基于模糊理论的漏洞危害等级评估技术研究

发布时间：2018-03-26 05:34

本文选题：漏洞危害评估　切入点：层次分析法　出处：《西北大学》2014年硕士论文

【摘要】：信息技术已经广泛应用于人们生活中的各个领域。但是近年来网络安全事件频发,安全问题突出。安全问题已经成为制约网络健康发展的关键因素。研究表明,系统安全漏洞是信息安全风险的主要根源之一。漏洞的产生不可避免,而漏洞造成的危害又非常严重,因此,对漏洞及其相关分析技术的研究意义重大。安全漏洞的危害评估是安全漏洞研究的重要组成部分,确定漏洞的危害程度是安全漏洞分析和系统风险评估等的研究基础,因此,对于漏洞危害等级评估的研究非常重要。本文结合安全漏洞评估领域的研究成果和发展趋势,针对如何全面分析与准确量化漏洞的危害程度这一问题展开研究,全文的主要工作如下： 1)介绍漏洞危害评估相关理论及评估技术发展状况,对现有的CVSS、CVRS等评估方法的实现过程进行总结和分析。 2)漏洞危害评估要素的分析。为实现更加全面的评估,分析典型漏洞栈溢出漏洞的利用过程和利用技术。分析漏洞危害程度的影响要素并结合已有研究成果,最终选取可利用性和安全影响两方面评估要素对漏洞危害进行评估,使得评估更加准确全面。 3)基于模糊理论的漏洞危害等级量化评估模型的建立。论述使用模糊理论对漏洞进行量化评估的实现过程。利用层次分析法为各指标分配权重,利用模糊综合判断法得到漏洞危害等级,提高评估的客观性。利用评估实验,将本文方法与类似方法进行比较,通过对实验结果的分析,表明本文所使用方法是合理有效的。 4)评估系统的实现。在以上研究的基础上,设计实现了一个漏洞评估系统,实现自动化的漏洞危害等级评估。
[Abstract]:Information technology has been widely used in every field of people's life. However, in recent years, network security incidents occur frequently and security problems are prominent. Security issues have become the key factor restricting the healthy development of network. System security vulnerability is one of the main sources of information security risk. The research on vulnerability and its related analysis technology is of great significance. The hazard assessment of security vulnerability is an important part of security vulnerability research. Determining the harm degree of vulnerability is the basis of security vulnerability analysis and system risk assessment. It is very important to study the vulnerability level evaluation. Combined with the research results and development trends in the field of security vulnerability assessment, this paper focuses on how to comprehensively analyze and accurately quantify the vulnerability damage. The main work of this paper is as follows:. 1) introduce the relevant theory of vulnerability assessment and the development of evaluation technology, summarize and analyze the implementation process of existing CVSS / CVRS evaluation methods. 2) Analysis of vulnerability risk assessment elements. In order to achieve a more comprehensive assessment, this paper analyzes the utilization process and utilization technology of typical vulnerability stack spillover vulnerabilities, analyzes the influencing factors of vulnerability damage degree and combines the existing research results. Finally, the vulnerability assessment elements are selected in terms of availability and security impact, which makes the assessment more accurate and comprehensive. 3) the establishment of quantitative evaluation model of vulnerability damage grade based on fuzzy theory. The realization process of quantitative evaluation of vulnerability using fuzzy theory is discussed. The weight of each index is assigned by AHP. The fuzzy comprehensive judgment method is used to obtain the vulnerability damage grade and improve the objectivity of the evaluation. The evaluation experiment is used to compare this method with the similar method. The analysis of the experimental results shows that the method used in this paper is reasonable and effective. 4) the realization of the evaluation system. Based on the above research, a vulnerability assessment system is designed and implemented to realize the automatic vulnerability assessment.
【学位授予单位】：西北大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】