期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种改进的网络安全态势量化评估方法 被引量:69

An Improved Quantitative Evaluation Method for Network Security
在线阅读 下载PDF
导出
摘要 在基于隐马尔可夫模型的网络安全态势评估中,观测序列的获取和状态转移矩阵的确立是影响评估准确性的关键.目前观测序列多以随机方式获取,不能有效表征网络的安全性;而状态转移矩阵往往依据经验给出,具有很强的主观性.该文提出改进方法:首先,基于警报的统计特性提出警报质量的概念,依据警报质量获取的观测序列,可改进数据源的有效性;其次,基于安全事件和防护措施的博弈过程,提出确定状态转移矩阵的方法,并结合攻击成功的概率对其进行修正,提高状态转移矩阵的有效性.对比实验证明,基于改进算法生成的风险值对网络安全态势的量化更加合理. Obtaining high-quality observation sequence and establishing correct state transition matrix are important to assess network security situation based on Hidden Markov Models. Currently observation sequence is obtained at random, it can't ensure the effectiveness of data source; and state transition matrix is established based on experience, it is subjective. An improved method is presented in this paper. Firstly, it obtains observation sequence based on quality of alert, which can improve the effectiveness of data source. Secondly, it determines state transition matrix based on the game of attack and defense, and adopts the successful probability of attack to amend it, which can improve the effectiveness of the matrix. The experiment demonstrates the improved method is more accurate, and can reflect the trend of network security more reasonably.
作者 席荣荣 云晓春 张永铮 郝志宇
机构地区 中国科学院信息工程研究所
出处 《计算机学报》 EI CSCD 北大核心 2015年第4期749-758,共10页 Chinese Journal of Computers
基金 国家"八六三"高技术研究发展计划项目基金(2012AA012803 2013AA014703) 国家科技支撑计划基金(2012BAH46B02) 国家自然科学基金(61100188) 中国科学院知识创新基金(XDA06030200)资助~~
关键词 观测序列 状态转移矩阵 警报质量 博弈矩阵 攻击成功的概率 observation sequence state transition matrix quality of alerts game matrix success probability of attack
分类号 TP393 [自动化与计算机技术—计算机应用技术]
作者简介 席荣荣,女,1979年生,博士,助理研究员,中国计算机学会(CCF)会员,主要研究方向为网络安全、网络安全态势感知、网络测量.E-mail:xirongrong@lie.ac.cn. 云晓春,男,1971年生,博士,研究员,中国计算机学会(CCF)会员,主要研究领域为信息安全、计算机网络. 张永铮,男,1978年生,博士,研究员,中国计算机学会(CCF)会员,主要研究领域为网络安全. 郝志宇,男,1980年生,博士,副研究员,中国计算机学会(CCF)会员,主要研究方向为网络安全、网络安全测量、网络模拟.
  • 相关文献

参考文献19

  • 1Arnes A, Valeur F, Vigna G, et al. Using hidden markov models to evaluate the risks of intrusions//Proceedings of the Recent Advances in Intrusion Detection. Hamburg, Germany, 2006.. 145-164.
  • 2Haslum K, Moe M E G, Knapskog S J. Real-time intrusion prevention and security analysis of networks using HMMs// Proceedings of the 33rd IEEE Conference on Local Computer Networks. Montreal, Canada 2008.. 927-934.
  • 3李伟明,雷杰,董静,李之棠.一种优化的实时网络安全风险量化方法[J].计算机学报,2009,32(4):793-804. 被引量:48
  • 4Khreich W, Granger E, Miri A, et al. Adaptive ROC-based ensembles of HMMs applied to anomaly detection. Pattern Recognition, 2012, 45(1).. 208-230.
  • 5Rabiner L R. A tutorial on hidden Markov models and selected applications in speech recognition. Proceedings of the IEEE, 1989, 77(2): 257-286.
  • 6Arnes A, Sallhammar K, Haslum K, et al. Real-time risk assessment with network sensors and intrusion detection systems. Computational Intelligence and Security, 2005, 3802 : 388-397.
  • 7Jonsson E, Olovsson T. A quantitative model of the security intrusion process based on attacker behavior. IEEE Transac- tions on So:ltware Engineering, 1997, 23(4): 235-245.
  • 8Sendi A S, Dagenais M, Jabbarifar M, Couture M. Real time intrusion prediction based on optimized Alerts with Hidden Markov Model. Journal of Networks, 2012, 7(2): 311-321.
  • 9龚俭,梅海彬,丁勇,魏德昊.多特征关联的入侵事件冗余消除[J].东南大学学报(自然科学版),2005,35(3):366-371. 被引量:13
  • 10Ning P, Cui Y, Reeves D S. Constructing attack scenarios through correlation of intrusion alerts//Proceedings of the 9th ACM conference on Computer and Communications Security. New York, USA, 2002:245-254.

二级参考文献26

  • 1陆余良,夏阳.主机安全量化融合模型研究[J].计算机学报,2005,28(5):914-920. 被引量:29
  • 2王益丰,李涛,胡晓勤,宋程.一种基于人工免疫的网络安全实时风险检测方法[J].电子学报,2005,33(5):945-949. 被引量:30
  • 3陈秀真,郑庆华,管晓宏,林晨光.层次化网络安全威胁态势量化评估方法[J].软件学报,2006,17(4):885-897. 被引量:342
  • 4张永铮,方滨兴,迟悦,云晓春.网络风险评估中网络节点关联性的研究[J].计算机学报,2007,30(2):234-240. 被引量:52
  • 5Howard M, Pincus J, Wing J M. Computer Securing in the 21st Century. Springer, 2005:109-137
  • 6Ortalo R, Deswarte Y, Kaaniche M. Experimenting with quantitative evaluation tools for monitoring operational security. IEEE Transactions on Software Engineering, 1999, 25 (5) : 633-651
  • 7Ammann P, Wijesekera D, Kaushik S. Scalable, graphbased network vulnerability analysis//Proceedings of the 5th ACM Conference on Computer and Communications Security. Washington DC, USA, 2002:217-224
  • 8Gehani A, Kedem G. Rheostat: Real-time risk management//Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection. French Riviera, France, 2004:296-314
  • 9Jonsson E, Olovsson T. An empirical model of the security intrusion process//Proceedings of the 11th Annual Conference on Computer Assurance. Gaithersburg, 1996:176-186
  • 10Jonsson E, Olovsson T. A quantitative model of the security intrusion process based on attacker behavior. IEEE Transactions on Software Engineering, 1997, 23(4): 235-245

共引文献77

同被引文献479

引证文献69

二级引证文献775

计算机学报
2015年 第4期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
关于我们 | 版权声明 | 联系我们 | 帮助中心| 意见反馈
主办单位:上海市教育委员会
技术支持:重庆维普资讯有限公司
渝公网安备 50019002500403号
使用帮助 返回顶部