网络安全自主评估机制研究

发布时间：2018-04-07 00:09

本文选题：自律计算　切入点：事件感知　出处：《河南科技大学》2014年硕士论文

【摘要】：随着计算机系统规模的不断扩大和复杂性的不断增长，网络安全性问题成为计算机领域日益关注的焦点。计算机网络从最初的侧重于信息的保密性发展到如今网络安全信息的完整性、可用性、可控性和不可否认性，其主要技术和理论为“攻击、防范、检测、控制、管理、评估”等六方面。其中网络事件检测和安全风险评估是保障网络信息安全和正常运行的基础和手段。传统网络的防御保护，在当攻击和威胁出现后，才能分析和处理网络的运行状况，从而导致网络管理者难以真正的掌握系统的安全状况。因此，为能够把握网络的整体安全状态，确保网络系统安全有效地运行，对网络安全事件进行检测和评估网络安全状态的研究是非常必要的。而自律计算能够克服计算系统的异构性和复杂性，被认为是实现系统自感知、自评估问题的新的有效途径。本文在分析现有的网络安全事件感知技术与网络安全评估技术的基础上，针对网络安全事件感知系统中存在的安全管理复杂性及缺乏自适应性等不足，将自律计算的思想引入到网络事件感知与网络安全评估中。在事件感知基础上，将云模型引入网络安全风险评估中，研究工作主要包括以下几个方面： (1)全面系统地阐述了网络安全事件感知与评估的基础理论和相关方法，分析对比了目前系统安全评估研究中各种技术和方法，鉴于当前评估方法管理复杂、配置成本高、需要较多的人为干预等问题，引入建立具有自主特性的网络安全评估的必要性。 (2)针对当前网络事件感知系统缺乏自主性，借鉴自律计算的思想，提出一个基于自律计算的网络安全事件感知模型。该模型以自律管理者为核心，通过感知策略实现对被管资源的管理，通过融合引擎实现对攻击行为的自学习，感知系统安全事件，自主处理攻击信息，实现对攻击的自主响应。在安全事件感知过程中，采用主成分分析方法降低安全要素特征空间维数，采用机器学习的融合引擎分类具有内在联系的数据，确定数据隶属的攻击行为，通过基于危险理论的自主响应方法实现对攻击的自主响应，为网络安全状态的综合快速评估奠定基础。 (3)针对网络系统安全事件具有的模糊性和随机性，云模型能够有效地把模糊性和随机性集成在一起。因此，为了有效评估网络的安全风险，将云模型引入到网络安全风险的研究中，采用定性与定量相结合的评估方法。提出了一种基于云模型的网络安全风险评估方法。该方法以网络安全要素为基础，利用一维云模型对单个安全要素进行属性概化，得到多维属性云；在此基础上，，针对网络各级安全评语建立其对应的多维评判云，通过设定评判规则、计算两类云模型的相似程度得出网络安全状态评价结果。
[Abstract]:With the increasing scale and complexity of computer system, network security has become the focus in computer field.From the initial emphasis on the confidentiality of information to the integrity, usability, controllability and non-repudiation of network security information, the main technologies and theories of computer network are "attack, prevention, detection, control and management."Evaluation, etc.Network event detection and security risk assessment are the basis and means to ensure network information security and normal operation.The traditional network defense protection can analyze and deal with the operation of the network only after the attack and threat appear, which makes it difficult for the network manager to grasp the security situation of the system.Therefore, in order to grasp the overall security state of the network and ensure the safe and effective operation of the network system, it is very necessary to study the detection of network security events and the evaluation of the network security state.Autonomous computing can overcome the heterogeneity and complexity of computing systems and is considered to be a new effective way to realize self-perception and self-evaluation.Based on the analysis of the existing network security event awareness technology and network security assessment technology, this paper aims at the shortcomings of the security management complexity and the lack of adaptability in the network security event awareness system.The idea of autonomous computing is introduced into network event perception and network security evaluation.On the basis of event awareness, the cloud model is introduced into network security risk assessment. The research work mainly includes the following aspects:1) the basic theory and related methods of network security event perception and evaluation are expounded in detail and compared with each other in the present research of system security evaluation. In view of the complexity of management and the high cost of configuration, the current evaluation methods are analyzed and compared.It is necessary to establish the network security assessment with independent characteristics because more human intervention is needed.2) aiming at the lack of autonomy in the current network event perception system, a network security event perception model based on autonomous computing is proposed.The model takes self-discipline manager as the core, manages managed resources through perceptual strategy, realizes self-learning of attack behavior through fusion engine, perceives system security events, processes attack information autonomously, and realizes autonomous response to attack.In the process of security event perception, principal component analysis (PCA) is used to reduce the dimension of security feature space, and the fusion engine based on machine learning is used to classify the data with internal relation, and to determine the attack behavior of data membership.The autonomous response method based on the hazard theory is used to realize the autonomous response to the attack, which lays a foundation for the comprehensive and rapid evaluation of the security state of the network.3) in view of the fuzziness and randomness of network security events, the cloud model can effectively integrate fuzziness and randomness together.Therefore, in order to evaluate the network security risk effectively, the cloud model is introduced into the research of network security risk, and the qualitative and quantitative evaluation method is adopted.A network security risk assessment method based on cloud model is proposed.Based on the network security elements, this method generalizes the attributes of a single security element by using a one-dimensional cloud model, and obtains a multidimensional attribute cloud. On this basis, the corresponding multi-dimensional evaluation cloud is established for the network security reviews at all levels.The evaluation results of network security state are obtained by calculating the similarity of the two kinds of cloud models by setting the evaluation rules.
【学位授予单位】：河南科技大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】