基于HMM模型的信息系统实时风险评估算法研究

发布时间：2018-04-15 04:01

本文选题：动态风险评估 + 内部威胁　；参考：《中国海洋大学》2014年硕士论文

【摘要】：随着计算机网络的飞速发展和社会信息化进程的加快，越来越多的企业和政府部门通过信息系统开展业务、提供服务，信息系统的安全问题逐渐受到关注，成为时下热点。风险评估能够有效落实系统安全管理问题，并能够评估出不同时期不同环境下安全问题重点，加强系统安全管理。为确保系统安全，对整个网络信息系统进行风险评估是非常必要的。目前，现有的风险评估方法研究大多集中于静态评估方法研究，，少数提出动态实时概念的方法仅仅考虑恶意攻击、植入木马等外部攻击威胁，而忽略了系统内部由系统升级、人工操作等因素造成的内部配置错误威胁。为解决上述问题，本文主要进行三方面的工作。第一，将隐马尔可夫模型引入信息安全风险评估工作中，建模信息系统中主机的安全状态，全面考虑主机可能面临的外部威胁和内部威胁，提出一种动态实时的信息安全风险评估模型。第二，改进模型算法，提出计算实时状态转移矩阵的新概念，最后基于隐马尔可夫模型中的评估问题求解给出了一种信息系统整体意义上的网络安全风险度量方法，为信息系统的网络安全的量化管理提供了思路。仿真实验结果表明，该方法保证实时动态评估的同时，能够综合分析威胁，合理分析和量化信息系统的安全状况，提高了评估结果准确性和实时性。第三，基于风险评估理论，设计开发信息安全实时风险评估系统，引入Snort入侵检测系统监控外部攻击，设计配置核查系统根据信息安全等级保护标准检查主机内部配置，所采集的外部威胁和内部威胁数据格式化后传输给风险评估主系统，系统根据评估算法计算实时风险值，并分析威胁种类和配置符合情况，提供有效的整改建议报告。该系统提供了一种简单有效的风险评估过程，提高评估效率，并能够对信息系统整体安全状态做出科学的评价，对信息系统的安全防护水平提升有积极的推动作用。
[Abstract]:With the rapid development of computer network and the acceleration of social information process, more and more enterprises and government departments carry out business through information systems to provide services.Risk assessment can effectively implement the system security management problems, and can evaluate the key points of security problems in different environments in different periods, and strengthen the system security management.In order to ensure the security of the system, it is necessary to evaluate the risk of the whole network information system.At present, most of the existing risk assessment methods focus on static evaluation methods. A few of the methods that put forward the concept of dynamic real-time only consider malicious attacks, implant Trojan horses and other external attack threats, but ignore the upgrade of the system internal by the system.Human operation and other factors caused by the internal configuration error threat.In order to solve the above problems, this paper mainly carries out three aspects of work.Firstly, the hidden Markov model is introduced into the work of information security risk assessment, and the security state of the host in the information system is modeled, and the external and internal threats that the host may face are considered comprehensively.A dynamic and real-time information security risk assessment model is proposed.Secondly, a new concept of computing real-time state transition matrix is proposed by improving the model algorithm. Finally, a network security risk measurement method in the whole sense of information system is presented based on the evaluation problem in hidden Markov model.It provides a way for the quantitative management of network security of information system.The simulation results show that this method can comprehensively analyze threats, reasonably analyze and quantify the security of the information system, and improve the accuracy and real-time performance of the evaluation results.Thirdly, based on the theory of risk assessment, the real-time risk assessment system of information security is designed and developed. The Snort intrusion detection system is introduced to monitor the external attacks, and the configuration verification system is designed to inspect the internal configuration of the host according to the information security level protection standard.The collected external threat and internal threat data are formatted and transmitted to the risk assessment master system. According to the evaluation algorithm, the system calculates the real time risk value, analyzes the threat types and configuration conformance, and provides an effective corrective report.The system provides a simple and effective risk assessment process, improves the evaluation efficiency, and can make a scientific evaluation of the overall security status of the information system. It has a positive role in promoting the level of security protection of the information system.
【学位授予单位】：中国海洋大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】