期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于动态关联分析的网络安全风险评估方法 被引量:22

Quantitative Evaluation Approach for Real-time Risk Based on Attack Event Correlating
下载PDF
导出
摘要 该文针对入侵检测系统(IDS)实时报警具有关联性的特点,对一定时间间隔内的报警事件进行动态关联分析,在此基础上提出一种实时的风险评估方法。首先,考虑到安防措施强度与节点漏洞对攻击执行结果的影响,提出了攻击成功率算法;其次,提出攻击威胁度算法,较好地区分了多步关联性攻击行为连续发生与多个孤立攻击行为单独发生之间的威胁度差异;最后利用各节点风险态势值加权计算系统整体的风险态势值,从而获得系统实时的风险态势曲线图。为了验证所提方法的有效性,搭建了攻击测试平台,实验结果表明该方法是科学的、有效的,能够提高评估结果准确度,为安全管理员及时改进安防策略提供了重要依据。 The alarms of Intrusion Detective System (IDS) are correlated and analyzed dynamically in a certain interval of time according to the relevant characteristics of real-time alarms. On this basis, a quantitative evaluation approach for real time risk is proposed. Firstly, considering the influence of the strength of security measures and vulnerabilities to attacking results, the attacking success probability algorithm is proposed. Secondly, the attacking threat degree algorithm is proposed, and it can better reflect the difference of threat degree between continuous multi-step attacks and multiple isolated attacks. Finally, the risk situation graph of network nodes is achieved by the weighted sum of each node risk situation value. To verify the validity of the method, a testing platform is built. Experiments show that the method can improve the accuracy of evaluation results, and will help to optimize the safety strategy.
作者 葛海慧 肖达 陈天平 杨义先
机构地区 北京邮电大学信息安全中心 空军工程大学信息与导航学院
出处 《电子与信息学报》 EI CSCD 北大核心 2013年第11期2630-2636,共7页 Journal of Electronics & Information Technology
基金 国家自然科学基金(61003285 61202082) 北京邮电大学青年科研创新计划专项人才培育项目(2012RC0218)资助课题
关键词 网络安全 风险评估 入侵检测系统报警 事件关联分析 Network security Risk evaluation Intrusion Detective System (IDS) alert Event correlating analysis
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献12

  • 1Cuppens F and Miege A. Alert correlation in a cooperative intrusion detection framework[C]. Proceedings 2002 IEEE Symposium on Security and Privacy. Oakland, 2002: 202- 215.
  • 2Qin X Z and Lee W K. Statistical causality analysis of INFOSEC alert data[C]. Recent Advances in Intrusion Detection 6th International Symposium, Pittsburgh, 2003, Vol. 2820: 73-93.
  • 3Gorodetsky V, Karsaev 0, and Samoilov V. On-line update of situation assessment based on asynchronous data streams[C]. Knowdedge-Based Intelligent Information and Engineering Systems, Wellington, 2004, Vol. 3213: 1136- 1142.
  • 4Yegneswaran V, Barford P, and Paxson V. Using Honeynets for Internet situational awareness[CIOL]. Proceedings of the Fourth Workshop on Hot Topics in Networks, Berlin, 2005. http://www.icir .otg] vein] papers 1 sit-aware- hotnet05. pdf.
  • 5Hariri S, Qu G Z, Dharrnagadda T, et al. Impact analysis of faults and attacks in large-scale networks[J]. IEEE Security & Privacy, 2003, 1(5): 49-54.
  • 6Mohammad Salim Ahmed, Ehab Al-Shaer , Mohamed Taibah, et al. Objective risk evaluation for automated security management[J]. Journal of Network and Systems Management, 2011, 19(3): 343-366.
  • 7Du Su-guo, Li Xiao-long, Du Jun-bo, et al . An attack?and-defence game for security assessment in vehicular Ad hoc networks[J]. Peer-to-Peer Networking and Applications, 2012, DOl: 1O.1007/s12083-012-0127-9.
  • 8刘志杰,王崇骏.一个基于复合攻击路径图的报警关联算法[J].南京大学学报(自然科学版),2010,46(1):56-63. 被引量:2
  • 9陈锋,刘德辉,张怡,苏金树.基于威胁传播模型的层次化网络安全评估方法[J].计算机研究与发展,2011,48(6):945-954. 被引量:32
  • 10刘刚,李千目,张宏.信度向量正交投影分解的网络安全风险评估方法[J].电子与信息学报,2012,34(8):1934-1938. 被引量:16

二级参考文献50

  • 1冯登国,张阳,张玉清.信息安全风险评估综述[J].通信学报,2004,25(7):10-18. 被引量:307
  • 2陆余良,夏阳.主机安全量化融合模型研究[J].计算机学报,2005,28(5):914-920. 被引量:28
  • 3鲍旭华,戴英侠,冯萍慧,朱鹏飞,魏军.基于入侵意图的复合攻击检测和预测算法[J].软件学报,2005,16(12):2132-2138. 被引量:40
  • 4陈秀真,郑庆华,管晓宏,林晨光.层次化网络安全威胁态势量化评估方法[J].软件学报,2006,17(4):885-897. 被引量:341
  • 5Anderson J P. Computer security threat monitoring and surveillance. Technical Report. Fort Washington, Pennsylvania: 1980.
  • 6Debar H, Wespi A. Aggregation and correlation of Intrusion Detection Alerts. Proceedings of the 4^th International Symposium on Recent Advances in Intrusion Detection (RAID), 2001, 2212: 85-103.
  • 7Dain O, Cunningham R. Building scenarios from a heterogeneous alert system. Proceedings of the 2001 IEEE Workshop on Information Assurance and Security, 2001, 231-235.
  • 8Porras P A, Neumann P G. EMERALD: Event monitoring enabling responses to anomalous live disturbances. Proceedings of the 20^h National Information Systems Security Conference, 1997, 353-363.
  • 9Valdes A, Skinner K. Probabilistic alert correlation. Proceedings of the 4^th International Symposium on Recent Advances in Intrusion Detection, 2001, 2212: 54-68.
  • 10Cuppens F, Mieqe A. Alert correlation in cooperative intrusion detection framework. Proceedings of the 2002 IEEE Symposium on Security and Privacy, 2002, 202-215.

共引文献384

同被引文献150

引证文献22

二级引证文献143

电子与信息学报
2013年 第11期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部