摘要
分析比较了已有的安全态势评估方法,提出了一种基于时间维的网络安全态势评估方法,重点论述网络安全态势短期评估与长期评估使用不同方法的必要性。其中短期评估以防火墙、入侵检测等安全设备产生的告警信息作为数据基础,依据告警确定目的主机的状态得分进而得到整体短期安全态势;长期评估指标体系将短期评估结果纳入其中,综合静态指标数据,以熵值法确定指标权重。此评估方法将网络安全态势短中长期评估细分,弥补了态势评估在时间段划分方面的缺失。
After analyzing and comparing the existing security situation assessment methods, a network security situation assessment method was proposed based on time dimension, which focused on the necessity of using different methods for short- term and long-term assessment respectively. Based on the alarm information which came from security device such as firewall and Intrusion Detection Systems (IDS), the whole short-term situation was got according to the score of destination host. Combining the result of short-term assessment and static index, the weight of long-term assessment system was determined by entropy method. The proposed assessment method divides network security situation into short-term and long-term, and makes up for the lack of setting situation assessment boundaries in terms.
出处
《计算机应用》
CSCD
北大核心
2013年第12期3506-3510,共5页
journal of Computer Applications
关键词
网络安全态势
主机评估
动态修正
日志审计
熵值法
network security situation
host assessment
dynamic correction
audit log
entropy