基于智能规划的网络安全风险评估

发布时间：2019-02-11 14:46

【摘要】：由于越来越复杂和多元化的网络结构及其应用需求,网络安全隐患多不胜数,单一安全设备针对特定安全威胁,难以保证网络系统安全。如何对现有的计算机网络系统进行综合有效的保护,网络安全风险评估是重要的指导方法,也是学术界开展主动防御研究的热点之一,对保障网络安全具有重要的研究价值。本文主要研究网络安全风险评估中智能规划技术的实现与应用,主要工作包括:针对已有脆弱性建模的层次单一,无法反映实际攻击场景中的细粒度渗透行为的不足,提出了一种基于智能规划的网络安全场景模型(Cyber Security Circumstance-Model,CSC-Model)。该模型包括网络模型、攻击方法库和攻击者行为模型三大组成部分。提出了Agent的概念模拟攻击者的实际网络渗透行为主体,并将网络场景建模下的风险过程分析转化为安全规划(Attack Planning Problem,APP)问题。具体来说是利用标准规划语言刻画CSC-Model本体世界和具体的问题目标,分别构成APP问题的规划域和问题域。利用智能规划算法搜索效率优于传统攻击图生成方法的特点,设计并实现了一个面向安全风险评估的规划引擎,根据APP问题定义,设计数据处理方法与语法翻译模块、选用高效的规划算法用于渗透方案规划,并设计攻击路径枚举算法生成攻击图,完成了风险关联过程分析。提出了基于最大攻击奖励期望的安全风险影响指标(Risk-impact Indicator,RI),讨论不同攻击想定下某一节点作为威胁源对网络级安全风险的影响,创新性地讨论出节点的最大攻击奖励期望可作为网络级安全风险影响指标的结论,进而确立风险影响指标RI的概念,进一步合理设定参数,定量分析网络的重要风险节点。最后完成了一个企业级网络安全风险评估的模拟分析,验证了智能规划方法的可用性和有效性和RI指标作为网络安全风险评估方法的合理性与实用价值。
[Abstract]:Because of the more and more complex and diversified network structure and its application requirements, there are numerous hidden dangers of network security, so it is difficult to ensure the security of network system by single security equipment aiming at specific security threats. How to protect the existing computer network system synthetically and effectively, the network security risk assessment is an important guiding method, is also one of the hot spots of active defense research in academic circles, and has important research value to ensure the network security. This paper mainly studies the realization and application of intelligent planning technology in network security risk assessment. The main work includes: aiming at the single level of existing vulnerability modeling, it can not reflect the deficiency of fine-grained infiltration behavior in actual attack scenarios. A network security scenario model (Cyber Security Circumstance-Model,CSC-Model) based on intelligent planning is proposed. The model consists of three parts: network model, attack method library and attacker behavior model. In this paper, the concept of Agent is proposed to simulate the actual network infiltration behavior of an attacker, and the risk process analysis under the network scenario modeling is transformed into a security planning (Attack Planning Problem,APP) problem. Specifically, the standard programming language is used to depict the CSC-Model ontology world and specific problem targets, which constitute the planning domain and problem domain of the APP problem, respectively. The search efficiency of intelligent planning algorithm is superior to that of traditional attack graph generation method. A security risk assessment oriented planning engine is designed and implemented. According to the definition of APP problem, the module of data processing and syntax translation is designed. The efficient planning algorithm is used in the infiltration scheme planning, and the attack path enumeration algorithm is designed to generate the attack graph, and the risk association process analysis is completed. In this paper, a security risk impact index (Risk-impact Indicator,RI) based on the expectation of maximum attack reward is proposed, and the influence of different attacks on network-level security risk by setting a node as a threat source is discussed. This paper discusses the conclusion that the expectation of maximum attack reward of nodes can be used as a network level security risk impact index, and then establishes the concept of risk impact index (RI), further reasonably sets parameters, and quantifies the important risk nodes of the network. Finally, a simulation analysis of enterprise network security risk assessment is completed, which verifies the availability and effectiveness of intelligent planning method and the rationality and practical value of RI index as a network security risk assessment method.
【学位授予单位】：国防科学技术大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【相似文献】