Abstract: Network security situation assessment is one of the hottest topics in the field of network security. After analyzing and comparing the existing network security situation assessment methods at home and abroad, it proposes a network security situation quantitative assessment model fusing multi-source data. Considering the affection that the hosts and links have on the network security situation, network security situation indicators are grouped into host security indicators and link safety indicators. The streamlined host security event set and link security event set are gotten by using the improved D-S evidence theory to fuse logging, alarm, and other probe data. Network security situation quantitative assessment is implemented by computing the host security situation and the link security situation based on the corresponding service information. An instance is given to validate the proposed network security situation assessment model by network simulation software. Experimental results show that the model can accurately achieve the network security situation quantitative evaluation, and the assessment results can objectively reflect the trend of network security situation.

Key words: network security situation evaluation, host security situation, link security situation, D-S evidence theory

摘要： 网络安全态势评估是目前网络安全领域的研究热点之一。对国内外已有的网络安全态势评估方法进行了分析和比较，提出一种融合多源数据的网络安全态势定量评估模型。同时考虑主机和链路对网络安全态势的影响，将网络安全态势指标归纳为主机安全指标和链路安全指标。采用改进D-S证据理论融合日志记录、告警信息和其他探针数据，得到精简的主机安全事件集合和链路安全事件集合。依据相应的服务信息分别计算主机安全态势和链路安全态势，实现网络安全态势定量评估。通过网络仿真软件构建网络实例，对所提出的网络安全态势评估模型进行了验证，实验结果表明该模型可以准确地对网络安全态势进行定量评估，评估结果能够客观地反映网络安全态势的变化趋势。

关键词: 网络安全态势评估, 主机安全态势, 链路安全态势, D-S证据理论