基于移动互联网的安全风险评估系统设计及实现
发布时间:2018-07-26 12:54
【摘要】:随着移动通信和互联网技术发展,移动互联网已经广泛存在于人们的日常生活,未来将更多地融合到个人和企业的生活生产中,因此对移动互联网进行安全风险评估成为必要。然而,互联网在迅速发展的同时也带来了越来越多的安全问题,移动终端问题日益凸显,移动网络安全在继承了传统网络的安全问题之上又产生了新的安全问题,移动业务平台自身的脆弱性也带来了越来越多的安全问题。这些安全问题的爆发可能会给移动互联网用户带来巨大的损失。因此,识别和规避移动互联网风险,成为了当下安全风险评估领域严峻的课题。 目前,对于移动互联网安全风险评估业界还缺乏针对性的合理的风险评估标准和针对性的量化评估方法,还不能够全面且准确地对移动互联网进行安全风险评估。因此,本文对移动互联网进行了深入的分析‘,并将移动互联网划分为终端、管道和业务三个模块,同时提出了基于风险域划分的移动互联网风险评估模型,采用符合性分析、基于层次分析法的资产赋值评估方法,量化了各风险点和风险域,得到整体风险分布。基于该评估模型和评估方法,本文开发了移动互联网风险评估系统,涵盖了移动互联网风险评估的整个流程,并以某移动网络单元的评估实践为例,对模型和系统进行了可行性验证。本文主要工作如下: 一、对移动互联网架构进行调研分析,将移动互联网划分为终端、管道和业务三个模块,并研究三个模块目前面临的主要安全威胁。同时调研了目前移动互联网风险评估现状,提出从终端域、管道域和业务域对移动互联网进行风险评估的基本思想,确定了风险域划分和结合层次分析法的风险量化的评估方法。 二、基于以上对移动互联网的划分,构建移动互联网评估模型。通过相关标准梳理移动互联网终端域的风险点,并通过符合性检查量化和权重赋值的方法对终端域的风险值进行量化。对管道域和业务域采用风险量化方法分别对资产、威胁和脆弱性进行识别,通过层次分析法得到其安全风险值。最终依据上述结果加权后得到整个移动互联网整体域的风险值。 三、结合以上评估模型和评估方法,本文设计并搭建了移动互联网风险评估系统。系统主要包含风险评估业务模块、知识库模块和系统管理模块,可对移动互联网风险评估提供全程支撑。系统持录入符合性量化风险点、及基于资产的风险计算和整体风险评价等功能。 四、通过某运营商的移动流媒体平台作为对象,开展移动互联网风险评估工作。用实践结果证明评估模型和评估系统的可行性。
[Abstract]:With the development of mobile communication and Internet technology, mobile Internet has been widely used in people's daily life, and will be more integrated into the daily life of individuals and enterprises in the future. Therefore, it is necessary to evaluate the security risk of mobile Internet. However, the rapid development of the Internet also brings more and more security problems. The problem of mobile terminal becomes increasingly prominent. The security of mobile network not only inherits the security problems of traditional networks, but also brings about new security problems. The vulnerability of mobile service platform also brings more and more security problems. These security problems may bring huge losses to mobile Internet users. Therefore, the identification and avoidance of mobile Internet risks has become a serious issue in the field of security risk assessment. At present, the industry of mobile Internet security risk assessment is still lack of targeted and reasonable risk assessment standards and targeted quantitative assessment methods, and can not comprehensively and accurately carry out security risk assessment of mobile Internet. Therefore, this paper has carried on the thorough analysis to the mobile Internet, and divides the mobile Internet into the terminal, the pipeline and the service three modules, at the same time has proposed the mobile Internet risk assessment model based on the risk domain partition, adopts the conformity analysis. The evaluation method of asset assignment based on Analytic hierarchy process (AHP) quantifies each risk point and risk region and obtains the overall risk distribution. Based on the evaluation model and evaluation method, a mobile Internet risk assessment system is developed in this paper, which covers the whole process of mobile Internet risk assessment, and takes the evaluation practice of a mobile network unit as an example. The feasibility of the model and system is verified. The main work of this paper is as follows: first, the mobile Internet architecture is investigated and analyzed. The mobile Internet is divided into three modules: terminal, pipeline and business, and the main security threats faced by the three modules are studied. At the same time, the present situation of mobile Internet risk assessment is investigated, and the basic idea of mobile Internet risk assessment from terminal domain, pipeline domain and business domain is put forward. The risk domain division and the risk quantification evaluation method combined with AHP are determined. Second, based on the above division of mobile Internet, a mobile Internet evaluation model is constructed. The risk points of mobile Internet terminal domain are combed by relevant standards, and the risk value of terminal domain is quantified by means of conformity checking quantization and weight assignment. The risk quantification method is used to identify the assets, threats and vulnerabilities in pipeline domain and business domain respectively, and the security risk value is obtained by analytic hierarchy process (AHP). Finally, the risk value of the whole mobile Internet domain is obtained according to the above results. Thirdly, this paper designs and builds a mobile internet risk assessment system based on the above evaluation models and methods. The system mainly includes risk assessment business module, knowledge base module and system management module, which can provide full support for mobile Internet risk assessment. The system holds the functions of quantifying risk points of conformity, asset-based risk calculation and overall risk evaluation. Fourthly, through the mobile streaming media platform of a certain operator as the object, carry out the mobile Internet risk assessment work. The feasibility of the evaluation model and the evaluation system is proved by practical results.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.01;TN929.5
本文编号:2146079
[Abstract]:With the development of mobile communication and Internet technology, mobile Internet has been widely used in people's daily life, and will be more integrated into the daily life of individuals and enterprises in the future. Therefore, it is necessary to evaluate the security risk of mobile Internet. However, the rapid development of the Internet also brings more and more security problems. The problem of mobile terminal becomes increasingly prominent. The security of mobile network not only inherits the security problems of traditional networks, but also brings about new security problems. The vulnerability of mobile service platform also brings more and more security problems. These security problems may bring huge losses to mobile Internet users. Therefore, the identification and avoidance of mobile Internet risks has become a serious issue in the field of security risk assessment. At present, the industry of mobile Internet security risk assessment is still lack of targeted and reasonable risk assessment standards and targeted quantitative assessment methods, and can not comprehensively and accurately carry out security risk assessment of mobile Internet. Therefore, this paper has carried on the thorough analysis to the mobile Internet, and divides the mobile Internet into the terminal, the pipeline and the service three modules, at the same time has proposed the mobile Internet risk assessment model based on the risk domain partition, adopts the conformity analysis. The evaluation method of asset assignment based on Analytic hierarchy process (AHP) quantifies each risk point and risk region and obtains the overall risk distribution. Based on the evaluation model and evaluation method, a mobile Internet risk assessment system is developed in this paper, which covers the whole process of mobile Internet risk assessment, and takes the evaluation practice of a mobile network unit as an example. The feasibility of the model and system is verified. The main work of this paper is as follows: first, the mobile Internet architecture is investigated and analyzed. The mobile Internet is divided into three modules: terminal, pipeline and business, and the main security threats faced by the three modules are studied. At the same time, the present situation of mobile Internet risk assessment is investigated, and the basic idea of mobile Internet risk assessment from terminal domain, pipeline domain and business domain is put forward. The risk domain division and the risk quantification evaluation method combined with AHP are determined. Second, based on the above division of mobile Internet, a mobile Internet evaluation model is constructed. The risk points of mobile Internet terminal domain are combed by relevant standards, and the risk value of terminal domain is quantified by means of conformity checking quantization and weight assignment. The risk quantification method is used to identify the assets, threats and vulnerabilities in pipeline domain and business domain respectively, and the security risk value is obtained by analytic hierarchy process (AHP). Finally, the risk value of the whole mobile Internet domain is obtained according to the above results. Thirdly, this paper designs and builds a mobile internet risk assessment system based on the above evaluation models and methods. The system mainly includes risk assessment business module, knowledge base module and system management module, which can provide full support for mobile Internet risk assessment. The system holds the functions of quantifying risk points of conformity, asset-based risk calculation and overall risk evaluation. Fourthly, through the mobile streaming media platform of a certain operator as the object, carry out the mobile Internet risk assessment work. The feasibility of the evaluation model and the evaluation system is proved by practical results.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.01;TN929.5
【参考文献】
相关期刊论文 前10条
1 张仕成;;基于Google Android平台的应用程序开发与研究[J];电脑知识与技术;2009年28期
2 廖建新;移动智能网技术的研发现状及未来发展[J];电子学报;2003年11期
3 班晓芳;佟鑫;;移动互联网安全威胁分析[J];电信技术;2012年07期
4 唐杰;逯全芳;文红;;基于AHP移动终端系统的安全风险评估[J];信息安全与技术;2013年03期
5 岳荣;李洪;;探讨移动互联网安全风险及端到端的业务安全评估[J];电信科学;2013年08期
6 黄志伟;付航;;解析移动通信安全机制,构建下一代可信网络[J];电信工程技术与标准化;2009年07期
7 宋小倩;周东升;;基于Android平台的应用开发研究[J];软件导刊;2011年02期
8 王祯学,戴宗坤,肖龙,王标;信息系统风险评估的数学方法[J];四川大学学报(自然科学版);2004年05期
9 王滨;刘刚;;动态口令认证方案的研究与改进[J];计算机工程与设计;2007年12期
10 纪元;蒋玉明;胡大裟;陈蓉;;基于免疫的网络安全风险评估模型[J];计算机工程与设计;2011年02期
,本文编号:2146079
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2146079.html
