinear space. (2) (2) a hierarchical vulnerability restoration model based on vulnerability type clustering is proposed. First, in view of the dynamic impact of the patch repair level and code availability on vulnerability assessment, a dynamic comprehensive quantitative scoring method, VDSS, is proposed to evaluate the vulnerability hazard and how to select the vulnerability hazard. The vulnerability restoration strategy provides a more accurate basis, and then proposes a PSO-Kmeans based clustering method for vulnerability information: using the PSO algorithm to obtain the global clustering center, using the K-means algorithm to cluster the vulnerability information, and then calculating the threat factors of each type of vulnerability; finally, it is difficult to determine the same problem for the traditional vulnerability restoration strategy. A hierarchical vulnerability is divided into hierarchies of target host vulnerabilities, and a hierarchical vulnerability restoration method based on vulnerability type is proposed. The experiment shows that the model can provide a fine-grained vulnerability repair strategy for users. (3) a dynamic risk assessment model based on Bayesian Juliu attack graph is proposed. The dynamic impact of network real-time attacks on the confidence of each attribute node is not fully considered, and a dynamic risk assessment model based on Bayes attack graph (DRABAG.) is proposed. The model uses Bayesian belief network to establish a probabilistic attack graph to describe the causality between multiple step original attacks in the attack. The general vulnerability scoring system is used to calculate the success probability of the vulnerability and evaluate the static security risk of the attribute nodes by using the local conditional probability distribution table. Then combined with the real-time attack events observed by the intrusion detection system, the Bias reasoning method is used to dynamically update the posterior probability of the single step attack. It shows that the model can be more accurate, effectively evaluate the security of the target network and speculate the maximum cumulative probability attack path, and provide the basis for the selection of the optimal security protection strategy. (4) an optimal security policy selection model based on Bayesian attack graph is proposed to select the optimal security defense effectively by using the optimization algorithm. In order to protect strategy, an optimal security strategy selection model based on Bayes attack graph (HMS-BAG.) is proposed. According to the results of dynamic risk assessment, the Bayes attack map and four protection operations are defined, and the probability after the implementation of the protective measures is calculated. Then, the economic indicators of the protection cost and the attack benefit are constructed. And the method of quantifying the index; using the cost income analysis method to formalize the protection strategy selection problem, put forward the optimal security policy selection algorithm based on particle swarm, and implement the optimal protection strategy in the maximum cumulative probability attack path. The experiment shows the optimal protection strategy selected by the HMS-BAG model. It can reduce the risk of network security most effectively under the condition of limiting the cost of protection.
【學(xué)位授予單位】：西北大學(xué)
【學(xué)位級(jí)別】：博士
【學(xué)位授予年份】：2016
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 高妮;高嶺;賀毅岳;雷艷婷;高全力;;基于貝葉斯攻擊圖的動(dòng)態(tài)安全風(fēng)險(xiǎn)評(píng)估模型[J];四川大學(xué)學(xué)報(bào)(工程科學(xué)版);2016年01期

2 高嶺;申元;高妮;雷艷婷;孫騫;;基于文本挖掘的漏洞信息聚類分析[J];東南大學(xué)學(xué)報(bào)(自然科學(xué)版);2015年05期

3 高妮;高嶺;賀毅岳;高全力;任杰;;基于深度信念網(wǎng)絡(luò)的入侵檢測(cè)模型（英文）[J];Journal of Southeast University(English Edition);2015年03期

4 張瑜;LIU Qingzhong;李濤;曹均闊;吳麗華;;基于危險(xiǎn)理論的APT攻擊實(shí)時(shí)響應(yīng)模型[J];四川大學(xué)學(xué)報(bào)(工程科學(xué)版);2015年04期

5 馬剛;杜宇鴿;安波;張博;王偉;史忠植;;基于威脅傳播采樣的復(fù)雜信息系統(tǒng)風(fēng)險(xiǎn)評(píng)估[J];計(jì)算機(jī)研究與發(fā)展;2015年07期

6 張晶;李艷;;基于動(dòng)態(tài)博弈的粗糙網(wǎng)絡(luò)安全分析模型[J];計(jì)算機(jī)工程;2015年04期

7 尚文利;張盛山;萬(wàn)明;曾鵬;;基于PSO-SVM的Modbus TCP通訊的異常檢測(cè)方法[J];電子學(xué)報(bào);2014年11期

8 陳興蜀;吳小松;王文賢;王海舟;;基于特征關(guān)聯(lián)度的K-means初始聚類中心優(yōu)化算法[J];四川大學(xué)學(xué)報(bào)(工程科學(xué)版);2015年01期

9 陳小軍;方濱興;譚慶豐;張浩亮;;基于概率攻擊圖的內(nèi)部攻擊意圖推斷算法研究[J];計(jì)算機(jī)學(xué)報(bào);2014年01期

10 謝秀華;李陶深;;一種基于改進(jìn)PSO的K-means優(yōu)化聚類算法[J];計(jì)算機(jī)技術(shù)與發(fā)展;2014年02期

，

本文編號(hào)：2022660