摘要
目前,传统系统安全状态评估准则多为定性评估,其不足之处是不能量化风险,而定量评估方法大多存在评估不全面、识别攻击的精确率较低等问题。攻击识别技术对网络安全度量具有重要作用,文章采用静态评估与动态评估相结合的资产威胁脆弱性管理网络安全度量模型。静态评估使用AHP层次分析法,结合通用漏洞评分系统给出资产漏洞评分和管理评分。动态评估使用Dw-K-means++算法和XGBoost方法相结合,优化攻击识别的效果。综合静态评估与动态评估,给出网络系统总体的评估结果。文章使用公开数据集CICIDS2017证明了Dw-K-means++算法在大型数据集上的聚类优势,同时使用基于仿真实验的数据验证了网络安全度量模型的有效性。
At present, most of the traditional system security state assessment criteria are qualitative assessment, The disadvantage of this method is that it can not quantify the risk, and there are many kinds of quantitative assessment methods, most of which have the problems of incomplete assessment and low accuracy of attack identification. Attack-based identification plays an important role in network security measurement, this paper proposed a network security measurement model of asset threat vulnerability management, which combined static assessment with dynamic assessment. Static evaluation used AHP analytic hierarchy process, combined with common vulnerability scoring system vulnerability evaluation system to rate asset vulnerability and management. In the aspect of dynamic evaluation, the combination of DW-K-means++ algorithm and XGBoost method were used to improve the effect of attack recognition. The overall evaluation results of the network system are given by combining static and dynamic evaluation. This paper uses public dataset CICIDS2017 to prove the clustering advantage of DW-K-means++ algorithm on large dataset.At the same time, the validity of the network security measurement model proposed in this paper is verified by the data based on simulation experiments.
作者
赵小林
赵斌
赵晶晶
薛静锋
ZHAO Xiaolin;ZHAO Bin;ZHAO Jingjing;XUE Jingfeng(School of Computer Science and Technology,Beijing Institute of Technology,Beijing 100081)
出处
《信息网络安全》
CSCD
北大核心
2021年第11期17-27,共11页
Netinfo Security
基金
国家重点研发计划项目[2020YFB1712104]
山东省重大科技创新工程项目[2020CXGC010116]。
