Please wait a minute...
 首页  期刊介绍 期刊订阅 联系我们 横山亮次奖 百年刊庆
 
最新录用  |  预出版  |  当期目录  |  过刊浏览  |  阅读排行  |  下载排行  |  引用排行  |  横山亮次奖  |  百年刊庆
清华大学学报(自然科学版)  2016, Vol. 56 Issue (1): 35-41    DOI: 10.16511/j.cnki.qhdxxb.2016.23.004
  信息安全 本期目录 | 过刊浏览 | 高级检索 |
基于服务相关性的应用层安全事件危害评估方法
吕艳丽1,3, 李元龙1,2, 向爽1, 夏春和1
1. 北京航空航天大学 网络技术北京市重点实验室, 北京 100191;
2. 北京航空航天大学 软件学院, 北京 100191;
3. 科学技术部 信息中心, 北京 100862
Detriment evaluation method for application security incidents based on service correlation
LV Yanli1,3, LI Yuanlong1,2, XIANG Shuang1, XIA Chunhe1
1. Beijing Key Laboratory of Network Technology, Beihang University, Beijing 100191, China;
2. School of Software, Beihang University, Beijing 100191, China;
3. Information Center of Ministry of Science and Technology, Beijing 100862, China
全文: PDF(1226 KB)  
输出: BibTeX | EndNote (RIS)      
摘要 危害评估是安全风险管理和防御策略调整的基础。越来越多的以服务为攻击目标的安全事件发生在应用层, 给系统和数据造成了严重危害。为了全面评估事件造成的危害, 该文分析了安全事件攻击目标服务之间的接口、应用和统计关联的相关性, 进而给出了一种安全事件危害量化评估方法。基于该方法, 可以按照网络结构, 依据每个层次引入的由服务相关性引起的间接危害, 得出安全事件造成的整体危害, 从而帮助管理员形成危害全盘视图, 使其能根据危害的严重程度和扩散情况, 增强对影响较大的服务的防护, 并在安全事件时, 优先处置危害较大的事件, 根据危害扩散路径遏制安全态势恶化。该方法已在实验环境中实现和应用, 验证了方法的可行性和有效性。
服务
把本文推荐给朋友
加入引用管理器
E-mail Alert
RSS
作者相关文章
吕艳丽
李元龙
向爽
夏春和
关键词 危害量化评估服务相关性层次分析法    
Abstract:Detriment evaluation is the foundation of risk management and defense strategy adjustment. More and more security incidents which target services occur in the application layer and cause great harm to the system and data. This paper analyzes the correlations between services, including interface correlation, application correlation and statistics correlation to evaluate the detriment caused by the incidents mentioned above, with a quantitative evaluation method then proposed. In this method, indirect detriment caused by security incidents is calculated based on network layers to obtain the comprehensive detriments so that administrators have an overall view of the detriments and enhance the protection to the services having significant influence to the network and other services based on the severity and spread path of detriments. This method also helps administrators to prioritize treatment to incidents and prevent the security situation from getting worse. The method has been implemented and verified in experimental environment with its effectiveness and feasibility being approved.
Key wordsdetriment    quantitative evaluation    service correlation    AHP
收稿日期: 2014-10-28      出版日期: 2016-01-15
ZTFLH:  TP309  
通讯作者: 夏春和,教授,E-mail:xch@buaa.edu.cn     E-mail: xch@buaa.edu.cn
引用本文:   
吕艳丽, 李元龙, 向爽, 夏春和. 基于服务相关性的应用层安全事件危害评估方法[J]. 清华大学学报(自然科学版), 2016, 56(1): 35-41.
LV Yanli, LI Yuanlong, XIANG Shuang, XIA Chunhe. Detriment evaluation method for application security incidents based on service correlation. Journal of Tsinghua University(Science and Technology), 2016, 56(1): 35-41.
链接本文:  
http://jst.tsinghuajournals.com/CN/10.16511/j.cnki.qhdxxb.2016.23.004  或          http://jst.tsinghuajournals.com/CN/Y2016/V56/I1/35
  图1 网络连接数统计
  图2 服务相关性访问和数据返回
  图3 安全事件危害评估层次结构
  表1 安全事件严重值
  图4 实验环境网络结构
  表2 s11的服务关联度
  表3 主机重要性
  表4 服务权重
  表5 主机重要性判断矩阵及权重
  表6 事件e1 的危害值
[1] 冯登国, 张阳, 张玉清. 信息安全风险评估综述 [J]. 通信学报, 2004, 25(7): 10-18.FENG Dengguo, ZHANG Yang, ZHANG Yuqing. Survey of information security risk assessment [J]. Journal of China Institute of Communications, 2004, 25(7): 10-18. (in Chinese)
[2] 张利, 彭建芬, 杜宇鸽, 等. 信息安全风险评估的综合评估方法综述 [J]. 清华大学学报: 自然科学版, 2012, 52(10): 1364-1369.ZHANG Li, PENG Jianfen, DU Yuge, et al. Information security risk assessment survey [J]. J Tsinghua Univ: Sci & Technol, 2012, 52(10): 1364-1369. (in Chinese)
[3] Gartner. Gartner[EB/OL]. (2014-10-10). http://www.gartner.com/technology/home.jsp.
[4] DoD 5200.28-STD. Trusted Computer System Evaluation Criteria (TCSEC) [S]. 1985.
[5] Commission of the European Communities. Information Technology Security Evaluation Criteria (ITSEC) [S]. 1991.
[6] National Security Agency. Common Criteria for Information Technology Security Evaluation (CC) [S]. 2002.
[7] GB/T 20984. 信息安全技术信息安全风险评估规范 [S]. 2007.
[8] Bass T. Multisensor data fusion for next generation distributed intrusion detection systems [C]//IRIS National Symp on Sensor and Data Fusion. 1999: 24-27.
[9] Hariri S, Qu G Z, Dharmagadda T, et al. Impact analysis of faults and attacks in large-scale networks [J]. IEEE Security & Privacy, 2003, 1(5): 49-54.
[10] 何慧, 张宏莉, 王星, 等. 网络安全事件危害度的量化评估 [J]. 哈尔冰工业大学学报, 2012, 44(5): 66-70.HE Hui, ZHANG Hongli, WANG Xing, et al. Detriment quantitative assessment of the network security incidents [J]. Journal of Harbin Institute of Technology, 2012, 44(5): 66-70. (in Chinese)
[11] 吴华, 张宏莉, 何慧, 等. 大规模网络安全事件威胁量化分析 [J]. 微计算机信息, 2008, 24(3): 44-46.WU Hua, ZHANG Hongli, HE Hui, et al. Threaten quantitative and analyse of a large-scale network security events [J]. Microcomputer Information, 2008, 24(3): 44-46. (in Chinese)
[12] 陈秀真, 郑庆华, 管晓宏, 等. 层次化网络安全威胁态势量化评估方法 [J]. 软件学报, 2006, 17(4): 885-897.CHEN Xiuzhen, ZHENG Qinghua, GUAN Xiaohong, et al. Quantitative hierarchical threat evaluation model for network security [J]. Journal of Software, 2006, 17(4): 885-897. (in Chinese)
[13] 余世舟, 赵振东, 钟江荣. 基于GIS的地震次生灾害数值模拟[J]. 自然灾害学报, 2003,12(4): 100-105.YU Shizhou, ZHAO Zhendong, ZHONG Jiangrong. Numerical simulation of secondary disasters of earthquake based on GIS [J]. Journal of Natural Disasters, 2003, 12(4): 100-105. (in Chinese)
[14] Desai N, Mazzonleni P, Tai S. Service communities: A structuring mechanism for service-oriented business ecosystems [C]//Proc the 2007 IEEE International Conference on Digital Ecosystems and Technologies. Washington, D.C., USA: IEEE, 2007: 122-127.
[15] Kohlborn T, Korthaus A, Riedl C, et al. Service aggregators in business network [C]//Proc the 1st Workshop on Service-Oriented Business Networks and Ecosystems. Auckland, New Zealand: University of Auckland, 2009: 195-202.
[16] GUO Hua, TAO Fei, ZHANG Lin, et al. Correlation-aware web services composition and QoS computation model in virtual enterprise [J]. The International Journal of Advanced Manufacturing Technology, 2010, 51(5): 817-827.
[17] Linstone H A, Turoff M. Delphi Method: Techniques and Applications [M]. Boston: Addison-Wesley Publishing, 1975.
[18] Saaty T. Modeling unstructured decision problem: A theory of analytical hierarchies [C]//Proc the 1st International Conference on Mathematical Modeling. 1977: 69-77.
[19] Saaty T. The seven pillars of the analytic hierarchy process [C]//Proc the 5th International Symposium on the Analytic Hierarchy Process. 1999.
[20] Lonvick C. RFC 3164: The BSD syslog protocol [R]. Network Working Group, 2001.
[1] 陈璞, 童节娟, 刘涛, 张勤昭, 王宏. 高温气冷堆主氦风机预防性维修策略研究[J]. 清华大学学报(自然科学版), 2023, 63(8): 1219-1225.
[2] 刘康, 刘昭伟, 陈永灿, 马芳平, 王皓冉, 黄会宝, 谢辉. 引水隧洞结构安全风险评价的动态Bayes网络模型[J]. 清华大学学报(自然科学版), 2023, 63(7): 1041-1049.
[3] 魏奕新, 韩一蕾, 卢滇楠, 邱彤. 基于理论可行性的生物合成路径评估方法[J]. 清华大学学报(自然科学版), 2023, 63(5): 697-703.
[4] 陈道想, 林鹏, 丁鹏, 李果, 陈涛, 余卓憬. 基于群层次分析法的振冲碎石桩填料方法比选[J]. 清华大学学报(自然科学版), 2022, 62(12): 1915-1921.
[5] 蒋光昱, 王忠静, 索滢. 西北典型节水灌溉技术综合性能的层次分析与模糊综合评价[J]. 清华大学学报(自然科学版), 2019, 59(12): 981-989.
[6] 陈涛, 陈智超. 基于证据推理法的城镇综合承灾能力网格化评价方法[J]. 清华大学学报(自然科学版), 2018, 58(6): 570-575.
[7] 徐君锋, 王嘉捷, 朱克雷, 张普含, 马宇飞. 基于AHP的安卓应用安全信用指数度量方法[J]. 清华大学学报(自然科学版), 2018, 58(2): 131-136.
[8] 杨萍, 彭羽, 刘雪华, 孟鸿雁, 王斌. 基于生态评估的新疆玛纳斯县域发展适宜性分析[J]. 清华大学学报(自然科学版), 2016, 56(8): 865-870.
[9] 卢兆麟, 李升波, Schroeder Felix, 周吉晨, 成波. 结合自然语言处理与改进层次分析法的乘用车驾驶舒适性评价[J]. 清华大学学报(自然科学版), 2016, 56(2): 137-143.
[10] 袁尚南, 强茂山, 温祺, 江汉臣. 基于模糊层次分析法的建设项目组织效能评价模型[J]. 清华大学学报(自然科学版), 2015, 55(6): 616-623.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
版权所有 © 《清华大学学报(自然科学版)》编辑部
本系统由北京玛格泰克科技发展有限公司设计开发 技术支持:support@magtech.com.cn