基于粗糙集的网络安全态势感知方法研究

发布时间：2019-06-21 13:37

【摘要】：随着计算机网络的迅速发展,网络本身存在的薄弱环节、各种网络攻击方式层出不穷以及种类繁多的自动化攻击工具涌现,当前各种网络入侵呈现上升势头,网络安全事件频发。网络安全态势感知技术面对大规模网络环境承担着重要任务,它将网络安全的监测提高到一个较高的层次。网络安全态势感知作为信息时代的热门方向,在加快灾难反应速度,提升反抗能力,降低危害损失等地方起到关键作用。网络安全态势感知系统可以进行如下划分,即获取安全信息阶段、理解态势阶段、评估态势阶段、可视化展示以及趋势展望阶段等。本文的目的是研究网络安全态势感知系统,通过高速高效的网络扫描系统,利用粗糙集中的属性约简等有效地削减冗余属性,对安全要素进行客观地确定,通过对扫描得到的结果分析建立感知评估模型,进而提高网络安全评估的客观性和准确性。网络安全管理员利用基于粗糙集的网络安全评估模型能够对系统的威胁性予以及时发现,并且采取相应措施,最终实现网络系统的可持续性发展。本文的主要工作,首先是针对随机化扫描任务地址块,分布式端口扫描以及不维护连接状态的快速扫描,响应数据包的校验,指纹堆栈技术识别和漏洞关联等技术的研究。该高速高效的区域性网络扫描系统可以胜任区域性乃至全球性的网络扫描任务,该系统采用分布式的架构,能够根据扫描任务需求生成扫描策略,扫描任务通过下放到多终端实现,接着获得服务版本与漏洞,获取安全配置,对态势进行客观分级评估。接着本文考虑在不完备系统下使用粗糙集的方法对网络要素进行理解和评估,建立不完备信息系统下的基于粗糙集的网络安全态势感知模型,通过对属性的约简以及对属性值量化分级,得到安全态势值以实现评估。
[Abstract]:With the rapid development of computer network, there are weak links in the network itself, a variety of network attack methods emerge in endlessly and a wide variety of automatic attack tools emerge. At present, all kinds of network intrusion show an upward trend, and network security events occur frequently. Network security situational awareness technology plays an important role in the face of large-scale network environment, which improves the monitoring of network security to a higher level. As a hot direction in the information age, network security situational awareness plays a key role in speeding up disaster response, improving resistance ability, reducing harm loss and so on. The network security situational awareness system can be divided into the following stages: obtaining security information stage, understanding situation stage, evaluating situation stage, visual display and trend prospect stage and so on. The purpose of this paper is to study the network security situational awareness system, through the high-speed and efficient network scanning system, the use of rough set attribute reduction and other effective reduction of redundant attributes, the objective determination of security elements, through the analysis of the scanning results to establish a perception evaluation model, so as to improve the objectivity and accuracy of network security assessment. The network security administrator can detect the threat of the system in time by using the network security assessment model based on rough set, and take corresponding measures to realize the sustainable development of the network system. The main work of this paper is as follows: firstly, the research on randomization scanning task address block, distributed port scanning and fast scanning without maintaining connection state, response packet verification, fingerprint stack technology identification and vulnerability association and so on. The high-speed and efficient regional network scanning system can be competent for regional and even global network scanning tasks. the system adopts distributed architecture and can generate scanning strategy according to the requirements of scanning tasks. Scanning tasks can be realized by devolving to multiple terminals, then service versions and vulnerabilities are obtained, security configuration is obtained, and the situation is evaluated objectively. Then, this paper considers the method of rough set to understand and evaluate the network elements in incomplete system, and establishes the network security situation awareness model based on rough set in incomplete information system. Through the reduction of attributes and the quantitative classification of attribute values, the security situation value is obtained to realize the evaluation.
【学位授予单位】：兰州大学
【学位级别】：硕士
【学位授予年份】：2015
【分类号】：TP393.08

【参考文献】