摘要
为了评估网络系统的实时安全态势,针对现有方法评估对象局限于服务主机、未综合考虑攻防两方面信息等局限性,建立了一种网络安全态势量化评估模型。模型自上而下包括网络系统、设备、设备节点、攻击四个层次,涵盖了网络系统中的所有资源,采用先局部后整体的评估策略。运用隐马尔可夫模型从攻击威胁与自身风险两方面对设备节点的安全状况进行评估,最后加权求和得出网络系统的整体安全态势。实验结果表明,该评估方法能较好地反映网络系统的态势走向。
In order to estimate real-time security situation of the network, we build a quantified network security situation assessment mod- el aiming at the limitations of existing method that the evaluating objects are restricted to services hosts but not takes both the attack and de- fense information into consideration. The model has four levels from top to bottom, including the network system, equipments, equipment nodes and attacks, covers all resources in the network system, and the assessment strategy of "from part to whole" is adopted. The security condition of the equipments node is evaluated from both aspects of attacking threat and self risk based on hidden Markov model, and the whole security situation of network system is educed from weighted summarisation finally. Experimental results show that the method can well depict the situation trend of the network system.
出处
《计算机应用与软件》
CSCD
北大核心
2013年第12期64-68,共5页
Computer Applications and Software
基金
国家自然科学基金项目(61272486)
关键词
网络安全
态势评估
隐马尔可夫模型
模糊层次分析
Network security Situation assessment Hidden Markov model Fuzzy analytic hierarchy process