摘要
安全评估是贯穿信息系统生命周期的重要管理手段,是制定和调整安全策略的基础和前提。结合服务、主机的重要性和网络信息系统的体系结构,基于入侵检测系统(IDS,Intrusion Detection System)报警信息和流量感知信息,采用自下而上、先局部后整体的方式评估网络系统的整体安全态势。采用网络熵的方法评估节点服务性能的变化情况,根据链路性能下降程度,有效地界定不同强度和不同种类的网络威胁行为对网络信息系统造成的损失程度,进而对网络信息系统安全态势进行准确评估。
Evaluating security threat status is of great importance among information system lifecycle management and analyzing techniques,which is the basic requirement for designing and adjusting system security policy. Combined with the importance of services,hosts and architecture of network information system,aggregated of IDS alarming information and net flow awareness data,the scheme adopts a bottom up,part-to-whole way to evaluate overall security situation of network systems. This paper evaluates performance of node service by network entropy theory. With the knowledge of link performance degradation,one can effectively assess the extent of damage that network information systems encounter caused by threats of different intensity and category. Thus accuracy evaluation of network information system security situation is available.
出处
《通信技术》
2014年第7期815-820,共6页
Communications Technology
关键词
网络态势
感知
网络熵
态势评估模型
situation
awareness
network entropy
situation evaluation model
