层次化动态网络入侵风险量化评估仿真研究

Simulation of Quantitative Evaluation of Invasion Risk for Hierarchical Dynamic Network

准确地评估层次化动态网络入侵风险是提高网络安全性的关键。传统的入侵风险评估方法利用D-S证据理论融合入侵报警信息获得攻击者的攻击行为,预测其攻击意图以及攻击规则,对于未威胁到网络正常运行的入侵攻击也进行报警,评估结果与实际攻击强度偏差较大,存在报警数量大、误报率高等缺陷,提出了一种基于人工免疫的层次化动态网络入侵风险量化评估方法。根据动态网络漏洞收集和入侵攻击事件捕获构建入侵攻击行为节点,将防御对策映射成防御行为节点描述动态网络漏洞成功利用概率、攻击成本、防御成本以及网络损失度等参数,采用ADTool工具构成入侵攻防树和节点参数值,引入入侵攻击回报与防御回报的概念作为动态网络入侵风险评估的依据,将人工免疫原理应用于入侵风险评估,模拟人体记忆细胞对外部抗原的免疫过程,利用克隆选取方法增扩抗体浓度评估层次化动态网络入侵风险。实验结果表明,所提方法更真实地反映层次化动态网络所面临的入侵风险,减少了报警数量、降低了误差率。

Accurately assessing intrusion risk of hierarchical dynamic network is the key to improve network secu- rity. The traditional invasion risk assessment methods use D - S evidence theory to fuse intrusion alarm information, and evaluation results have large deviation with actual attack intensity. Therefore, we propose a method of quantita- tive assessment of invasion risk in hierarchical dynamic network based on artificial immunity. According to the collec- tion of dynamic network vulnerabilities and capture of intrusion attacks, we set up nodes of intrusion attacks. Then, the defense strategy is mapped to defense behavior node describing that the dynamic network vulnerabilities success- fully used probability, attack cost, defense costs and network loss degree. Moreover, we use AD Tool to constitute the attack and defense tree of invasion and the node parameters, and introduce the concept of intrusion attack report and defensive report as the basis of intrusion risk assessment in dynamic network. Finally, artificial immunity is ap- plied to invasion risk assessment to simulate the immune process of antigen of human memory ceils. The clone selec- tion method is used to enlarge antibody concentration and assess invasion risk in hierarchical dynamic network. Simu- lation results show that the proposed method can reflect the invasive risk faced by hierarchical dynamic network more truly, which reduces the number of alarms and the error rate.