###
DOI:
Journal of Software:2009.20(2):451-461

基于安全状态域的网络评估模型
张海霞,连一峰,苏璞睿,冯登国
(中国科学院 软件研究所 信息安全国家重点实验室,北京 100190;中国科学院 软件研究所,北京 100190;中国科学院 软件研究所 信息安全国家重点实验室,北京 100190;中国科学院 软件研究所,北京 100190;中国科学院 研究生院,北京 100049)
Security-State-Region-Based Model of Network Security Evaluation
ZHANG Hai-Xia,LIAN Yi-Feng,SU Pu-Rui,FENG Deng-Guo
()
Abstract
Chart / table
Reference
Similar Articles
Article :Browse 3404   Download 5044
Received:April 10, 2007    Revised:September 04, 2007
> 中文摘要: 将基于攻击图的评估与依赖标准的评估相结合,提出了一种基于安全状态域(security state region,简称SSR)的网络安全评估模型(security-state-region-based evaluation model,简称SSREM).该模型将攻击的影响分为攻击能力改变和环境改变,通过两者之间的因果关系建立数学模型,提出了安全状态域趋向指数的概念,借助Matlab进行攻击趋势的曲面拟合,进而进行安全状态域的划分和网络的安全性评估.实验结果表明,依据SSREM进行的评估能够通过安全状态域和安全状态域趋向指数反映网络进入不同状态的难易程度,对网络安全性量化评估具有借鉴意义.
Abstract:A security-state-region-based (SSR-based) model called security-state-region-based evaluation model (SSREM) is proposed, which integrates the assessment based on the attack graph and the evaluation according to criteria together. In the model, the attack result is divided into the change in the attack ability and environment. The cause and effect relationship among them lays a foundation for building mathematic equations. After that, the definition of SSR is proposed, and also curve and surface fitting recurring to Matlab is used to analyze the attack trend, the result of which provides a theoretical basis for the division of SSR and the network security assessment based on SSR. Experiments in the posterior part of the paper show that, the evaluation according to SSREM can reflect how difficult it is to enter into different states through SSR and the tendency coefficient of security state region (TC_SSR), which can be used for reference by quantitative evaluation of network security.
文章编号:     中图分类号:    文献标志码:
基金项目:Supported by the National Natural Science Foundation of China under Grant No.60403006 (国家自然科学基金); the National Basic Research Program of China under Grant No.2007CB311202 (国家重点基础研究发展计划(973)); the National High-Tech Research and Development Plan of China under Grant Nos.2006AA01Z437, 2006AA01Z412, 2006AA01Z433 (国家高技术研究发展计划(863)) Supported by the National Natural Science Foundation of China under Grant No.60403006 (国家自然科学基金); the National Basic Research Program of China under Grant No.2007CB311202 (国家重点基础研究发展计划(973)); the National High-Tech Research and Development Plan of China under Grant Nos.2006AA01Z437, 2006AA01Z412, 2006AA01Z433 (国家高技术研究发展计划(863))
Foundation items:
Reference text:

张海霞,连一峰,苏璞睿,冯登国.基于安全状态域的网络评估模型.软件学报,2009,20(2):451-461

ZHANG Hai-Xia,LIAN Yi-Feng,SU Pu-Rui,FENG Deng-Guo.Security-State-Region-Based Model of Network Security Evaluation.Journal of Software,2009,20(2):451-461