信息单向传输过程网络安全趋势感知研究
|
摘要
对信息单向传输过程中网络安全趋势感知,能够有效提高网络信息传输安全性。对网络安全趋势的感知,需要对信息漏洞进行量化评估,计算信息节点攻击序列发生的概率,完成网络安全趋势的准确感知。传统方法将信息趋势描述与安全规则进行模式匹配,并向用户提交漏洞报告,但忽略了对节点攻击序列概率的获取,导致感知结果不准确。提出基于概率风险评估的网络信息单向传输安全趋势感知方法。计算网络信息单向传输过程叶节点、根节点以及各个攻击序列发生的概率,对网络信息单向传输过程安全漏洞风险进行分析,依据网络信息单向传输过程安全威胁、漏洞、资产都会增加风险值的原则,获得信息安全漏洞风险值,实现信息安全漏洞的实时量化评估,完成网络安全趋势的感知。实验结果表明,所提方法能够实时反映漏洞攻击行为阶段性变化,具有更高的安全趋势感知准确性。
To perceive the trend of network security needs to quantify and evaluate the information vulnerability,then calculate the probability of occurrence of information node attack sequence. Traditionally,the probability of node attack sequence is ignored. Therefore,the perception result is not accurate. In this article,we focus on a method for perceiving the security trend of one-way transmission of network information based on probabilistic risk assessment. The occurrence probability of leaf nodes,root nodes and attack sequences in the process of network information one-way transmission were calculated and security vulnerability in the process of one-way transmission of network information was analyzed. According to the principle that security threat,vulnerability and asset might increase risk value in the process of one-way transmission of network information,the risk value of information security vulnerability was obtained. Meanwhile,the real-time quantitative evaluation of information security vulnerability was achieved. Thus,the perception of network security trend was completed. Simulation results prove that the proposed method can reflect the periodical variation of vulnerability attack behavior in real time,which has higher accuracy of security trend perception.
To perceive the trend of network security needs to quantify and evaluate the information vulnerability,then calculate the probability of occurrence of information node attack sequence. Traditionally,the probability of node attack sequence is ignored. Therefore,the perception result is not accurate. In this article,we focus on a method for perceiving the security trend of one-way transmission of network information based on probabilistic risk assessment. The occurrence probability of leaf nodes,root nodes and attack sequences in the process of network information one-way transmission were calculated and security vulnerability in the process of one-way transmission of network information was analyzed. According to the principle that security threat,vulnerability and asset might increase risk value in the process of one-way transmission of network information,the risk value of information security vulnerability was obtained. Meanwhile,the real-time quantitative evaluation of information security vulnerability was achieved. Thus,the perception of network security trend was completed. Simulation results prove that the proposed method can reflect the periodical variation of vulnerability attack behavior in real time,which has higher accuracy of security trend perception.
引文
[1]李航,董伟,朱广宇.基于Fuzzing测试的工业控制协议漏洞挖掘技术研究[J].电子技术应用,2016,42(7):79-82.
[2]董超,等.Android系统中第三方登录漏洞与解决方案[J].计算机学报,2016,39(3):582-594.
[3]潘道欣,王轶骏,薛质.基于网络协议逆向分析的远程控制木马漏洞挖掘[J].计算机工程,2016,42(2):146-150.
[4]付钰,等.基于大数据分析的APT攻击检测研究综述[J].通信学报,2015,36(11):1-14.
[5]李洁,等.基于动态污点分析的DOMXSS漏洞检测算法[J].计算机应用,2016,36(5):1246-1249.
[6]缪旭东,等.基于模式匹配的安全漏洞检测方法[J].计算机科学,2017,44(4):109-113.
[7]吴少华,孙丹,胡勇.基于贝叶斯理论的Web服务器识别[J].计算机工程,2015,41(7):190-193.
[8]杨云雪,鲁骁,董军.基于企业环境的网络安全风险评估[J].计算机科学与探索,2016,10(10):1387-1397.
[9]刘新亮,等.针对SSL/TLS协议会话密钥的安全威胁与防御方法[J].计算机工程,2017,43(3):147-153.
[10]李蕴.关于应用软件中信息漏洞快速检测仿真研究[J].计算机仿真,2017,34(3):381-384.
[2]董超,等.Android系统中第三方登录漏洞与解决方案[J].计算机学报,2016,39(3):582-594.
[3]潘道欣,王轶骏,薛质.基于网络协议逆向分析的远程控制木马漏洞挖掘[J].计算机工程,2016,42(2):146-150.
[4]付钰,等.基于大数据分析的APT攻击检测研究综述[J].通信学报,2015,36(11):1-14.
[5]李洁,等.基于动态污点分析的DOMXSS漏洞检测算法[J].计算机应用,2016,36(5):1246-1249.
[6]缪旭东,等.基于模式匹配的安全漏洞检测方法[J].计算机科学,2017,44(4):109-113.
[7]吴少华,孙丹,胡勇.基于贝叶斯理论的Web服务器识别[J].计算机工程,2015,41(7):190-193.
[8]杨云雪,鲁骁,董军.基于企业环境的网络安全风险评估[J].计算机科学与探索,2016,10(10):1387-1397.
[9]刘新亮,等.针对SSL/TLS协议会话密钥的安全威胁与防御方法[J].计算机工程,2017,43(3):147-153.
[10]李蕴.关于应用软件中信息漏洞快速检测仿真研究[J].计算机仿真,2017,34(3):381-384.