计算机科学 ›› 2010, Vol. 37 ›› Issue (9): 94-96.
• 计算机网络与信息安全 • 上一篇 下一篇
陈天平,许世军,张串绒,郑连清
出版日期:
发布日期:
基金资助:
CHEN Tian-ping,XU Shi-jun,ZHANG Chuan-rong,ZHENG Lian-qing
Online:
Published:
摘要: 为了实时评估网络安全风险,建立了用于描述主机安全状态的隐马尔可夫模型,以入侵检测系统的报警信息作为模型输入,计算主机处于被攻击状态的概率。针对攻击报警,提出了一种新的攻击成功概率计算方法,然后结合攻击威胁度计算主机节点的风险指数。最后利用主机节点重要性权重与节点风险指数量化计算网络风险。实例分析表明,该方法能够动态绘制网络安全风险态势曲线,有利于指导安全管理员及时调整安全策略。
关键词: 网络安全,风险评估,入侵检测系统,隐马尔可夫模型
Abstract: The Hidden Markov Model(HMM) for describing host security states was established to evaluate the real time security risk of network, whose input is Intrusion Detection System alers. The probability for host to be attacked was calculated by this model. Aimed at the attack alers, a new calculating method for attack success probability was presented, and used attack threat level to calculate the risk index of the host node. Finally, the importance weight and risk index of all the host nodes were used to calculated the risk of the network ctuantitatively. The case study demonstrated this method can provide the real-time risk curves of host system for security managers to adjust security policies.
Key words: Network security, Risk assessment, Intrusion detection system, Hidden markov model
陈天平,许世军,张串绒,郑连清. 基于攻击检测的网络安全风险评估方法[J]. 计算机科学, 2010, 37(9): 94-96. https://doi.org/
CHEN Tian-ping,XU Shi-jun,ZHANG Chuan-rong,ZHENG Lian-qing. Risk Assessment Method for Network Security Based on Intrusion Detection System[J]. Computer Science, 2010, 37(9): 94-96. https://doi.org/
0 / / 推荐
导出引用管理器 EndNote|Reference Manager|ProCite|BibTeX|RefWorks
链接本文: https://www.jsjkx.com/CN/
https://www.jsjkx.com/CN/Y2010/V37/I9/94
Cited
首页