期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一个网络安全风险评估模型的研究与设计 被引量:8

RESEARCH ON THE DESIGN OF NETWORK RISK ASSESSMENT MODEL
下载PDF
导出
摘要 风险评估是综合的网络安全体系的基础和关键。在传统的风险评估中,大粒度的评测结果不能给管理员提供切实有用的信息。对此,提出了基于漏洞扫描和攻击效果评测的安全评估模型,采用自下而上、先局部后整体的层次化评估策略,利用服务和主机自身的重要性因子加权,分别计算服务、主机以及整个网络系统的风险指数,进而分析整个系统的安全态势。仿真试验测试表明,该模型能够准确评估服务、主机和网络系统3个层次的安全态势,在一定程度上提高了评估结果的准确性和一致性。 Risk evaluation is the foundation of network security management. In traditional risk evaluation, useful security information cannot be obtained from big granularity assessment results. To cope with the problem, a new model based on vulnerability scan and attack effect evaluation, is proposed, which adopts a hierarchical evaluation policy, called "bottom to top, local to global" , to calculate the risk exponents of service, host and network system respectively by weighting the importance of service and host. A prototype is initially implemented which can evaluate the security situation in three levels: service, host and network system. Experiments show that the system can improve accuracy and consistency of assessment in certain extent.
作者 冯妍 房鼎益 陈晓江
机构地区 西北大学计算机科学系
出处 《计算机应用与软件》 CSCD 北大核心 2007年第5期28-31,共4页 Computer Applications and Software
基金 本文受陕西省自然科学基金(2003F20) 航空科学基金(03F31007)资助
关键词 网络安全 风险评估 脆弱性 攻击 风险指数 Network security Risk evaluation Vulnerability Attack Risk exponent
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献7

  • 1冯登国,张阳,张玉清.信息安全风险评估综述[J].通信学报,2004,25(7):10-18. 被引量:308
  • 2Tripunitara M V,Dutta P,Spafford G.Security assessment of IP-based networks:A holistic approach.Department of Computer Sciences,Purdue University:Technical Report CERIAS TR 99-02,1999.http://www.isoc.org/inet99/proceedings/4k/4k_3.htm.
  • 3Char Vander Walt.Assessing Internet Security Risk.Part One:What is Assessment[EB/OL].Las Vegas:SensePost,2002-7-18,http://www.linuxsecurity.com/content/view/117699/49/.
  • 4科学管理咨询公司.信息安全管理概论―BS7799理解与实施[M].北京:机械工业出版社,2002-4.
  • 5孙强,陈伟,王东红.信息安全管理[M].北京:清华大学出版社,2004.
  • 6Matt Bishop,David Bailey.A Critical Analysis of Vulnerability Taxonomies[R].Department of Computer Science,University of California Davis:Technical Report CSE-96-11,1996.http://seclab.cs.ucdavis.edu/projects/vulnerabilities/scriv/ucd-ecs-96-11.pdf.
  • 7Tim Bass,Roger Robichaux.Defense-In-Depth Revisited:Qualitative Risk Analysis Methodology for Complex Network-Centric Operations[EB/OL].New York:IEEE MILCOM,2002-7-23,Http://www.silkroad.com/papers/pdf/archives/defense-in-depth-revisited-original.pd.

二级参考文献5

  • 1United States General Accounting Office, Accounting and Information Management Division. Information Security Risk Assessment[Z]. Augest 1999.
  • 2National Institute of Standards and Technology. Special Publications 800-30, Risk Management Guide(DRAFT)[Z]. June 2001.
  • 3BUTLER S A, FISCHBECK P. Multi-Attribute Risk Assessment, Technical Report CMD-CS-01-169[R]. December 2001.
  • 4BUTLER S A. Security Attribute Evaluation Method: A Cost-Benefit Approach[Z]. Computer Science. Department, 2001.
  • 5PELTIER T R. Information Security Risk Analysis[Z]. Rothstein Associates Inc, 2001.

共引文献319

同被引文献41

引证文献8

二级引证文献59

计算机应用与软件
2007年 第5期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部