基于信息融合的网络安全态势评估模型  被引量:167

A Network Security Situational Awareness Model Based on Information Fusion

在线阅读下载全文

作  者:韦勇[1,2] 连一峰[1,2] 冯登国[1,2] 

机构地区:[1]中国科学技术大学电子工程与信息科学系,合肥230027 [2]中国科学院软件研究所信息安全国家重点实验室,北京100190

出  处:《计算机研究与发展》2009年第3期353-362,共10页Journal of Computer Research and Development

基  金:国家"八六三"高技术研究发展计划基金项目(2006AA01Z437;2007AA01Z475;2006AA01Z412;2006AA01Z433)~~

摘  要:安全态势评估是近年来国内外在网络安全领域的研究热点之一.对已有的安全态势评估方法进行了详细分析和比较,针对网络安全中多数据源的特点,提出基于信息融合的网络安全态势评估模型,引入改进的D-S证据理论将多数据源信息进行融合,利用漏洞信息和服务信息,经过态势要素融合和节点态势融合计算网络安全态势,绘制安全态势曲线图,同时对态势计算结果进行时间序列分析,从而实现网络安全趋势的预测.最后利用网络实例数据,对所提出的网络安全态势评估模型和算法进行了验证,结果表明该模型比已有成果更加有效和准确.Security situational awareness has become a hot topic in the area of network security research in recent years, which attracts the interest of more and more domestic and foreign researchers. The existing security situational awareness methods are analyzed and compared in detail. Considering the characteristics of multi-source information in network security research, a new network security situational awareness model based on information fusion is proposed. This model fuses multi-source information from a mass of logs by introducing the modified D-S evidence theory, gets the values of nodes security situational awareness by situational factors fusion using attacks threat and vulnerability information which network nodes have and successful attacks depend on, computes the value of network security situational awareness by nodes situation fusion using service information of the network nodes, and draws the security-situation-graph of network. Then, it analyzes the time series of the computing results by ARMA model to forecast the future threat in network security. Finally an example of actual network datasets is given to validate the network security situational awareness model and algorithm. The results show that this model and algorithm is more effective and accurate than the existing security situational awareness methods.

关 键 词:安全态势评估 信息融合 D—S证据理论 时间序列分析 预测 

分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象