基于安全状态域的网络评估模型  被引量:19

Security-State-Region-Based Model of Network Security Evaluation

在线阅读下载全文

作  者:张海霞[1,2] 连一峰[1,2,3] 苏璞睿[1,2] 冯登国[1,2] 

机构地区:[1]中国科学院软件研究所信息安全国家重点实验室,北京100190 [2]中国科学院软件研究所,北京100190 [3]中国科学院研究生院,北京100049

出  处:《软件学报》2009年第2期451-461,共11页Journal of Software

基  金:国家自然科学基金;国家重点基础研究发展计划(973);国家高技术研究发展计划(863)~~

摘  要:将基于攻击图的评估与依赖标准的评估相结合,提出了一种基于安全状态域(security state region,简称SSR)的网络安全评估模型(security-state-region-based evaluation model,简称SSREM).该模型将攻击的影响分为攻击能力改变和环境改变,通过两者之间的因果关系建立数学模型,提出了安全状态域趋向指数的概念,借助Matlab进行攻击趋势的曲面拟合,进而进行安全状态域的划分和网络的安全性评估.实验结果表明,依据SSREM进行的评估能够通过安全状态城和安全状态域趋向指数反映网络进入不同状态的难易程度,对网络安全性量化评估具有借鉴意义.A security-state-region-based (SSR-based) model called security-state-region-based evaluation model (SSREM) is proposed, which integrates the assessment based on the attack graph and the evaluation according to criteria together. In the model, the attack result is divided into the change in the attack ability and environment. The cause and effect relationship among them lays a foundation for building mathematic equations. After that, the definition of SSR is proposed, and also curve and surface fitting recurring to Matlab is used to analyze the attack trend, the result of which provides a theoretical basis for the division of SSR and the network security assessment based on SSR. Experiments in the posterior part of the paper show that, the evaluation according to SSREM can reflect how difficult it is to enter into different states through SSR and the tendency coefficient of security state region (TC_SSR), which can be used for reference by quantitative evaluation of network security.

关 键 词:安全状态城 基于安全状态域的评估模型 安全状态域趋向指数 攻击图 脆弱性 

分 类 号:TP393[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象