基于免疫浓度的网络安全态势感知评估方法研究
发布时间:2019-03-08 08:18
【摘要】:在信息时代,信息生活深入人心,信息安全问题也层出不穷,发现并及时解决信息生活存在的安全问题是一个经常且永久的话题。网络安全态势感知是发现网络生活安全问题的方法之一,而网络安全态势评估作为态势感知的重点,网络安全问题的变化无常也要求评估方法应与时俱进,动态地发现网络安全事件并进行安全态势评估。生物免疫系统具有自适应性、自学习性、实时性等特点,生物体内的抗体能够识别并区分外来物质是否对生物体有害。当识别到有害抗原时,抗体的免疫浓度立即上升。免疫浓度的高低反映了生物体遭受入侵的程度,并且抗体在不断演化的过程中能够对已知和未知病毒进行识别。因此,本文将生物免疫原理应用于网络安全态势评估中,深入研究免疫浓度的网络安全态势评估方法,免疫浓度直接反映了网络的安全性态势。将正常网络行为抽象为自体、非法网络行为特征抽象为抗体,通过构建抗体演化模型,使得评估方法能够实时、动态地评估已知和未知非法网络行为对网络造成的影响。论文所做的工作主要为:首先,介绍了国内外将免疫学应用于安全领域以及网络安全态势评估的相关研究,对比分析了当前的态势评估方法,认为免疫学原理应用于态势评估中是可行的,并且能够实时、动态地反映网络的安全态势。其次,在构建安全态势的二级指标体系基础上,结合生物免疫学原理,提出了基于免疫浓度的三层网络安全态势评估模型。针对模型,给出了网络安全态势定量计算方法,并详细分析研究了抗体演化模型以及免疫浓度定量计算方法,给出了免疫浓度的级别划分。最后,按照免疫浓度的网络安全态势模型给出了一种评估方案的详细设计,搭建了实验测试网络环境以及评估系统,实现了从数据采集、评估计算到态势呈现的过程。实验测试结果表明,基于免疫浓度的网络安全态势评估方法能够对已知和未知非法网络行为进行实时、动态的评估。
[Abstract]:In the information age, information life is deeply rooted in people's hearts, and information security problems emerge one after another. It is a constant and permanent topic to discover and solve the security problems of information life in time. Network security situational awareness is one of the methods to discover network life security problems, and network security situation assessment as the focus of situation awareness, the volatile network security issues also require the assessment method to keep pace with the times. Dynamically discover network security incidents and conduct security situation assessment. Biological immune system has the characteristics of self-adaptability, self-learning, real-time and so on. Antibodies in organism can recognize and distinguish whether foreign substances are harmful to organisms or not. When a harmful antigen is recognized, the immune concentration of the antibody increases immediately. The level of immune concentration reflects the degree of invasion of organisms and the ability of antibodies to recognize known and unknown viruses in the evolving process. Therefore, this paper applies the biological immune principle to the network security situation assessment, and deeply studies the network security situation assessment method of immune concentration. The immune concentration directly reflects the network security situation. The normal network behavior is abstracted as self-body, and the illegal network behavior characteristic is abstracted as antibody. By constructing an antibody evolution model, the evaluation method can dynamically evaluate the impact of known and unknown illegal network behavior on the network in real-time and dynamically. The main work of this paper is as follows: firstly, this paper introduces the related research on the application of immunology in the field of security and network security situation assessment at home and abroad, and compares and analyzes the current situation assessment methods. It is considered that the application of immunological principle in situation assessment is feasible, and it can reflect the security situation of network in real time and dynamically. Secondly, a three-layer network security situation assessment model based on immune concentration is proposed based on the construction of a two-level index system of security situation and the principle of bio-immunology. According to the model, the quantitative calculation method of network security situation is given. The evolution model of antibody and the quantitative calculation method of immune concentration are analyzed and studied in detail, and the classification of immune concentration is given. Finally, according to the network security situation model of immune concentration, this paper gives a detailed design of the evaluation scheme, builds the network environment and the evaluation system of the experimental test, and realizes the process from the data collection, evaluation calculation to the presentation of the situation. The experimental results show that the network security situation assessment method based on immune concentration can evaluate the known and unknown illegal network behavior in real-time and dynamically.
【学位授予单位】:西安邮电大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.08
本文编号:2436612
[Abstract]:In the information age, information life is deeply rooted in people's hearts, and information security problems emerge one after another. It is a constant and permanent topic to discover and solve the security problems of information life in time. Network security situational awareness is one of the methods to discover network life security problems, and network security situation assessment as the focus of situation awareness, the volatile network security issues also require the assessment method to keep pace with the times. Dynamically discover network security incidents and conduct security situation assessment. Biological immune system has the characteristics of self-adaptability, self-learning, real-time and so on. Antibodies in organism can recognize and distinguish whether foreign substances are harmful to organisms or not. When a harmful antigen is recognized, the immune concentration of the antibody increases immediately. The level of immune concentration reflects the degree of invasion of organisms and the ability of antibodies to recognize known and unknown viruses in the evolving process. Therefore, this paper applies the biological immune principle to the network security situation assessment, and deeply studies the network security situation assessment method of immune concentration. The immune concentration directly reflects the network security situation. The normal network behavior is abstracted as self-body, and the illegal network behavior characteristic is abstracted as antibody. By constructing an antibody evolution model, the evaluation method can dynamically evaluate the impact of known and unknown illegal network behavior on the network in real-time and dynamically. The main work of this paper is as follows: firstly, this paper introduces the related research on the application of immunology in the field of security and network security situation assessment at home and abroad, and compares and analyzes the current situation assessment methods. It is considered that the application of immunological principle in situation assessment is feasible, and it can reflect the security situation of network in real time and dynamically. Secondly, a three-layer network security situation assessment model based on immune concentration is proposed based on the construction of a two-level index system of security situation and the principle of bio-immunology. According to the model, the quantitative calculation method of network security situation is given. The evolution model of antibody and the quantitative calculation method of immune concentration are analyzed and studied in detail, and the classification of immune concentration is given. Finally, according to the network security situation model of immune concentration, this paper gives a detailed design of the evaluation scheme, builds the network environment and the evaluation system of the experimental test, and realizes the process from the data collection, evaluation calculation to the presentation of the situation. The experimental results show that the network security situation assessment method based on immune concentration can evaluate the known and unknown illegal network behavior in real-time and dynamically.
【学位授予单位】:西安邮电大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.08
【参考文献】
相关期刊论文 前10条
1 马龙;孙江辉;杜程;;基于流量分析的网络态势感知系统研究[J];信息技术;2016年08期
2 汤永利;李伟杰;于金霞;闫玺玺;;基于改进D-S证据理论的网络安全态势评估方法[J];南京理工大学学报;2015年04期
3 程瑶;;基于AHP判断矩阵特征值计算的内部控制评价体系[J];河南师范大学学报(自然科学版);2015年01期
4 胡东星;;基于人工智能的信息网络安全态势感知技术[J];信息通信;2012年06期
5 姚书科;;网络安全态势要素指标体系研究[J];电子设计工程;2012年12期
6 张鹏涛;王维;谭营;;基于带有惩罚因子的阴性选择算法的恶意程序检测模型[J];中国科学:信息科学;2011年07期
7 苏志军;康丽娟;金诚志;;Linux环境下syslog日志系统研究[J];福建电脑;2010年04期
8 刘念;刘孙俊;刘勇;赵辉;;一种基于免疫的网络安全态势感知方法[J];计算机科学;2010年01期
9 李涛;;基于免疫的计算机病毒动态检测模型[J];中国科学(F辑:信息科学);2009年04期
10 韦勇;连一峰;;基于日志审计与性能修正算法的网络安全态势评估模型[J];计算机学报;2009年04期
,本文编号:2436612
本文链接:https://www.wllwen.com/shoufeilunwen/xixikjs/2436612.html
