期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

网络安全事件危害度的量化评估 被引量:5

Detriment quantitative assessment of the network security incidents
下载PDF
导出
摘要 为评价安全事件造成的危害程度,从网络系统可用性的角度出发提出基于性能指标的网络安全事件危害度量化评估方法.选取路由器节点与链路等网络底层关键组成部分的性能评价指标,利用网络熵值量化描述网络底层性能属性,用网络熵值在安全事件攻击前后的变化来度量攻击对网络可用性的影响程度.搭建了大规模网络蠕虫攻击事件模拟试验平台,采用省级节点的实际网络环境进行验证.实验结果表明,在攻击发生时,选取的底层性能指标能有效反映网络的危害程度,省级节点实验更一步验证该方法能有效地应用于大规模网络可用性量化评估中. From the point of view on the network system availability,to evaluate the harm caused by security incidents,a performance-based quantification assessment method of network security is proposed.The method references the concept of entropy in information theory to quantify the performance indexes by choosing router nodes,and compares these index changes in the entropy before and after the security incident to measure the impact on the network.Worm simulation and actual provincial nodes experiment show that the proposed approach can be effectively applied to the quantification assessment of large-scale network availability.
作者 何慧 张宏莉 王星 曲晶莹
机构地区 哈尔滨工业大学计算机科学与技术学院
出处 《哈尔滨工业大学学报》 EI CAS CSCD 北大核心 2012年第5期66-70,共5页 Journal of Harbin Institute of Technology
基金 国家重点基础研究发展规划资助项目(2011CB302605) 国家高技术研究发展计划资助项目(2010AA012504 2011AA010705) 国家自然科学基金资助项目(60903166 61173145)
关键词 网络安全 网络可用性 信息熵 量化评估 性能指标 network security network availability entropy in information theory quantification assessment performance index
分类号 TP393.4 [自动化与计算机技术—计算机应用技术] TP309.5 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献12

  • 1冯登国,张阳,张玉清.信息安全风险评估综述[J].通信学报,2004,25(7):10-18. 被引量:308
  • 2RITCHEY R, AMMANN P. Using model checking to analyze network vulnerabilities [ C ]//Proceedings of the IEEE Symp on Security and Privacy. Berkeley: IEEE Computer Society Press, 2000 : 156 - 165.
  • 3邢栩嘉,林闯,蒋屹新.计算机系统脆弱性评估研究[J].计算机学报,2004,27(1):1-11. 被引量:84
  • 4ZOU C C, TOWSLEY D, GONG Weibo. Modeling and simulation study of the propagation and defense of internet E-mail worms [ J ]. IEEE Transactions on dependable and Secure Computing, 2007, 4(2) :115 - 120.
  • 5CLARK K, TYREE S, DAWKINS ], et al. Qualitative and quantitative analytical techniques for network security assessment [ C ]//Proceedings of the 2004 IEEE Workshop on Information Assurance and Security. NY: IEEE Computer Society Aress, 2004 : 10 - 11.
  • 6CARDOSO R C, FREIRE M M. Intelligent assessment of distributed security in TCP/IP networks [C]//Proceedings of 7th IEEE International Conference on High Speed Networks and Multimedia Communications. LNCS, Toulouse : Spinger-verlay, 2004 : 1092 - 1099.
  • 7LAKHINA A, CROVELLA M, DIOT C. Mining anomalies using traffic feature distributions [ C ]//Proceedings of the ACM SIGCOMM. NY: ACM Press, 2005:225 - 231.
  • 8JAJODIA S, NOEL S, O' BERRY B. Managing Cyber Threats : Approaches and Challenges [ M ]. NY : Spring er-Verlag, 2005:247 -266.
  • 9张义荣,鲜明,王国玉.一种基于网络熵的计算机网络攻击效果定量评估方法[J].通信学报,2004,25(11):158-165. 被引量:55
  • 10RILEY G F. The Georgia Tech Network Simulator [ C ]//Proceedings of the ACM SIGCOMM Workshop on Models, Methods and Tools for Reproducible Network Research. [ S. 1. ] : ACM Press, 2003 : 5 - 12.

二级参考文献47

  • 1United States General Accounting Office, Accounting and Information Management Division. Information Security Risk Assessment[Z]. Augest 1999.
  • 2National Institute of Standards and Technology. Special Publications 800-30, Risk Management Guide(DRAFT)[Z]. June 2001.
  • 3BUTLER S A, FISCHBECK P. Multi-Attribute Risk Assessment, Technical Report CMD-CS-01-169[R]. December 2001.
  • 4BUTLER S A. Security Attribute Evaluation Method: A Cost-Benefit Approach[Z]. Computer Science. Department, 2001.
  • 5PELTIER T R. Information Security Risk Analysis[Z]. Rothstein Associates Inc, 2001.
  • 6Bishop M. , Bailey D.. A critical analysis of vulnerability taxonomies. Department of Computer Science, University of California at Davis: Technical Report CSE-96-11, 1996
  • 7Longley D. , Shain M. , Caelli W.. Information Security: Dictionary of Concepts, Standards and Terms. New York: Macmillan, 1992
  • 8Beizer B.. Software Testing Techniques. 2nd edition. International Thomson Computer Press, 1990
  • 9Farmer D. , Spafford E. H.. The COPS security checker system. Purdue University, West Lafayette: Technical Report,Coast TR 94-01, CSD-TR-993, 1990
  • 10Baldwin R. W.. Kuang: Rule-based security checking. Programming Systems Research Group, Lab for Computer Science, MIT, Massachusetts: Technical Report, 1994

共引文献433

同被引文献45

引证文献5

二级引证文献8

哈尔滨工业大学学报
2012年 第5期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部