高级检索

    基于威胁传播模型的层次化网络安全评估方法

    A Hierarchical Evaluation Approach for Network Security Based on Threat Spread Model

    • 摘要: 网络系统不仅面临外部和内部威胁主体的入侵,同时威胁主体会利用脆弱点间、网络组件间的相互作用关系进行威胁传播,产生严重的潜在威胁.设计合理的模型对潜在威胁进行识别、分析,并量化测度其对网络安全的影响,是当前网络安全评估所面临的主要挑战之一.针对该问题,提出了一种基于威胁传播模型的层次化网络安全评估方法.首先提出了威胁传播模型识别目标网络系统的威胁主体,分析其传播路径,预测其对网络系统的潜在破坏;在此基础上提出了层次化网络安全测度模型来计算服务、主机和网络系统3个层次的危险指数.通过将原型系统应用于某企业局域网络系统,验证了威胁传播模型的正确性及其评估方法相比传统方法的优势.

       

      Abstract: Network system is generally faced with invasion of the external and internal threat agents. Moreover, threat agents have the capability of spreading threats via the interrelation among vulnerabilities and components in the network, bringing about potential threats. Designing a reasonable model to identify, analyze and quantitatively measure the consequences resulting from potential threats is one of the main challenges that the research of network security evaluation faces. For this issue, a hierarchical evaluation approach based on the threat spread model for the network security is proposed. Firstly the threat spread model is put forward to identify the threat agents, analyze the spread paths of threats, and predict potential threats. The threat spread model includes target network model, threat agent model, threat spread graphs and threat spread algorithm. On this basis, the security measure model is presented to compute the danger indexes of services, hosts and network system respectively. The security measure model is composed of spread graphs, metrics, metric computing functions and index computing functions. Based on the novel approach, the prototype system is implemented and applied by an enterprise local network system. The result demonstrates the correctness of the threat spread model and the advantage of the approach compared with traditional methods.

       

    /

    返回文章
    返回