摘要
安全态势评估是近年来国内外在网络安全领域的研究热点之一.对已有的安全态势评估方法进行了详细分析和比较,针对网络安全中多数据源的特点,提出基于信息融合的网络安全态势评估模型,引入改进的D-S证据理论将多数据源信息进行融合,利用漏洞信息和服务信息,经过态势要素融合和节点态势融合计算网络安全态势,绘制安全态势曲线图,同时对态势计算结果进行时间序列分析,从而实现网络安全趋势的预测.最后利用网络实例数据,对所提出的网络安全态势评估模型和算法进行了验证,结果表明该模型比已有成果更加有效和准确.
Security situational awareness has become a hot topic in the area of network security research in recent years, which attracts the interest of more and more domestic and foreign researchers. The existing security situational awareness methods are analyzed and compared in detail. Considering the characteristics of multi-source information in network security research, a new network security situational awareness model based on information fusion is proposed. This model fuses multi-source information from a mass of logs by introducing the modified D-S evidence theory, gets the values of nodes security situational awareness by situational factors fusion using attacks threat and vulnerability information which network nodes have and successful attacks depend on, computes the value of network security situational awareness by nodes situation fusion using service information of the network nodes, and draws the security-situation-graph of network. Then, it analyzes the time series of the computing results by ARMA model to forecast the future threat in network security. Finally an example of actual network datasets is given to validate the network security situational awareness model and algorithm. The results show that this model and algorithm is more effective and accurate than the existing security situational awareness methods.
出处
《计算机研究与发展》
EI
CSCD
北大核心
2009年第3期353-362,共10页
Journal of Computer Research and Development
基金
国家"八六三"高技术研究发展计划基金项目(2006AA01Z437
2007AA01Z475
2006AA01Z412
2006AA01Z433)~~
关键词
安全态势评估
信息融合
D—S证据理论
时间序列分析
预测
security situational awareness
information fusion
D-S evidence theory
time seriesanalysis
forecast
