Computer Engineering and Applications ›› 2011, Vol. 47 ›› Issue (36): 12-15.

• 博士论坛 • Previous Articles     Next Articles

Research on dynamical real-time risk assessment of network security

LIAO Niandong1,YI Yu1,HU Qi2   

  1. 1.College of Computer and Communication,Changsha University of Science and Technology,Changsha 410114,China
    2.College of Computer and Information Technology,Beijing Jiaotong University,Beijing 100044,China
  • Received:1900-01-01 Revised:1900-01-01 Online:2011-12-21 Published:2011-12-21

动态实时网络安全风险评估研究

廖年冬1,易 禹1,胡 琦2   

  1. 1.长沙理工大学 计算机与通信工程学院,长沙 410114
    2.北京交通大学 计算机与信息技术学院,北京 100044

Abstract: Risk assessment is a hotspot issue in current network security management.However,current risk assessment methodologies focus on manual risk analysis of network during system design or through periodic reviews.Techniques for real-
time risk assessment of network security are scarce.This paper proposes a novel real-time risk assessment method for large scale networks that build upon existing network monitoring and Intrusion Detection Systems(IDS).Different from most other risk assessment methods,the approach treats the risk assessment problem as a dynamical real-time inference problem rather than a static statistical filter problem using Fuzzy Logic and Petri Nets method(FLPN).FLPN can describe the relationship between different steps carried out by intruders,alert observations and transition actions separately,and associate each intrusion state with a probability(or confidence).Experimental results clearly show that it can locate the attackers in a short time,predict intruders’ next possible attack action,discover the potential network security risk and provide the confidence scores of risk assessment.This method can play an important role for network security assessment.

Key words: risk assessment, Petri nets, fuzzy logic, intrusion detection system

摘要: 风险评估是当前网络安全管理的一个热点议题。然而,当前的风险评估方法关注的焦点是在系统设计过程或者通过定期的调查期间进行手动网络风险分析,实时的网络安全风险评估技术是很少的。通过构建在存在的网络监控和入侵检测提出了一种针对大规模网络的实时风险评估方法。不同于大多数其他风险评估方法,采用模糊逻辑和Petri网方法(FLPN)对待风险评估是作为一个动态实时推理过程,而不是静态统计过滤问题。FLPN方法能够描述被入侵检测、报警观察和攻击传递行为完成的不同攻击步骤之间的关系,且用概率(或置信度)关联每一个攻击状态。实验结果清晰表明所提方法可以在短时间内定位攻击,预报攻击的后续攻击行为,发现潜在的网络安全风险和提供可信的风险评估的信任分数。所以该方法可以在网络安全风险评估中扮演一个重要的角色。

关键词: 风险评估, Petri网, 模糊逻辑, 入侵检测系统