期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

计算机网络攻击效果评估技术研究 被引量:49

A Study on the Evaluation Technology of the Attack Effect of Computer Networks
下载PDF
导出
摘要 计算机网络攻击效果评估技术是信息系统安全评估中一个重要而具有挑战性的课题。目前 ,相关的理论尚不成熟 ,有关的研究报道较少。简要总结了当前已经存在的主要信息安全的评估方法 ,在此基础上 ,从便于实际度量和计算的角度出发 ,提出了基于网络信息熵的评估技术、基于系统安全层次分析的安全评估框架和基于指标分析的网络攻击效果综合评估技术等三种评估模型 。 The evaluation technology of the Attack Effect of computer networks is an important and challenging subject of security evaluation in information systems. Nowadays, corresponding theory is not mature and correlative research reports are few. In this paper several currently primary evaluation techniques of information security are concisely analyzed. Then three evaluation models, i.e., the evaluation technique based on network information entropy, the security evaluation framework based on analytical hierarchy and the synthetical evaluation technique based on analytical indexes, are presented in order to conveniently measure and estimate the attack effect. Finally, some problems which must be paid attention to in practice are pointed out.
作者 张义荣 鲜明 赵志超 肖顺平 王国玉
机构地区 国防科技大学电子科学与工程学院
出处 《国防科技大学学报》 EI CAS CSCD 北大核心 2002年第5期24-28,共5页 Journal of National University of Defense Technology
关键词 计算机网络 网络安全 攻击效果评估 网络熵 安全指标 层次分析法 network security attack effect evaluation network entropy security index Analytical Hierarchy Process (AHP)
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献8

  • 1江常青,吴世忠.一种信息系统安全测度的框架[J].信息安全与通信保密,2002,24(1):26-28. 被引量:9
  • 2Canada Communications Security Establishment. Canadian Trusted Computer Product Evaluation Criteria (V3.0e) [S]. 1993.
  • 3System Security Engineering Capability Maturity Model (SSE-CMM) [EB]. http://www.se-cat.com/ download/ download.html, 2000-09-06.
  • 4SSE-CMM Author Group. SSE-CMM (V2.0b) [M]. 1999.
  • 5The International Organization for Standardization. Information Technology-Code of Practice for Information Security Management[S],ISO/IEC 17799:2000(E), 2000.
  • 6The International Organization for Standardization. Common Criteria for Information Technology Security Evaluation-Part 1: Introduction and General Model[S],ISO/IEC 15408-1:1999(E), 1999.
  • 7The International Organization for Standardization. Common Criteria for Information Technology Security Evaluation-Part 2: Security Function Requirements[S],ISO/IEC 15408-2:1999(E), 1999.
  • 8The International Organization for Standardization. Common Criteria for Information Technology Security Evaluation-Part 3: Security Assurance Requirements[S],ISO/IEC 15408-3:1999(E), 1999.

二级参考文献11

  • 1[1]Control Objectives for Information and Related Technology (COBIT) 3rd Edition,Information Systems Audit and Control Foundation, July 2000.
  • 2[2]IT Baselines Protection Manual published by Bundesamt f ür.Sicherheit in der Informationstechnik (BSI)
  • 3[3]A Code of Practice for Information Security (ISO/17799: 2000)
  • 4[4]General Accounting Office, Federal Information System Control Audit Manual (FISCAM). GOA/AIMD-12.19.6,January 1999.
  • 5[5]SSE-CMM(r) (model). System Security Engineering Capability Maturity Model. Model Description, Version 2.0. April 1999.
  • 6[6]Capability Maturity Mode forSoftware. Version 1.1 February 1993
  • 7[7]Trusted Computer System Evaluation Criteria US National Computer Security Center. 1985. NCSC 5200.28-STD.
  • 8[8]Information Technology Security Evaluation Criteria Provisional Harmonized Criteria of France. Germany. Netherlands.and United Kingdom. Commission of theEuropean Communities. 1991
  • 9[9]Communications Security Establishment. Canada. Canadian Trusted Computer Product Evaluation Criteria Version 3.0e. January 993
  • 10[10]Common Criteria for Information Technology Security Evaluation (CC). Version 2.1 .August 1999.

共引文献8

同被引文献237

引证文献49

二级引证文献231

国防科技大学学报
2002年 第5期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部