计算机工程与应用 ›› 2015, Vol. 51 ›› Issue (17): 96-101.

• 网络、通信、安全 • 上一篇    下一篇

一种融合多源数据的网络安全态势评估模型

陈  虹1,王  飞1,肖振久1,2,孙丽娜1   

  1. 1.辽宁工程技术大学 软件学院,辽宁 葫芦岛 125105
    2.中国传媒大学 计算机学院,北京 100024
  • 出版日期:2015-09-01 发布日期:2015-09-14

Network security situation assessment model fusing multi-source data

CHEN Hong1, WANG Fei1, XIAO Zhenjiu1,2, SUN Lina1   

  1. 1.School of Software, Liaoning Technical University, Huludao, Liaoning 125105, China
    2.School of Computer, Communication University of China, Beijing 100024, China
  • Online:2015-09-01 Published:2015-09-14

摘要: 网络安全态势评估是目前网络安全领域的研究热点之一。对国内外已有的网络安全态势评估方法进行了分析和比较,提出一种融合多源数据的网络安全态势定量评估模型。同时考虑主机和链路对网络安全态势的影响,将网络安全态势指标归纳为主机安全指标和链路安全指标。采用改进D-S证据理论融合日志记录、告警信息和其他探针数据,得到精简的主机安全事件集合和链路安全事件集合。依据相应的服务信息分别计算主机安全态势和链路安全态势,实现网络安全态势定量评估。通过网络仿真软件构建网络实例,对所提出的网络安全态势评估模型进行了验证,实验结果表明该模型可以准确地对网络安全态势进行定量评估,评估结果能够客观地反映网络安全态势的变化趋势。

关键词: 网络安全态势评估, 主机安全态势, 链路安全态势, D-S证据理论

Abstract: Network security situation assessment is one of the hottest topics in the field of network security. After analyzing and comparing the existing network security situation assessment methods at home and abroad, it proposes a network security situation quantitative assessment model fusing multi-source data. Considering the affection that the hosts and links have on the network security situation, network security situation indicators are grouped into host security indicators and link safety indicators. The streamlined host security event set and link security event set are gotten by using the improved D-S evidence theory to fuse logging, alarm, and other probe data. Network security situation quantitative assessment is implemented by computing the host security situation and the link security situation based on the corresponding service information. An instance is given to validate the proposed network security situation assessment model by network simulation software. Experimental results show that the model can accurately achieve the network security situation quantitative evaluation, and the assessment results can objectively reflect the trend of network security situation.

Key words: network security situation evaluation, host security situation, link security situation, D-S evidence theory