>> 自然科学版期刊 >> 2014年03期 >> 正文
主机系统安全态势实时评估方法的研究
供稿: 刘仁山;孟祥宏 时间: 2018-11-26 次数:

作者:刘仁山孟祥宏

作者单位:呼伦贝尔学院计算机科学与技术学院

摘要:为了解决传统安全评估方法不能详细刻画安全态势变化以及安全指标确定不够科学、全面的问题,提出了基于隐马尔可夫模型(HMM)的主机系统安全态势实时评估方法,从攻击的可信度、严重度、资产值和敏感度方面分析影响攻击威胁度等因素,利用HMM模型计算主机系统处于不同安全状态的概率.通过实例表明,该方法能对IDS的报警信息进行科学响应,动态获取主机系统安全态势变化曲线,为管理员了解和防范主机系统安全风险提供指导,具有一定的科学性和实用性.

基金:内蒙古自然科学基金资助项目(2011BS0905);国家社会科学基金资助项目(11XTQ009);内蒙古高校科学研究项目(NJZC14309);

关键词:主机系统安全;安全态势;可信度;威胁度;HMM模型;

DOI:10.16186/j.cnki.1673-9787.2014.03.025

分类号:TP393.08

Abstract:In order to solve the problem that traditional security assessment methods cannot describe the security situation changes in detail and the security index determined is not scientific and comprehensive, a real-time host system security situation evaluation method based on HMM is proposed.From reliability, severity, asset value and susceptibility analyses for every kind of factor on the threat of attack, the method can calculate the probability of the host system at the different security conditions by using HMM model.Computational examples show that the method can response alarm information of IDS scientifically, obtain dynamically the host system security situation change curve, and provide guidance for administrators to understand and prevent the host system security risk.It has a certain property for science and practicality.

最近更新