基于随机模型的网络安全风险量化评估方法研究
发布时间:2018-08-13 20:30
【摘要】:随着计算机和网络技术的快速发展,网络安全问题日益突出。对网络系统进行安全风险评估,是一种获取并掌握网络信息系统目前及未来安全状态的重要手段,对降低或者消除各种攻击给网络带来的损失具有重要的现实意义。基于规则或扫描工具的评估方法具有一定的局限性,一般只能对网络进行局部的评估,或者只能检验网络系统是否存在已知的弱点,而要对网络系统进行全面的风险评估并且发现一些新的潜在的漏洞或渗透变迁造成的网络风险,就需要依靠基于模型的评估方法。目前,现有的基于模型的网络安全风险量化评估方法普遍存在忽视网络节点关联性,计算效率低,无法适用于大规模网络的评估,无法区分不同重要程度资产风险的差异性等问题。针对上述不足,本文从三个方面展开研究工作:研究了可刻画网络中每个节点风险状态的基于隐马尔可夫模型的评估方法;改进了可以重点突出网络攻防博弈中人为因素对网络安全状况影响的基于博弈理论的量化评估方法;综合上述方法优势,提出了一种优化的基于马尔可夫博弈模型的网络安全风险评估方法。完成的具体工作如下:1.提出了节点相关的实时网络安全风险量化评估方法。在基于隐马尔可夫模型对网络安全风险的量化评估过程中,通过引入网络节点关联性,解决了已有网络安全风险量化评估方法中普遍忽视节点关联性的问题;考虑了主机的相对重要性,以此刻画不同重要程度的主机对网络风险贡献的差异性。仿真实验表明该方法更加契合网络实际情况,提高了评估的准确性。2.改进了基于博弈模型的网络风险量化评估方法。网络风险存在的根本原因与人的利益驱动有很大的关系,考虑到网络攻防博弈中人为因素对网络风险的影响,采用两人零和博弈模型描述网络攻防博弈过程,通过细化模型中的攻防策略,以较低的复杂度更为准确地计算博弈双方的收益;此外,对博弈双方的获利与代价指标进行了具体的分析与量化,为计算网络风险值提供参考依据;在网络风险计算过程中,通过对不同节点进行区分,突出了不同重要性节点的风险大小对网络安全状况影响的差异性。3.优化了基于马尔可夫博弈理论的风险评估方法。首先,将攻击威胁和漏洞信息分别进行归类处理,减小了状态空间,使得模型输入规模大大降低,提高了对大规模网络进行评估的效率;其次,依据攻击与漏洞严重程度的量化值给出了网络风险状况的量化评估,刻画更加直观且贴近风险产生根源;另外,考虑到资产之间风险状况的相互影响,增加了相邻节点对目标节点造成的潜在损失的计算部分,提高了评估的准确性。
[Abstract]:With the rapid development of computer and network technology, the problem of network security is becoming more and more prominent. The security risk assessment of network system is an important means to obtain and master the present and future security status of network information system. It is of great practical significance to reduce or eliminate the losses caused by various attacks on the network. The evaluation method based on rules or scanning tools has some limitations. Generally, it can only evaluate the network locally, or it can only check whether there are known weaknesses in the network system. In order to make a comprehensive risk assessment of the network system and find some new potential loopholes or the network risk caused by infiltration changes, we need to rely on the model-based evaluation method. At present, the existing network security risk quantitative evaluation methods based on the model generally ignore the network node correlation, and the computing efficiency is low, so it can not be applied to the large-scale network evaluation. It is impossible to distinguish the difference of asset risk in different important degree. In order to solve the above problems, this paper studies three aspects: the evaluation method based on hidden Markov model which can depict the risk state of each node in the network; This paper improves the quantitative evaluation method based on game theory, which can focus on the influence of artificial factors on network security in network attack and defense game, and synthesizes the advantages of the above methods. An optimized network security risk assessment method based on Markov game model is proposed. The specific work accomplished is as follows: 1: 1. A real-time network security risk quantitative evaluation method based on node correlation is proposed. In the process of quantitative evaluation of network security risk based on hidden Markov model, the problem of node correlation is solved by introducing network node correlation. The relative importance of host is considered to describe the difference of host's contribution to network risk. The simulation results show that the method is more consistent with the actual situation of the network and improves the accuracy of the evaluation. The network risk quantitative evaluation method based on game model is improved. The fundamental reason for the existence of network risk is closely related to people's interest drive. Considering the influence of human factors on network risk in network attack and defense game, the two-person zero-sum game model is used to describe the process of network attack and defense game. By refining the strategy of attack and defense in the model, the gains of both sides of the game can be calculated more accurately with lower complexity, in addition, the profit and cost indexes of both sides of the game are analyzed and quantified concretely. In the process of network risk calculation, the difference of the influence of different important nodes on network security status is highlighted by distinguishing different nodes. The risk assessment method based on Markov game theory is optimized. Firstly, the attack threat and vulnerability information are classified and processed separately, which reduces the state space, greatly reduces the input scale of the model, and improves the efficiency of evaluating the large-scale network. According to the quantitative value of attack and vulnerability severity, this paper gives a quantitative evaluation of network risk situation, depicts more intuitionistic and close to the source of risk, in addition, considering the mutual influence of risk condition between assets, The calculation part of the potential loss caused by the adjacent nodes to the target nodes is added, and the accuracy of the evaluation is improved.
【学位授予单位】:解放军信息工程大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
本文编号:2182099
[Abstract]:With the rapid development of computer and network technology, the problem of network security is becoming more and more prominent. The security risk assessment of network system is an important means to obtain and master the present and future security status of network information system. It is of great practical significance to reduce or eliminate the losses caused by various attacks on the network. The evaluation method based on rules or scanning tools has some limitations. Generally, it can only evaluate the network locally, or it can only check whether there are known weaknesses in the network system. In order to make a comprehensive risk assessment of the network system and find some new potential loopholes or the network risk caused by infiltration changes, we need to rely on the model-based evaluation method. At present, the existing network security risk quantitative evaluation methods based on the model generally ignore the network node correlation, and the computing efficiency is low, so it can not be applied to the large-scale network evaluation. It is impossible to distinguish the difference of asset risk in different important degree. In order to solve the above problems, this paper studies three aspects: the evaluation method based on hidden Markov model which can depict the risk state of each node in the network; This paper improves the quantitative evaluation method based on game theory, which can focus on the influence of artificial factors on network security in network attack and defense game, and synthesizes the advantages of the above methods. An optimized network security risk assessment method based on Markov game model is proposed. The specific work accomplished is as follows: 1: 1. A real-time network security risk quantitative evaluation method based on node correlation is proposed. In the process of quantitative evaluation of network security risk based on hidden Markov model, the problem of node correlation is solved by introducing network node correlation. The relative importance of host is considered to describe the difference of host's contribution to network risk. The simulation results show that the method is more consistent with the actual situation of the network and improves the accuracy of the evaluation. The network risk quantitative evaluation method based on game model is improved. The fundamental reason for the existence of network risk is closely related to people's interest drive. Considering the influence of human factors on network risk in network attack and defense game, the two-person zero-sum game model is used to describe the process of network attack and defense game. By refining the strategy of attack and defense in the model, the gains of both sides of the game can be calculated more accurately with lower complexity, in addition, the profit and cost indexes of both sides of the game are analyzed and quantified concretely. In the process of network risk calculation, the difference of the influence of different important nodes on network security status is highlighted by distinguishing different nodes. The risk assessment method based on Markov game theory is optimized. Firstly, the attack threat and vulnerability information are classified and processed separately, which reduces the state space, greatly reduces the input scale of the model, and improves the efficiency of evaluating the large-scale network. According to the quantitative value of attack and vulnerability severity, this paper gives a quantitative evaluation of network risk situation, depicts more intuitionistic and close to the source of risk, in addition, considering the mutual influence of risk condition between assets, The calculation part of the potential loss caused by the adjacent nodes to the target nodes is added, and the accuracy of the evaluation is improved.
【学位授予单位】:解放军信息工程大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
【参考文献】
相关期刊论文 前10条
1 刘刚;张宏;李千目;;基于博弈模型的网络安全最优攻防决策方法[J];南京理工大学学报;2014年01期
2 葛海慧;肖达;陈天平;杨义先;;基于动态关联分析的网络安全风险评估方法[J];电子与信息学报;2013年11期
3 杨宏宇;江华;;基于攻击图的多Agent网络安全风险评估模型[J];计算机科学;2013年02期
4 方明;徐开勇;杨天池;孟繁蔚;禹聪;;基于攻击图的分布式网络风险评估方法[J];计算机科学;2013年02期
5 刘刚;李千目;张宏;;信度向量正交投影分解的网络安全风险评估方法[J];电子与信息学报;2012年08期
6 张勇;谭小彬;崔孝林;奚宏生;;基于Markov博弈模型的网络安全态势感知方法[J];软件学报;2011年03期
7 王元卓;林闯;程学旗;方滨兴;;基于随机博弈模型的网络攻防量化分析方法[J];计算机学报;2010年09期
8 徐玮晟;张保稳;李生红;;网络安全评估方法研究进展[J];信息安全与通信保密;2009年10期
9 李伟明;雷杰;董静;李之棠;;一种优化的实时网络安全风险量化方法[J];计算机学报;2009年04期
10 姜伟;方滨兴;田志宏;张宏莉;;基于攻防博弈模型的网络安全测评和最优主动防御[J];计算机学报;2009年04期
相关博士学位论文 前1条
1 陈锋;基于多目标攻击图的层次化网络安全风险评估方法研究[D];国防科学技术大学;2009年
,本文编号:2182099
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2182099.html
