摘要
危害评估是安全风险管理和防御策略调整的基础。越来越多的以服务为攻击目标的安全事件发生在应用层,给系统和数据造成了严重危害。为了全面评估事件造成的危害,该文分析了安全事件攻击目标服务之间的接口、应用和统计关联的相关性,进而给出了一种安全事件危害量化评估方法。基于该方法,可以按照网络结构,依据每个层次引入的由服务相关性引起的间接危害,得出安全事件造成的整体危害,从而帮助管理员形成危害全盘视图,使其能根据危害的严重程度和扩散情况,增强对影响较大的服务的防护,并在安全事件时,优先处置危害较大的事件,根据危害扩散路径遏制安全态势恶化。该方法已在实验环境中实现和应用,验证了方法的可行性和有效性。
Detriment evaluation is the foundation of risk management and defense strategy adjustment. More and more security incidents which target services occur in the application layer and cause great harm to the system and data. This paper analyzes the correlations between services, including interface correlation, application correlation and statistics correlation to evaluate the detriment caused by the incidents mentioned above, with a quantitative evaluation method then proposed. In this method, indirect detriment caused by security incidents is calculated based on network layers to obtain the comprehensive detriments so that administrators have an overall view of the detriments and enhance the protection to the services having significant influence to the network and other services based on the severity and spread path of detriments. This method also helps administrators to prioritize treatment to incidents and prevent the security situation from getting worse. The method has been implemented and verified in experimental environment with its effectiveness and feasibility being approved.
出处
《清华大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2016年第1期35-41,共7页
Journal of Tsinghua University(Science and Technology)
基金
国家自然科学基金资助项目(61170295)
国家部委项目(A2120110006)
北京市教育委员会共建项目建设计划(JD100060630)
中航工业产学研项目(CXY2011BH07)
关键词
危害
量化评估
服务相关性
层次分析法
detriment
quantitative evaluation
service correlation
AHP
